After I pushed out this month's Adobe Patch via group policy, I wasn't getting one of my test systems to process the patch. I found the following message in the system log:
Source: Group Policy
Event ID: 1058
The processing of Group Policy failed. Windows attempted to read the file \\contoso.com\SysVol\contoso.com\Policies\{49BA4D4E-A307-40D3-A809-67CE80C5165A}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
If you flip over to the details tab, it says ErrorCode 65, and farther down that Network access is denied.
This problem is directly related to the group policy settings that Microsoft recommended to harden group policy, and is outlined in MS15-011 and MS15-014.
Apparently, some enterprising gent had this issue before, opened a case with Microsoft, and posted the case resolution at the bottom of this Technet forum post.
Resolution:- Suggested to edit the GPO for UNC hardening and change value of RequireMutualAuthentication & RequireIntegrity to 0 from 1 (previous value) for path \\*\NETLOGON & \\*\SYSVOL. We have confirmed that this is a known reported problem where we get ErrorDescription Network access is denied. In event id 1058 and group policy processing fails for computers when KB3004361 is applied.
I left NETLOGON alone - all of our login scripts in there appear to be processing normally, but I did change the SYSVOL to 0 and 0. After I performed gpupdate /force and rebooted twice, my software installed successfully and there was no GP 1058 error.
Wednesday, July 8, 2015
Tuesday, July 7, 2015
Adobe Flash Player patch due out tomorrow. Exploit in the wild!
Security Advisory for Adobe Flash Player (APSA15-03) http://blogs.adobe.com/psirt/?p=1223
Tuesday, June 30, 2015
So, Which of My Computers is Using Cached Exchange Mode?
I know a lot of scripts that I write about on here can be rendered unnecessary by good use of the technology available to me. Unfortunately, it seems that often there is something in the way (politics, money, manual process, complexity, etc) that makes it a whole lot easier for me to just script out something and send myself a report once in a while.
I don't know about you, but I've had my share of problems with Outlook caused by cached mode being enabled. I know this is controllable by Group Policy, but we have a lot of people that use Outlook Calendars extensively, and they need cached mode on. This is one of those cases where it's easier to run this monthly and keep things tight, than it would be for me to try and scope a group policy to omit people from all over the place, and remember to incorporate new hires that match this profile.
The trick here was to find out how I would know if a client connected and was on cached mode. The best option, it turned out, was to look in the RPC logs of the Exchange server itself.
#########################################################
# BEGIN SCRIPT
#########################################################
# Phase One: Preperation
#########################################################
#Import Active Directory Module
Import-Module activedirectory
#Function to find Hostnames from IP Addresses
Function Get-HostFromIP
{
$IP = $args[0]
$result = $null
$result = [System.Net.Dns]::gethostentry($ip)
If ($Result){
$DNS = [string]$Result.HostName
}
Else
{
$DNS = "No HostName Found"
}
$DNS
} #End Function
#Path Variables
$ExchangeLogFolder = "\\mailserver\c$\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access"
$LocalHoldingFolder = "C:\Logs\ExchangeCachedMode"
$OutputFile = "C:\Temp\Cached Mode On - Desktops.csv"
#Email Variables
$SMTPServer = "mail.contoso.com"
$To = "reporting@contoso.com"
$From = "helpdesk@contoso.com"
$Body = "See Attached"
#Remove any output file if it already exists
Remove-item $OutputFile -force -ErrorAction SilentlyContinue
#Delete any pre-existing file in the Local Holding Folder
Get-Childitem -Path $LocalHoldingFolder | remove-item -force -ErrorAction SilentlyContinue
#########################################################
# Phase Two: Copying over the RPC logs from Exchange
#########################################################
#Copy the files
$Files = get-childitem -Path $ExchangeLogFolder | select fullname
Foreach ($File in $Files){
Copy-Item $File.fullname -Destination $LocalHoldingFolder
}
#Remove the first 5 lines of each LOG file, change the fields row, and output in a consistent CSV format
$Files = get-childitem -Path $LocalHoldingFolder | select fullname
Foreach ($File in $Files){
$Text = Get-Content $File.Fullname
$Output = $Text[4..($Text.count)]
$Output[0] = $Output[0] -replace "`#Fields: ",""
$Newfile = (($File.Fullname)+"OUT.csv")
$Newerfile = (($File.Fullname)+"FINAL.csv")
$Output | %{$_ | Add-content $NewFile}
$NewFileContent = Import-csv $Newfile
$NewFileContent | select client-name,client-mode,client-ip | export-csv -NoTypeInformation $Newerfile
} #End Foreach
#Remove the old files that I don't need anymore
Get-childitem $LocalHoldingFolder -Filter "*.LOG" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
Get-childitem $LocalHoldingFolder -Filter "*.LOGOUT.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
#########################################################
# Phase Three; Merging the CSV files
#########################################################
#Get some info
$CSVFilePath = $LocalHoldingFolder
#Get info from the CSV file path
$CSVFiles = get-childitem $CSVFilePath | select fullname, name
#Initialize/Clear the output array
$Output = @()
#Cycle through and add csv content to array
foreach($CSV in $CSVFiles) {
if(Test-Path $CSV.fullname) {
$FileName = [System.IO.Path]::GetFileName($CSV.FullName)
$temp = Import-CSV -Path $CSV.fullname | select *, @{Expression={$FileName};Label="FileName"}
$Output += $temp
} else {
Write-Warning "$CSV.fullname : No such file found"
}
} #End Foreach
#Export Array content to specified output file
$Output | Export-Csv -Path ($LocalHoldingFolder + "\temp.csv") -NoTypeInformation
#Remove the old files that I don't need anymore
Get-childitem $LocalHoldingFolder -Filter "*.LOGFINAL.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
#########################################################
# Phase 4: Getting the data together
#########################################################
#Import the data for further refinement
$Content = Import-CSV ($LocalHoldingFolder + "\temp.csv")
#Select only the properties I want
$Refined = $Content | select client-name,client-mode,client-ip
#Run through some filters
$Refined2 = $Refined | where-object {
#Don't care about entries that list no ip address
$_."client-ip" -ne "" -and
#Here's the interesting bit: Classic means cached exchange mode is NOT on
$_."client-mode" -ne "Classic" -and
#There are some IP scopes that I can't do anything about
($_."client-ip" -like "*192.168.98*" -or
$_."client-ip" -like "*192.168.99*") -and
#I don't care about Exchange traffic
$_."client-name" -notlike "*Exchange*"
}
#Removing duplicate IPs
$Refined2 = $Refined2 | Sort-Object client-ip -Unique
#Initialize a new array
$Refined3 = @()
#Put the same data into the new array, but also include the hostname based on the IP
Foreach ($Item in $Refined2){
$SubRefined3 = New-Object System.Object
$ClientHostName = Get-HostFromIP $Item."Client-IP"
$ClientDescription = (Get-ADComputer ($ClientHostname -replace (".contoso.com","")) -Properties * | select Description).Description
$SubRefined3 | Add-Member -type NoteProperty -name ClientName -value $Item."Client-Name"
$SubRefined3 | Add-Member -type NoteProperty -name ClientMode -value $Item."Client-Mode"
$SubRefined3 | Add-Member -type NoteProperty -name ClientIP -value $Item."Client-IP"
$SubRefined3 | Add-Member -type NoteProperty -name ClientHostName -value $ClientHostName
$SubRefined3 | Add-Member -type NoteProperty -name ClientDescription -value $ClientDescription
$Refined3 += $SubRefined3
} #End Foreach
#Remove any items where a DNS hostname could not be found
$Refined3 = $Refined3 | where-object {$_.ClientHostname -notlike "No Hostname Found"}
#Do AD Lookups to remove any computers that are laptops, based on AD OU. I have no issue with laptops being on cached exchange mode.
$Refined3 = $Refined3 | where-object {((get-adcomputer ($_.ClientHostName -replace (".contoso.com","")) | select DistinguishedName).DistinguishedName) -notlike "*OU=Laptop*"} | sort-object ClientHostName
#Filter out any hostnames that I don't want in the report
$Refined4 = $Refined3 | Where-Object {
$_.ClientHostName -notlike "def*" -and
$_.ClientHostName -notlike "ghi*" -and
$_.ClientHostName -notlike "No Hostname Found"}
#Final Export, excluding computers where Cached Exchange Mode is needed
$Refined4 | Where-Object {$_.ClientHostName -notlike "A123456*" -and
$_.ClientHostName -notlike "B4545875*"} | export-csv $OutputFile -NoTypeInformation
#Get some counts
$Count = (($Refined4 | Measure-Object).count)
$CountString = (($Refined4 | Measure-Object).count).ToString()
$Subject = "PS Report - Clients Using Cached Exchange Mode - $CountString"
#Only send an email if there are more than zero results
If ($Count -gt 0){
#Send Email
Send-Mailmessage -To $To -From $From -SMTPServer $SMTPServer -Subject $Subject -Body $Body -Attachments $OutputFile
} #End If
#Remove Temp Files
Remove-Item $OutputFile -Force -Erroraction SilentlyContinue
Remove-Item ($LocalHoldingFolder + "\temp.csv") -Force -Erroraction SilentlyContinue
I don't know about you, but I've had my share of problems with Outlook caused by cached mode being enabled. I know this is controllable by Group Policy, but we have a lot of people that use Outlook Calendars extensively, and they need cached mode on. This is one of those cases where it's easier to run this monthly and keep things tight, than it would be for me to try and scope a group policy to omit people from all over the place, and remember to incorporate new hires that match this profile.
The trick here was to find out how I would know if a client connected and was on cached mode. The best option, it turned out, was to look in the RPC logs of the Exchange server itself.
#########################################################
# BEGIN SCRIPT
#########################################################
# Phase One: Preperation
#########################################################
#Import Active Directory Module
Import-Module activedirectory
#Function to find Hostnames from IP Addresses
Function Get-HostFromIP
{
$IP = $args[0]
$result = $null
$result = [System.Net.Dns]::gethostentry($ip)
If ($Result){
$DNS = [string]$Result.HostName
}
Else
{
$DNS = "No HostName Found"
}
$DNS
} #End Function
#Path Variables
$ExchangeLogFolder = "\\mailserver\c$\Program Files\Microsoft\Exchange Server\V14\Logging\RPC Client Access"
$LocalHoldingFolder = "C:\Logs\ExchangeCachedMode"
$OutputFile = "C:\Temp\Cached Mode On - Desktops.csv"
#Email Variables
$SMTPServer = "mail.contoso.com"
$To = "reporting@contoso.com"
$From = "helpdesk@contoso.com"
$Body = "See Attached"
#Remove any output file if it already exists
Remove-item $OutputFile -force -ErrorAction SilentlyContinue
#Delete any pre-existing file in the Local Holding Folder
Get-Childitem -Path $LocalHoldingFolder | remove-item -force -ErrorAction SilentlyContinue
#########################################################
# Phase Two: Copying over the RPC logs from Exchange
#########################################################
#Copy the files
$Files = get-childitem -Path $ExchangeLogFolder | select fullname
Foreach ($File in $Files){
Copy-Item $File.fullname -Destination $LocalHoldingFolder
}
#Remove the first 5 lines of each LOG file, change the fields row, and output in a consistent CSV format
$Files = get-childitem -Path $LocalHoldingFolder | select fullname
Foreach ($File in $Files){
$Text = Get-Content $File.Fullname
$Output = $Text[4..($Text.count)]
$Output[0] = $Output[0] -replace "`#Fields: ",""
$Newfile = (($File.Fullname)+"OUT.csv")
$Newerfile = (($File.Fullname)+"FINAL.csv")
$Output | %{$_ | Add-content $NewFile}
$NewFileContent = Import-csv $Newfile
$NewFileContent | select client-name,client-mode,client-ip | export-csv -NoTypeInformation $Newerfile
} #End Foreach
#Remove the old files that I don't need anymore
Get-childitem $LocalHoldingFolder -Filter "*.LOG" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
Get-childitem $LocalHoldingFolder -Filter "*.LOGOUT.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
#########################################################
# Phase Three; Merging the CSV files
#########################################################
#Get some info
$CSVFilePath = $LocalHoldingFolder
#Get info from the CSV file path
$CSVFiles = get-childitem $CSVFilePath | select fullname, name
#Initialize/Clear the output array
$Output = @()
#Cycle through and add csv content to array
foreach($CSV in $CSVFiles) {
if(Test-Path $CSV.fullname) {
$FileName = [System.IO.Path]::GetFileName($CSV.FullName)
$temp = Import-CSV -Path $CSV.fullname | select *, @{Expression={$FileName};Label="FileName"}
$Output += $temp
} else {
Write-Warning "$CSV.fullname : No such file found"
}
} #End Foreach
#Export Array content to specified output file
$Output | Export-Csv -Path ($LocalHoldingFolder + "\temp.csv") -NoTypeInformation
#Remove the old files that I don't need anymore
Get-childitem $LocalHoldingFolder -Filter "*.LOGFINAL.csv" | %{Remove-Item $_.fullname -Force -ErrorAction SilentlyContinue}
#########################################################
# Phase 4: Getting the data together
#########################################################
#Import the data for further refinement
$Content = Import-CSV ($LocalHoldingFolder + "\temp.csv")
#Select only the properties I want
$Refined = $Content | select client-name,client-mode,client-ip
#Run through some filters
$Refined2 = $Refined | where-object {
#Don't care about entries that list no ip address
$_."client-ip" -ne "" -and
#Here's the interesting bit: Classic means cached exchange mode is NOT on
$_."client-mode" -ne "Classic" -and
#There are some IP scopes that I can't do anything about
($_."client-ip" -like "*192.168.98*" -or
$_."client-ip" -like "*192.168.99*") -and
#I don't care about Exchange traffic
$_."client-name" -notlike "*Exchange*"
}
#Removing duplicate IPs
$Refined2 = $Refined2 | Sort-Object client-ip -Unique
#Initialize a new array
$Refined3 = @()
#Put the same data into the new array, but also include the hostname based on the IP
Foreach ($Item in $Refined2){
$SubRefined3 = New-Object System.Object
$ClientHostName = Get-HostFromIP $Item."Client-IP"
$ClientDescription = (Get-ADComputer ($ClientHostname -replace (".contoso.com","")) -Properties * | select Description).Description
$SubRefined3 | Add-Member -type NoteProperty -name ClientName -value $Item."Client-Name"
$SubRefined3 | Add-Member -type NoteProperty -name ClientMode -value $Item."Client-Mode"
$SubRefined3 | Add-Member -type NoteProperty -name ClientIP -value $Item."Client-IP"
$SubRefined3 | Add-Member -type NoteProperty -name ClientHostName -value $ClientHostName
$SubRefined3 | Add-Member -type NoteProperty -name ClientDescription -value $ClientDescription
$Refined3 += $SubRefined3
} #End Foreach
#Remove any items where a DNS hostname could not be found
$Refined3 = $Refined3 | where-object {$_.ClientHostname -notlike "No Hostname Found"}
#Do AD Lookups to remove any computers that are laptops, based on AD OU. I have no issue with laptops being on cached exchange mode.
$Refined3 = $Refined3 | where-object {((get-adcomputer ($_.ClientHostName -replace (".contoso.com","")) | select DistinguishedName).DistinguishedName) -notlike "*OU=Laptop*"} | sort-object ClientHostName
#Filter out any hostnames that I don't want in the report
$Refined4 = $Refined3 | Where-Object {
$_.ClientHostName -notlike "def*" -and
$_.ClientHostName -notlike "ghi*" -and
$_.ClientHostName -notlike "No Hostname Found"}
#Final Export, excluding computers where Cached Exchange Mode is needed
$Refined4 | Where-Object {$_.ClientHostName -notlike "A123456*" -and
$_.ClientHostName -notlike "B4545875*"} | export-csv $OutputFile -NoTypeInformation
#Get some counts
$Count = (($Refined4 | Measure-Object).count)
$CountString = (($Refined4 | Measure-Object).count).ToString()
$Subject = "PS Report - Clients Using Cached Exchange Mode - $CountString"
#Only send an email if there are more than zero results
If ($Count -gt 0){
#Send Email
Send-Mailmessage -To $To -From $From -SMTPServer $SMTPServer -Subject $Subject -Body $Body -Attachments $OutputFile
} #End If
#Remove Temp Files
Remove-Item $OutputFile -Force -Erroraction SilentlyContinue
Remove-Item ($LocalHoldingFolder + "\temp.csv") -Force -Erroraction SilentlyContinue
#########################################################
# END SCRIPT
#########################################################
# END SCRIPT
#########################################################
My Daily Certificate Authority Check
Earlier this year I rolled out my organizations own Public Key Infrastructure. Certificates.
I use the script below to send me an email that includes the following in the subject:
How many days until the next certificate will expire
A list of all issued certificates
How many requests are pending.
Like this subject, for example: PS Report - Issuing CA Info (Next Expiration is 296 days from now, 0 Requests Pending). A list of all issued certificates, with common name, issue date, and the template they are based on is attached as an HTML file.
A prerequisite for this script is the PS PKI Module, which can be found here on Codeplex.
This script runs from my issuing certificate authority server.
######################################################################
# BEGIN SCRIPT
######################################################################
#Import the PS PKI Module
Import-Module PSPKI
#Variables
$TempFile = "C:\Temp\CA_Report.html"
$Today = get-date
$To = "reportingaddress@contoso.com"
$From = "me@contoso.com"
$SMTPServer = "mailserver.contoso.com"
#Get the CA Name
$CAName = (Get-CA | select Computername).Computername
#Get Details on Issued Certs
$Output = Get-CA | Get-IssuedRequest | select RequestID, CommonName, NotAfter, CertificateTemplate | sort Notafter
#Take the above, and exclude CAExchange Certs, Select the first one, and get an integer value on how many days until the earliest renewal is necessary
$RelevantInfo = ($Output | where-Object {$_.CertificateTemplate -notlike "CAExchange"})
$EarliestExpiryInteger = ([math]::abs(($Today - ($RelevantInfo[0].Notafter)).Days)).ToString()
#Write the Relevant Info to a temp file
$RelevantInfo | ConvertTo-HTML | out-file $TempFile
#Get Details on Pending Requests
$Pending = Get-CA | Get-PendingRequest
#Get number of pending requests - If pending requests is null, then PendingCount is left at zero
If ($Pending){$PendingCount = ($Pending | Measure-Object).count}
Else {
$PendingCount = 0
$Pending = "`r`nNone"
} #End Else
$PendingCountStr = $PendingCount.ToString()
#Make the mail body
$Body = "See Attached"
$Subject = "PS Report - Issuing CA Info (Next Expiration is $EarliestExpiryInteger from now, $PendingCountStr Requests Pending)"
Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $TempFile
Remove-Item $TempFile -force
######################################################################
# END SCRIPT
######################################################################
I use the script below to send me an email that includes the following in the subject:
How many days until the next certificate will expire
A list of all issued certificates
How many requests are pending.
Like this subject, for example: PS Report - Issuing CA Info (Next Expiration is 296 days from now, 0 Requests Pending). A list of all issued certificates, with common name, issue date, and the template they are based on is attached as an HTML file.
A prerequisite for this script is the PS PKI Module, which can be found here on Codeplex.
This script runs from my issuing certificate authority server.
######################################################################
# BEGIN SCRIPT
######################################################################
Import-Module PSPKI
#Variables
$TempFile = "C:\Temp\CA_Report.html"
$Today = get-date
$To = "reportingaddress@contoso.com"
$From = "me@contoso.com"
$SMTPServer = "mailserver.contoso.com"
#Get the CA Name
$CAName = (Get-CA | select Computername).Computername
#Get Details on Issued Certs
$Output = Get-CA | Get-IssuedRequest | select RequestID, CommonName, NotAfter, CertificateTemplate | sort Notafter
#Take the above, and exclude CAExchange Certs, Select the first one, and get an integer value on how many days until the earliest renewal is necessary
$RelevantInfo = ($Output | where-Object {$_.CertificateTemplate -notlike "CAExchange"})
$EarliestExpiryInteger = ([math]::abs(($Today - ($RelevantInfo[0].Notafter)).Days)).ToString()
#Write the Relevant Info to a temp file
$RelevantInfo | ConvertTo-HTML | out-file $TempFile
#Get Details on Pending Requests
$Pending = Get-CA | Get-PendingRequest
#Get number of pending requests - If pending requests is null, then PendingCount is left at zero
If ($Pending){$PendingCount = ($Pending | Measure-Object).count}
Else {
$PendingCount = 0
$Pending = "`r`nNone"
} #End Else
$PendingCountStr = $PendingCount.ToString()
#Make the mail body
$Body = "See Attached"
$Subject = "PS Report - Issuing CA Info (Next Expiration is $EarliestExpiryInteger from now, $PendingCountStr Requests Pending)"
Send-mailmessage -To $To -From $From -SmtpServer $SMTPServer -Subject $Subject -Body $Body -Attachments $TempFile
Remove-Item $TempFile -force
######################################################################
# END SCRIPT
######################################################################
Subscribe to:
Posts (Atom)