Black Screen after Windows 10 15042 Insider Build

It was recently posted by OnMSFT that a small percentage of PCs may fail to update to the 15042 Insider Build. When that happens, your computer will hang on a black screen after reboot. I know … I just encountered it.

Fortunately, I was aware of the bug before I proceeded, and knew where to go to get the fix. thanks to this post from Microsoft Answers!

Here’s what you need to do:

  • If you computer already is hung, you will need to do a hard reboot (or two) which should force the computer to revert back to the previous version.
  • Then log in, open up an administrative level command prompt, and then type (or copy and paste) enter each of these instructions – one at a time – into the command window:

    reg delete HKEY_LOCAL_MACHINE\system\setup\upgrade\nsimigrationroot /f

    netsh int ipv6 set locality state=disabled

    reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\28 /f

  • After this, close the command prompt window, reboot, and re-scan for updates.

As always, if you are in the insider ring, it pays to stay up-to-date on insider releases and issues.Insider releases are NOT meant to be run on production machines.

Renew SSL Certificate for 2012 R2 Essentials

These are the steps I recently followed to renew a third party (GoDaddy) SSL certificate on a 2012 R2 Essentials server. Although these steps have been documented many, many times over the years, it doesn’t hurt to review the process and make sure it works properly.

The overall process has three major parts to it:

  • Generate SSL request on the server
  • Request and rekey the certificate on GoDaddy’s site and download new certificate
  • Install the intermediate cert and your domain SSL cert on the server

Part One – Server

  • Open up the Essentials dashboard, click on Quick Status from the left column of the screen, then click Anywhere Access from the middle column, and finally click “Click to configure Anywhere Access” from the right column of the screen.
    image
  • In the next window ( Settings – Anywhere Access) click on the Configure… button. Please note, there’s a red X in my screen shot. That’s because my SSL certificate is about to expire. However, DO NOT click on the “Repair…” button. Just click on the “Configure…” button
    image
  • In the next windows (Set up Anywhere Access) make sure that you UNcheck the option labeled “Skip Domain name setup. I have already set up my domain”
    image

            image

  • In the next window, select “Import a new trusted SSL certificate”
    image
  • In the next window, first verify your domain name to be registered, which should already be correct as we are renewing an existing SSL certificate. Then click to enable the option “I want to purchase a trusted SSL certificate for this domain”
    image
  • The next screen is the important one. It should display for you automatically the certificate request that you will need. If you need to , open up Notepad and then copy everything inside the box, starting with “—-BEGIN NEW CERTIFICATE” all the way to the very end.

    image

If you wish, leave this window open while you go to Part Two and request the new certificate from GoDaddy

Part Two – GoDaddy

  • Open up a browser, go to GoDaddy’s web site, login, and go to your registered SSL for your domain and select to purchase/renew it. I’m not including screen shots of this process. Go Daddy will generate an email to verify you are the owner of this certificate.
  • Once that is done and approved you can proceed on the GoDaddy site to rekey your certificate. It will ask you to copy/paste in the certificate request info we just generate (that starts with “—-BEGIN NEW CERTIFICATE REQUEST…”
  • After you paste and submit this information, GoDaddy will generate another email to you with the link to download the certificate and instructions for installing it.
  • When you are at the screen to download your certificate, you must select what Server type you will be using this on. From the drop down, select IIS. Then download the generated zip file. If you are not doing this step from the server, then you will need to copy the zip file over to the server.
  • Unzip the zip file on the server. You will have two files, one with a  .p7b suffix and the other with a .crt suffix
    image

Part Three – Server

Before we go back to the Essentials  dashboard that we left open, we first need to go to MMC and insert the new p7b intermediate file from GoDaddy.

  • The steps to do this is provided by GoDaddy (click here). In short:
    • Run C, add the Certificates add-in, select Computer Account, select Local Computer.
    • Once Certificates is added, drill down to Certificates > Intermediate Certification Authorities, right click and select All Tasks > Import.
      image
    • Click to browse, change the file extension in the browse window to “all files”, then locate the .p7b file that came from the zip file, and load it. Once done, you can close MMC.
  • Now we return to the Essentials dashboard that we left open. If it’s still sitting on the “Generate a certificate request’ window, go ahead and click Next.
  • On the next window (“A trusted SSL certificate is in progress…”), click on the first option: “I have the trusted SSL certificate…” and click Next
    image
  • On the next screen (Import the trusted certificate), click to Browse, change the file extension again to “all files” then locate the file ending with .crt that you unzipped, and click Next.
    image
  • Wait while the new certificate is installed. You will get a green check window indicating that the domain is set up. You have one final step – to add this to Anywhere Access
    image
  • On the next screen, you can select to enable VPN access and/or Remote Web Access. I only select Remote Web Access, as I use my network firewall/router box for VPN connectivity.
    image
  • Go ahead and select what you need, and you will be all done. You will also see that the red X we saw earlier should now have disappeared, since the SSL certificate is now up to date.
    image
    image

Windows 10 Workstation Shows Offline Status and No Backups from 2012 R2 Essentials Dashboard

It’s been well documented that updates for Windows 10 (such as the 1607 Anniversary update) will cause issues with interfacing to the 2012 R2 Essentials Server. Two things in particular:

  • Workstations will have a status of Offline on the Essentials Dashboard
  • More importantly, client workstation backups are not up to date

Until now, the process that I had taken to resolve this on each workstation was as follows:

  • Drop workstation to Workgroup
  • Login as local administrator (not domain)
  • Run http://{servername}/connect
  • Use domain admin login and password to proceed, when prompted
  • Approve (acknowledge) you want to use the domain admin login
  • Complete rejoining to the server
  • Reboot workstation and login as domain user

Well, now, it comes to pass that we can make this process a bit faster, as we can eliminate the first two steps (dropping workstation to a workgroup, and logging in with the local admin account).

So here’s how the steps now look, while remaining logged in as the current domain user account:

  • Run http://{servername}/connect
  • Use domain admin login and password to proceed, when prompted
  • Approve (acknowledge) you want to use the domain admin login
  • Complete rejoining to the server
  • It’s possible to just logoff and log back in as the current domain user. However, I still like to reboot the workstation just to make sure all is fine.

Change your Yahoo Password Now!

You may have seen reports the last two days that over 500 million Yahoo accounts were stolen from the company. The theft actually took place nearly two years ago, but it is only now being reported. You can read details of the situation here:

https://help.yahoo.com/kb/account/SLN27925.html?impressions=true

What does this mean to you?

HOW DO I CHANGE MY YAHOO PASSWORD!

If you have a Yahoo email account, you should change your password immediately. Here are the instructions for doing this: (please note, I’ve included some screen shots at the end of this post)

  1. Click on the following link, which will take you to the Yahoo signon page: https://edit.yahoo.com/config/eval_profile
  2. Enter your Yahoo email address, and press Enter
  3. Enter your current password, and press Enter
  4. Enter the Verification code (case sensitive) and press Enter
  5. You will then be prompted to enter a new password for your email account
  6. Finally you will be shown a list of alternate ways of contacting you (other email addresses or cell phone numbers). These would  be things you entered when you created your Yahoo account originally. Make sure they are all up to date.

CAN I STILL USE THE YAHOO WEB PAGE?

Yes. The Yahoo web site is still available for use. My daughter uses it for her “home” page!

SCREEN SHOTS OF THE LOGIN PROCESS:

Step 1: Enter your Yahoo email address

image

Step 2: Enter your password

image

Step 3: Enter your NEW password twice

image

Step 4: Enter the verification code

Step 5: Confirm alternate contact information

image

How to Fix Windows 7 Update

Lots of complaints about Windows 7 Update being broken or not working right. What happens is that when you select to run Windows update, it will just sit their spinning for hours on end. Some people have left it running for 24 hours.

So frustrating. I know. BTDT.

So, here are the steps that I follow to fix the Windows 7 Update issue:

  1. Set Windows Update to not update
    Open up Windows Update, click on Change Settings, then click to NOT update
  2. Stop the Windows Update service
    You can do this by running services.msc
    Then locate and right click on the Windows Update service, then click to STOP  the service.
  3. Delete certain files from the Software Distribution folder
    Open up File Explorer and drill down C:/Windows/SoftwareDistribution
    Open up the Download subfolder and delete all files within the folder
    Go back a level, open up the DataStore folder and delete all the files within the folder
  4. Download the July 2016 Windows 7 Update Rollup (KB 3172605)
    Open Internet Explorer and go to https://support.microsoft.com/en-us/kb/3172605 
    Scroll down to Method 3 (Microsoft Update Catalog)
    Click on the link and install the Microsoft Update Catalog utility
    Click to select the appropriate download for Windows 7
    Click to View Basket in the top right
    Verify the selected file then click Download
    Select the location to download the file
  5. Install the July 2016 Windows 7 Update Rollup, then Reboot
    Use File Explorer, locate the download file, then double click to run/install it
    Follow the prompts to install it
  6. Reboot your computer
    Rebooting your computer will make sure that the Windows Service is restarted properly
  7. Rerun Windows Update
    Hopefully it will now work for you

Windows 10 Memory Compression

I came across a very interesting 30 minute video from Microsoft Channel 9 that discusses the evolution of how Windows handles memory – paging, cache, and now memory compression – from Windows 7 to Windows 10.

You can see if your memory is being compressed by going to Task Manager –> Performance –> Memory.

image

Here is the video from Microsoft’s Channel 9:

Shrink ShareWebDB Log File on SBS 2008

There’s a well known issue on SBS 2008 servers where the SharePoint Config Log file continues to expand. This SQL log file can rapidly grow in size, eating up valuable disk space on your system C: drive.

I first blogged about this back in December 2008 (view blog).

I posted a second blog post 4 years late in December 2012 (view blog) which provided the recommended Microsoft fix (KB 2000544) to truncate the log file, creating a batch command file and an associated SQL command file to truncate this log file.

I only have a few SBS 2008 servers still installed out in the field. But recently I discovered that there is another similar SQL log file that can grow in size: ShareWebDB_log.ldf file.

On this particular server, the ShareWebDB log file had grown to over 200GB in size. Ouch! Ouch! Ouch!

image

The solution is to mimic the two files created for the SharePoint log file solution, but have it truncate the ShareWebDB log file instead.

STEP 1: Create the SQL command file

Download the SQL file from my web site (logshrink2.sql.txt), save it to the root of your C: drive, and then rename it to logshrink2.sql

declare @ConfigDB varchar(255);
declare @ConfigDBLog varchar(255);
declare @ConfigDBCmd varchar(255);
select @ConfigDB =  name from sys.databases where name like ‘ShareWebDb%’;
set @ConfigDBCmd = ‘BACKUP database [‘ + RTRIM(@ConfigDB) + ‘] to disk=”C:\windows\temp\before2.bkf”’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘use [‘ + RTRIM(@COnfigDB) + ‘]’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘BACKUP LOG [‘ + RTRIM(@ConfigDB) + ‘] WITH TRUNCATE_ONLY’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘use [‘ + RTRIM(@COnfigDB) + ‘]’;
execute(@ConfigDBCmd);
select @ConfigDBLog =  name from sys.database_files where name like ‘ShareWebDb_log’;
set @ConfigDBCmd = ‘use [‘ +  RTRIM(@ConfigDB) + ‘] DBCC SHRINKFILE([‘ + RTRIM(@ConfigDB) + ‘_log],1)’;
execute(@ConfigDBCmd);
set @ConfigDBCmd = ‘BACKUP database [‘ + RTRIM(@ConfigDB) + ‘] to disk=”C:\windows\temp\after2.bkf”’;
execute(@ConfigDBCmd);
go

STEP 2: Create the DOS batch command file

Next, download the DOS batch command file from my web site (logshrink2.cmd.txt), save it to the root of your C: drive, and then rename it to logshrink2.cmd

dir c:\windows\sysmsi\ssee\mssql.2005\mssql\ShareWebDb* /s
pause
sqlcmd -S \\.\pipe\mssql$microsoft##ssee\sql\query -E -i c:\logshrink2.sql
pause
dir c:\windows\sysmsi\ssee\mssql.2005\mssql\ShareWebDb* /s
pause

STEP 3: Run the command file with administrator rights

Finally, open up File Explorer, right click on the logshrink2.cmd file, and click to “Run as administrator”

RESULT: Here is a screen shot of running this on the server with a 200GB log file:

image

How to Stop Windows 10 from Installing an Update

Have you encountered a situation where Windows 10 will try to install an update that you don’t want installed? Perhaps for a non-existent printer? Or an update that you just aren’t ready to test, like a new video driver?

Windows 10 seems to love doing things automatically, without any real control over what it does. Fellow MVP’er, Susan Bradley, pointed me to a Microsoft driver tool that will allow you to resume control of some of these updates and troubleshoot such situations.

Check out Microsoft KB 3073930 titled: How to temporarily prevent Windows or driver update from reinstalling in Windows 10

  1. When you click on the link, you will be prompted to run or save “wushowhide.diagcab”. Go ahead and select run.
    image
  2. Click Next to proceed:
    image
  3. Now you can select to hide updates, or to show hidden updates:
    image

Security Patch MS16-072 Breaks GPO on SBS 2008, SBS 2011, and Windows Server 2008/2008R2

Microsoft recently released security hotfix MS16-072 last week. This patch attempts to improve GPO security. But as my fellow MVP’s Susan Bradley and Wayne Small have discovered, this new security update can actually break certain GPO based processes, such as WSUS.

Note: Microsoft has not released a fix to this, nor are we expecting them to do so. But the blog posts below offer instructions for manually fixing this issue.

Here are the two blog posts that Wayne Small posted on his site, identifying the problem and suggested work arounds:

Susan Bradley forwarded the following post from Group Policy Central which includes a PowerShell script and further instructions from Microsoft to manually fix this problem.

Beware of Microsoft Tricking You Into Installing Windows 10

I’ll keep this short, sweet and to the point. Beware of the “Windows 10 Upgrade” notice!

First, I really like Windows 10, and I encourage people when buying a new computer to get Windows 10. I have also done a fair number of in-place upgrades to Windows 10. All of them were successful upgrades, although I had unique challenges with two of them that took time to resolve.

Microsoft released Windows 10 at the end of July 2015, and made it a free upgrade for most people. In the past six months, Microsoft has been pushing nag messages and prompts to remind you to upgrade to Windows 10.

But, with less than two months to go, Microsoft has upped the nagging to almost full scale trickery. The details can be read in this PCWorld article.

But here is the catch: you may think you are saying “No” to the Windows 10 upgrade by clicking on the X in the top right corner of the popup window. But it’s just the opposite. Clicking on the X is being treated the same as clicking on OK at the bottom of the window.

image

Please be careful!