Category Archives: Annoyances

Hyper-V Manager – Connect to VM CredSSP error

[Window Title]
Remote Desktop Connection

[Content]
An authentication error has occurred.
The function requested is not supported

Remote computer:
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660

The most annoying part about this was everything was fine

So I did the usual checks

1. Make sure the Windows Remote Management (WS-Management) Service is running

2. verify that CredSSP is enabled

3. Review the current settings

4. Make sure delegation is allowed from the host hyper-v server

Everything looked ok

Finally I stumbled on this MS article on credssp remediation error when RDP

Made the necessary registry key and value here
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
“AllowEncryptionOracle”=dword:00000002

There is no reboot required, it worked immediately.
Yes you may now be vulnerable to the encryption oracle attack see Microsoft here

Windows HyperV Server inplace upgrade – broken network

Windows Server HyperV 2012 > 2012 R2 > 2019

Cannot connect HyperV Manager to HyperV server after in-place upgrade when your domain controller is a virtual machine

So you’ve decided on your upgrade path and committed to action, only to find out your HyperV virtual machines cannot be seen on your network after upgrade.

My home lab operates on 2012 HyperV console, as you should know that means no GUI, which i am very happy with for many reasons. The attack surface is minimal, the resources aren’t needlessly used up and best of all its free

I decided to upgrade, mainly because testing Microsoft Intune meant i needed to enable TPM in HyperV, that and i was due an upgrade anyway

Microsoft HyperV Server 2012 > HyperV 2012 R2 > HyperV 2019

So I downloaded HyperV Server 2012 R2, created a bootable usb and performed an in-place upgrade on my HyperV

Once completed i immediately faced connectivity problems. My home lab is budget, which means my Domain Controller is a VM, yup you guessed it, hosted by the HyperV server

So how do i fix a network when i can’t remotely connect HyperV manager to the HyperV server? The problem being the authentication method is not contactable, the DC as a VM cannot approve the connection request to the HyperV server because the virtual switch is no longer configured properly

My suspicion is that with any in-place windows upgrade, the network adapters always tend to renew in some way shape or form

Know you’re setup

To really understand this problem and the solution I should probably describe my network setup

My hyperV box has 4 VMs and 2 virtual switchs

  • swInternal (Internal LAN switch to my home LAN)
  • swExternal (External WAN switch to my virgin router that is currently in “modem mode”)
  • VM 1 = Firewall gateway (has two virtual NICs swInternal and swExternal)
  • VM 2 = Domain controller (swInternal)
  • VM 3 = webserver (reading this blog from it right now) (swInternal)
  • VM 4 = test machine (constantly being destroyed and re created) (swInternal)

My setup is such that the firewall gateway VM has two network adapters, one for my internal LAN and one for the WAN. The rest of the VMs only have the internal LAN

Identify the problem

  • We cannot connect or see any of the VMs on the LAN, cant ping anything
  • We can’t connect HyperV manager to the HyperV server
  • We can however connect directly using a spare keyboard, mouse and display. Login and then break out PowerShell

Solving the problem

There is a 99% chance that fixing the virtual switches will solve all our problems, so whats the process?

You will need to know a local admin account for your hyperv server

  • 1. Shutdown all VMs
  • 2. Review the current setup. Enumerate the Virtual Switchs, and VM adapters
  • 3. Detach the adapters from the VMs
  • 4. Destroy and recreate the virtual switches
  • 5. Re attach the adapters to the VMs

sounds simple right? ok lets crack on

login to HyperV and execute the following PowerShell commands

This will give you an idea of the current switch setup

From here you can tell I have two hardware NICs and one Virtual NIC on the HyperV machine itself
I also have two virtual switches
And the virtual machines have all been assigned accordingly
In a broken environment you would likely see no IP addresses, moreover the Status’s would be different

So now we need to destroy and recreate everything

  1. Stop all the VM’s
  2. Disconnect the virtual adapters from the VM’s
  3. Remove the virtual switch’s
  4. Recreate the virtual switches
  5. Re attach the virtual adapters

Stop all VM’s

I’ve filtered this command to only stop VM’s that are running

Disconnect the virtual adapters

I’ve filtered this command to filter out the swExternal virtual switch.

Remove the HyperV virtual switch

I only want to remove the swInternal Switch

At this point I decided to rename my Network adapters on the Host, you dont have to do this at this stage.

Re-Create HyperV Virtual Switch

I’ve shown here commands to create the external switches as if the External switch didnt exist. The only difference between the two is that I’m not allowing the swExternal switch management os connectivity.

The difference between a switch category of “internal” & “external” is that internal will isolate the switch from your LAN, keeping internal to the VM host. So basically if you want connectivity to your LAN, always create a virtual switch categorised as External, which is in fact the default category, so you dont need to specify it on creation

If you want to tweak the settings on your newly created switches you can you the following command

Re-Attach the HyperV Virtual machine adapters

I’ve filtered this command to avoid adapters already connected to the swExternal switch here,

Now that the HyperV Host adapters, and Virtual switch’s have been reconfigured you are now ready to start the VMs

At this point i’d recommend restarting your HyperV host, If you have a Domain controller as a VM you’ll need to.
If you are still having connectivity issues you can further diagnose the it by dropping the firewall of the HyperV host by running the following command

If you are having problems with network adapters not setting the correct connection profile, you can force the profile to change

Mopping up

Finally we need to tidy-up the windows.old folder created on the root.
3 steps.
1. Take ownership of the folder
2. reset the security permissions
3. delete the folder

MS SQL TSQL PadLeft

Ever wanted a PadLeft for SQL server
Here’s the next best thing, a scalar function we wrote and implemented into all our databases
Enjoy

Windows 8 to Windows 8.1 with redirected user profile folders

You’re here probably because you received this error

Sorry, it looks like this PC can’t run Windows 8.1. This might be because the Users or Program Files folder is being redirected to another partition

The Solution in a nutshell

  • Edit registry keys to re point to system drive
  • Add New Admin account to system
  • Login as new Admin account
  • edit user registry keys to re point to local system users folder
  • Run batch file to create junctions between local system user folders and redirected user folder
  • Restart, login as admin and run windows update to 8.1
  • Once complete edit registry to re point chosen user profile folders back across to redirected drive
  • The user folders that are redirected again must have the AppData hidden folder folder copied across to the redirected user folder fro the system drive

The solution in more detail
Basically we need to trick the updater that the profiles are local. We do this in a few steps

  1. Edit some registry keys
  2. Create a new admin account, restart and login to it
  3. Edit some more registry keys
  4. Create some junctions to point from local profiles to actual profiles
  5. Restart login again as the admin account and run updates

So let’s get started
You might want to save this page as a “.mht” file to the root of your C: so you can refer back to this as you progress
Edit registry
Run regedit as admin and goto
HKLM\SOFTWARE\Microsot\Windows NT\CurrentVersion\ProfileList
Mine looks like this
ProfileList HKLM
Edit the ProfilesDirectory Key back to “%SystemDrive%\Users”
ProfilesDirectory HKLM
Create a new account and mark is as administrator
Restart and login with the new account
Go back into an admin regedit and adjust the remaining keys so they look like this
RESET ProfileList keys HKLM

As you can see I have lots of local logins (I develop apps and as such lots of services login to my machine) so I built a batch file to create the junctions from local to actual user profile folders
For users with no gaps in their name
mklink /J C:\Users\Andre E:\Users\Andre
for users with gaps
mklink /J “C:\Users\.NET v4.5” “E:\Users\.NET v4.5”
My Batch file ended up here c:\MKLinks.bat and looked like this
mklink /J C:\Users\Mcx1-HOME-PC E:\Users\Mcx1-HOME-PC
mklink /J C:\Users\UpdatusUser E:\Users\UpdatusUser
mklink /J C:\Users\Andre E:\Users\Andre
mklink /J “C:\Users\Classic .NET AppPool” “E:\Users\Classic .NET AppPool”
mklink /J “C:\Users\.NET v4.5” “E:\Users\.NET v4.5”
mklink /J “C:\Users\.NET v2.0” “E:\Users\.NET v2.0”
mklink /J “C:\Users\.NET v4.5 Classic” “E:\Users\.NET v4.5 Classic”
mklink /J “C:\Users\.NET v2.0 Classic” “E:\Users\.NET v2.0 Classic”
mklink /J C:\Users\Default E:\Users\Default
mklink /J C:\Users\Public E:\Users\Public

Now we are ready to execute the batch file, so open an elevated command prompt, navigate to the location you saved the batch file and run it.

Next we must adjust the “ProfileImagePath” string value in each user profile sub key of ProfileList (the keys typically start with S-1-5-xx-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxxx-xxxx) so they point back to the local system drive (C:) like this one

Return Profiles back to system drive locations

Once you are sure you have completed these instructions restart once more, login as the admin account and run windows update.

Once completed, every profile will be put back onto the C:\Users and your folder junctions will have been replaced by these user folders.
There is a simple solution to bring things back across to your redirected drive, editing the users registry key and copying the hidden AppData folder from the C:\Users\Username folder to the target user profile folder on the redirected drive you are trying to use.

I ended up leaving all of my profiles on C and only redirected my profile, which incidentally was far too large to reside on the C:

asp.net ReportViewerControl The size of the request headers is too long

Bad Request – Request Too Long

HTTP Error 400. The size of the request headers is too long.

When you use the “Microsoft.ReportViewer.WebForms”control in asp.net

You’ve eaten too many cookies Reserved.ReportViewerWebControl.axd

If like me you use the report viewer control to display reports from SSRS to the world wide web you may have come across an ever increasing number of cookies from the control.
I don’t really have time to look into this in any detail as im working to a deadline at the moment and as such need to resolve this asap.
I think this is perhaps something to do with the fact I am using masterpages with iframes to both separate the CSS and pull out the parameters into an intermediate step.

Anyway my solution was to wipe the cookie from the request cookies collection so they dont get a chance to stack up.
Create class in you App_Code and past the following code into the file

you could adapt this to only delete if the number of cookies exceeded a certain level

SSMS SQL Server Management Studio Refresh Schema

Refreshing the intelli-sense (Intellisense) for the current connection to a given database can be a bug bare

There is nothing more frustrating than making additions, or changes in design to tables/views and having the management studio intellisense not pick-up the changes once you have made them. This is because the SSMS schema refresh doesn’t occur real-time not does it update local schema changes to those successfully committed to the db while you work, it occurs on close and open of the IDE.

The easiest way to refresh the schema on any connection (also note each new window is a separate connection and as such you need to refresh each window)

You can either

1) Go to Edit -> IntelliSense -> Refresh Local Cache and
OR
2) Hit Ctrl+Shift+R

Hope this helps those with the same issue

SQL 2008 SSRS Web Service access from .NET

When you try to access a report server web service to execute code you get an error similar to, where the scheme or header varies a tiny bit

The HTTP request is unauthorized with client authentication scheme ‘Basic’. The authentication header received from the server was ‘Negotiate,NTLM

Basically my situation is that we have a MS 2008 Server running SSRS outside of our domain in the DMZ. However we need to execute code on a domain machine that will connect and run over 100 reports on the SSRS Server, then dump them on a share in our domain in excel format.

To get around the negotiation problem you need to make sure the SSRS server is allowing connections configured using basic authentication

Find the file

rsreportserver.config

This is usually buried in the install folder

C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer

Then change the authentication to support your desired connection authentication type

More info at MSDN
Once you have done that you should be good to connect.
Here is some sample code to get you started with connecting to your web service and pulling back a list of items

unable to download web platform product list

Unable to download the Web Platform product list from . Check your network connection and try again. If the problem persists, report the issue on the Web Platform Installer forum at: http://go.microsoft.com/fwlink/?LinkId=145244.

Applies to Web platform installer 3 on server 2008

Verify you can browse to http://www.microsoft.com/web/webpi/3.0/WebProductList.xml

If you can then add the following registry key

HKLM\SOFTWARE|Microsoft\WebPlatformInstaller

Add string value (reg_sz) named “ProductXmlLocation”

Value http://www.microsoft.com/web/webpi/3.0/WebProductList.xml

Re run the Web Platform Installer and all should be well

.NET Entity Layer The member with identity ‘Result’ does not exist in the metadata collection

“The member with identity ‘Result’ does not exist in the metadata collection.
Parameter name: identity”

If you have stumbled across this error when trying to perform a transaction against your DB or any other action via your entity layer. If it is indeed a Microsoft SQL Database or any other database I would highly recommend you disable triggers on the affected tables and re run your test.

This error is the entity layer running home to its default error when either the error cannot be translated or the what ever is being returned from the transaction cannot be understood.

So if you stumble across this error, its because the entity layer is performing an operation that is causing a secondary separate operation which is where the underlying error is kicking back from, either because an error was raised or because the return is in an unexpected format.