Friday, January 18, 2019

Recover custom DNS domains in deleted Microsoft Demos tenant

In the past Microsoft cloud consultants they are using the MS cloud demo platform are sometimes connecting their own DNS domains to the Office365 tenant. 

When they delete later the tenant (it typically runs for 90 days only!) and they want to reuse their custom DNS domain in another tenant then the old DNS name is still attached to the old deleted tenant! And they can not attach it to the new tenant anymore. 

But this can be fixed!

Here is how this works:

1. The old tenant is somehow deleted but not really completely. This means:
2. Login to with your custom name: e.g. still works. Same with Azure portal. But you can not use any services from it. Also the licenses are removed for the users.
3. Navigate to: SETUP -> Domains

4. Notice the name!
5. Logout
6. Login again with the - use your DNS name you noticed from your tenant instead!
7. Navigate again to: SETUP -> Domains
8. Click on your custom domain name e.g.
9. Now you see in the top menu the option to delete it.
10. Follow the instructions (e.g. which include to move the custom DNS mail addresses back to the Microsoft generic DNS entry)
11. Voila you have your custom DNS back for using somewhere else!
12. Now you can exit the admin portal.

Tuesday, December 18, 2018

Remote control during WinPE - Guest Article

Sometimes its useful to have during WinPE something like remote control. In Win7 I did this with VNC server running in WinPE. But there is even a nicer MS way to do it. This article here refers to a guest article (outside of Microsoft) contributing its own PowerShell code. The code is not from me so no warranty on it!

Thanks to Dan Padgett for making it and thanks to Björn making me aware of it!

So here the link to the guest article:

Extend and read Windows Update Log

Sometimes something went wrong during Windows Updates. So it would be helpful to know what's  going wrong. Therefore we have the Windows Update Log. But where is it, how to read and how to extend to get even more out of it.

Beware - in Windows 10 the Windows Update logfile is by default in ETL format! 

This is an internal logging format from Microsoft. To "translate" it in to human readable format you need to to convert it. This is fortunatelly very simple.

1. Open Powershell
2. Type in: Get-WindowsUpdateLog (and press Enter)
3. Last line will tell you where the WindowsUpdate.log file was written.

How to enable extended logging
Microsoft Product Support Services may ask you to turn on verbose logging. To turn on verbose logging, add the following registry key with two values:
Value name: Flags
Value type: REG_DWORD
Value data: 00000007

Value name: Level
Value type: REG_DWORD
Value data: 00000004
This registry key turns on an extended tracing to the %systemroot%\Windowsupdate.log file. Additionally, this registry key turns on an extended tracing to any attached debuggers.  

How to read and understand the log

You will find a comprehensive article on this here:

Windows Defender Antivirus Exclusions

As every Antivirus solution also MS had some exclusions for files not being scanned. This is mainly for performance but also for operational reasons. E.g. you have a VHD file from a VM. The VM Guest itself is already scanning itself. So no need for the host to scan an VHD file. But there a still others. Here you get a comprehensive updated list for exclusions from field MS support engineers.

Especially SCCM, SQL and IIS workloads need additional exclusions for operational reasons!

The recommendations for each section are separated between "Operational" and "Performance" levels.  Operational recommendations are highly encouraged to be added to your exclusions list.  Performance recommendations should only be considered if you are experiencing such issues that may be a result of your antivirus product.
The following information will cover what could be recommended for your environment.
Details on the variables referenced:
  1. <InstallDrive> can be multiple drives in some environments, so it is best to use a wildcard if possible for the antivirus solution you have deployed throughout your environment.  Please refer to your vendor’s documentation for further instructions.
  2.  <InstanceName> is the name of the SQL instance you are using in your environment.  Please be aware if you use any named SQL instances or the default, "MSSQLServer".
  3.  <SQL Version> is the version of SQL you are using in your environment.  This may also differ between each SQL service referenced between versions SQL Server 2005-2008 R2 and SQL Server 2012+.  Please be aware of what version you have installed.  309422 and the article below can provide you with more details.
How to determine the version, edition and update level of SQL Server and its components
Core Exclusions for Supported Versions of Windows
  • Operational
    • %allusersprofile%\NTUser.pol
    • %windir%\Security\Database\*.chk
    • %windir%\Security\Database\*.cmtx
    • %windir%\Security\Database\*.csv
    • %windir%\Security\Database\*.edb
    • %windir%\Security\Database\*.jrs
    • %windir%\Security\Database\*.log
    • %windir%\Security\Database\*.sdb
    • %windir%\Security\Database\*.xml
    • %windir%\SoftwareDistribution\Datastore\Datastore.edb
    • %windir%\SoftwareDistribution\Datastore\Logs\edb.chk
    • %windir%\SoftwareDistribution\Datastore\Logs\edb*.jrs
    • %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
    • %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
    • %windir%\System32\GroupPolicy\Machine\Registry.pol
    • %windir%\System32\GroupPolicy\User\Registry.pol
Reference: 822158
ConfigMgr Core Installation Exclusions (All Versions)
  • Operational
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\Inboxes\*.*
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\
    • <InstallDrive>\Program Files\Microsoft Configuration Manager\Logs
    • <InstallDrive>\Program Files\SMS_CCM\Logs
    • <InstallDrive>\Program Files\SMS_CCM\ServiceData
References: 327453, SCCM 2012 Antivirus Exclusions
ConfigMgr Core Installation Exclusions (Current Branch Versions)
  • Applicable to 1511+
    • Operational
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\cd.latest
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\EasySetupPayload
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\AdminUIContentPayload
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\AdminUIContentStaging
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMUStaging
  • Applicable to 1602+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMUClient
  • Applicable to 1610+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\PilotingUpgrade
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\RLAStaging
  • Applicable to 1702+
    • Performance
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\CMProviderLog
Reference: 327453
ConfigMgr Content Library Exclusions
  • Operational
    • <InstallDrive>\SMS_DP$
    • <InstallDrive>\SMSPKG<DriveLetter>$
    • <InstallDrive>\SMSPKG
    • <InstallDrive>\SMSPKGC$
    • <InstallDrive>\SMSPKGSIG
    • <InstallDrive>\SMSSIG$
  • Performance
    • <InstallDrive>\SCCMContentLib
    • <InstallDrive>\<ConfigMgr Backup Directory>
      • Ex. D:\SCCMBackup
    • <InstallDrive>\<ConfigMgr Package Source Files>
      • Ex. D:\SCCMSource
Reference: 327453
ConfigMgr Imaging Exclusions
  • Operational
    • <InstallDrive>\ConfigMgr_OfflineImageServicing
    • %windir%\TEMP\BootImages
  • Performance
    • %SystemDrive%\_SMSTaskSequence
Reference: SCCM 2012 Antivirus Exclusions
ConfigMgr Process Exclusions
NOTE***Process Exclusions are necessary only when aggressive antivirus programs consider System Center Configuration Manager executables (.exe) to be high risk processes.
  • Operational
    • Client Side
      • %windir%\CCM\Ccmexec.exe
      • %windir%\CCM\CmRcService.exe
      •  %windir%\CCM\Ccmrepair.exe
      • %windir%\CCM\Ccmsetup.exe
    • Server Side
      • %windir%\CCM\Ccmexec.exe
      • %windir%\SMS_CCM\Ccmexec.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Cmupdate.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Sitecomp.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smsexec.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smssqlbbkup.exe
      • <InstallDrive>\Program Files\Microsoft Configuration Manager\bin\x64\Smswriter.exe
      • <InstallDrive>\SMS_<SQLFQDN>\bin\x64\Smssqlbbkup.exe
Reference: 327453
ConfigMgr Client Exclusions
  • Operational
    • %windir%\CCM\*.sdf
    • %windir%\CCM\Logs
    • %windir%\CCM\ServiceData
    • %windir%\CCMCache
    • %windir%\CCMSetup
Reference: 327453
SQL Server Exclusions
  • Operational
    • SQL Server Process Exclusions
      • SQLServr.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version><InstanceName>\MSSQL\Binn\SQLServr.exe
      • ReportingServicesService.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
      • MSMDSrv.exe
        • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Bin\MSMDSrv.exe
    • SQL Server data files
      • *.mdf
      • *.ldf
      • *.ndf
    • SQL Server backup files
      • *.bak
      • *.trn
    • SQL Audit files
      • *.sqlaudit
    • SQL Query files
      • *.sql
    • SQL Trace Files
      • *.trc
    • Analysis Services data files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Backup
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Data
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\OLAP\Log
    • Full-Text catalog files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\MSSQL\FTData
    • Reporting Services Files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\LogFiles
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\Reporting Services\RSTempFiles
    • Replication Files
      • <InstallDrive>\Program Files (x86)\Microsoft SQL Server\<SQL Version>\COM
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>\COM
    • Replication Snapshot Files
      • <InstallDrive>\Program Files\Microsoft SQL Server\<SQL Version>.<InstanceName>\MSSQL\ReplData
      • These files typically have file name extensions of the following:
        • *.sch
        • *.idx
        • *.bcp
        • *.pre
        • *.cft
        • *.dri
        • *.trg
        • *.prc
    • Checkpoint and delta files
      • No specific file extension for the files
      • Files are present under the folder structure identified by the container of type FILE_STREAM from sys.database_files
    • DBCC CHECKDB Files
      • Files will be of the format <Database_data_filename.extension>_MSSQL_DBCC<database_id_of_snapshot>
      • For more information, see the following article:
        • 2974455 DBCC CHECKDB behavior when the SQL Server database is located on an ReFS volume
    • Exception Dump Files
      • *.mdmp
    • Extended Event Files
      • *.xel
      • *.xem
    • Filestream data files
      • SQL 2008 and later versions
    • In-memory OLTP Files
      • Present in a xtp sub-folder under the DATA directory for the instance
      • File formats include the following:
        • xtp_<t/p>_<dbid>_<objid>.c
        • xtp_<t/p>_<dbid>_<objid>.dll
        • xtp_<t/p>_<dbid>_<objid>.obj
        • xtp_<t/p>_<dbid>_<objid>.out
        • xtp_<t/p>_<dbid>_<objid>.pdb
        • xtp_<t/p>_<dbid>_<objid>.xml
    • Remote Blob Storage files
      • SQL 2008 and later versions
    • Windows Failover Clustering (If applicable)
      • <Quorum Drive> (Ex. Q:\)
      • %windir%\Cluster
      • MSDTC directory in the MSDTC drive
References: 309422250355, 2974455 
IIS Exclusions
  • Operational
    • IIS Compressed Files
      • IIS 6.0:
        • %SystemRoot%\IIS Temporary Compressed Files
      • IIS 7.0+:
        • %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
    • IIS Worker Process
      • %windir%\System32\inetsrv\w3wp.exe
      • %windir%\SysWOW64\inetsrv\w3wp.exe
Reference: 817442
WSUS Exclusions
  • Operational
    • %SystemRoot%\SoftwareDistribution\Datastore
    • %SystemRoot%\SoftwareDistribution\Download
    • %ProgramFiles%\Update Services\LogFiles\WSUSTemp
    • <InstallDrive>\WSUS\UpdateServiceDBFiles
    • <InstallDrive>\WSUS\WSUSContent

Thursday, November 29, 2018

Servicing Stack Update - what it is and when you need it!

From time to time it is necessary to fix the Windows Setup itself. This is the so called "Component Base Setup" CBS. This you will also find the setup logs. For several reasons it might be necessary to do an update!

Here you will find the latest Servicing Stack Updates:

(Sometimes they have even something to do with security fixes.)
You will find this also in my "Important Links" list.

So what is it in detail?

The "servicing stack" is the code that installs other operating system updates. Additionally, it contains the "component-based servicing stack" (CBS), which is a key underlying component for several elements of Windows deployment, such as DISM, SFC, changing Windows features or roles, and repairing components. The CBS is a small component that typically does not have updates released every month.

For more information please refer to:

When and how to apply?

Best is to add it via DISM right after applying the image in a Task Sequence in SCCM. So you ensure it is already updated before Windows Setup starts its tasks. e.g. with this command during an task sequence where your are still offline but C:\Windows exists due to the fact that you applied the image first and then you run this command in a SCCM package:

dism /Image:C:\ /Add-Package /PackagePath=windows10.0-kb00001-x64.msu /LogPath=C:\Windows\logs\dism-add-stackservicingpackage.log
Write them in one line! Word wrapping is just for better readability in my blog!

The missing path to the MSU file is by purpose. The command always get executed in the same directory as the command is invoked by the Task sequence SCCM package. 

Also image directory in offline mode (Windows PE) is C:\

You have also the option to mount the Vanila WIM Image (it is important that is is NOT a built and capture image for upgrade scenarios!) and add the servicing stack update directly there. So it becomes out of the box part of the WIM file.

But keep in mind if you are using the WIM image for Windows 10 inplace upgrade (7 to 10 or 10 old to 10 newer) then your are only allowed to do a very limited set of image modifications. Built and capture is absolutelly forbidden in this scenario.

You can add the following to the WIM used for upgrades:

1. Latest servicing stack update (for your particular Windows version!)1. Latest cummulative update (for your particular Windows version!)
2. Latest cumulative update (for your particular Windows version!)
3. Additional feature on demand packages (keep in mind you need to look for the right Feature on demand DVD that fits to this version of windows!)
4. Language packs (also need to fit to the right version of Windows!)

NEVER mix up versions!

Kudos to Manuel for sending me the link of the repo! ;-)

Thursday, November 22, 2018

Network connection from public to private with Powershell

Sometimes the Windows 10 network connection will be classified automatically as public or private and it is not in the way as it should be. As this will affect firewall rules you sometimes get by a domain group policy. The effect is that your software cant communicate anymore when this was done wrong.

How to fix this?

Very simple with PowerShell!

1. Open an Admin PowerShell Command Prompt.
2. Type in: Get-NetConnectionProfile
3. Check the name from your network connection. Keep in mind when you have Security features like credential guard and/or HyperV enabled you will see more "Unidentified networks". You can safely ignore them. Here in my example the network is called "CAP".
4. Type in: Set-NetConnectionProfile -Name "CAP" -NetworkCategory Private

Your setting will be active immediately!

Wednesday, November 21, 2018

Azure AD - DSRegCMD output checked in Powershell

Sometimes you have to deal with DSREGCMD Output.

Means the interesting output of DSREGCMD need to be further analyzed in PowerShell.

Here a useful example I found. 

Keep in mind the array (@) is just containing 4 examples.
May be you need to extend it for further. 

$template = @'
        AzureAdJoined : {AzureAdJoined*:YES}
     EnterpriseJoined : {EnterpriseJoined:NO}
        AzureAdJoined : {AzureAdJoined*:NO}
     EnterpriseJoined : {EnterpriseJoined:YES}
        AzureAdJoined : {AzureAdJoined*:NO}
     EnterpriseJoined : {EnterpriseJoined:NO}

        AzureAdJoined : {AzureAdJoined*:YES}
     EnterpriseJoined : {EnterpriseJoined:YES}

PS C:\> dsregcmd /status | ConvertFrom-String -TemplateContent $template

AzureAdJoined EnterpriseJoined
------------- ----------------
NO            NO