TechShizz | Tech Guides for everything in IT

Which switches to use for ROBOCOPY

robocopy "\\uncpath\to the SOURCE folder you want to copy" "C:\local path\to the DESTINATION folder" /e /r:10 /COPY:DATSOU /LOG:C:\copy_result_log_file.txt

 

/e

Copies subdirectories. Note that this option includes empty directories.

/r:<N>

Specifies the number of retries on failed copies.

/copy:<CopyFlags>

Specifies the file properties to be copied. The following are the valid values for this option:
D Data
A Attributes
T Time stamps
S NTFS access control list (ACL)
O Owner information
U Auditing information
The default value for CopyFlags is DAT (data, attributes, and time stamps).

/log:<LogFile>

Writes the status output to the log file (overwrites the existing log file).

 

WSUS Crashing - WSUSPOOL Stopping in IIS

Problem

 WSUS MMC Crashes and WSUS Generally unreliable.

Cause

 Application Pool "WSUSPool" Stopped in IIS

Solution

To improve WSUS availability, you need to increase IIS Private Memory Limit. The default limit is set to 1843200KB. And when an IIS worker process uses more than 2GB WSUS crashes and the problem occurs.

Change Private Memory Limit (KB) to a higher number that fits your server specifications or simply 0 , which means no limit, instead of the hard-coded 1843200. Follow this path to find the setting:

 

WSUS Application Pool IIS Advanced Settings

Internet Information Services (IIS) Manager → Server → Application Pools → Select “WSUSPool” → Actions Advanced → Recycling → change “Private Memory Limit (KB)“.

This’ll improve WSUS availability.

Outlook 2016 (365) connects directly to Office 365 and ignores AutoDiscover or On Premise Exchange

Problem

 If you have a user with Outlook 2016 who are not yet in Office 365 but have mailboxes provisioned in Office 365 you may find Outlook automatically connects to Office 365 and ignores Auto Discover or the on premise Exchange server.

Cause

 Starting in Outlook 2016 version 16.0.6741.2017, Microsoft enabled a new feature called Direct Connect to Office 365.  It was designed to quickly connect Outlook 2016 to Office 365.

Solution

 A registry key can be added on the PC which will disable the Direct Connect feature and allow either Auto Discover or the On Premise Exchange to configure Outlook.

  1. Go to Registry Edit on the PC. REGEDIT.MSC
  2. Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover  (I had to create the AutoDiscover Key)
  3. Create a DWORD: "ExcludeExplicitO365Endpoint" to Value : 1

List of common ports

This is not a full list of ports, just a list of common ports to scan when looking to see what ports may be open to avoid having to scann every single port. 

80,8080,443,143,194,513,3306,42,137,139,12345,2049,1521,109,110,1723,9870,25,3128,22,517,23,37,6000

How to update an IIS SSL certificate for an existing website using command line and PowerShell

If you need to install a new certificate on a web server that does not have a GUI (Server Core), you will need to update the current SSL certificate via command line and powershell. There are most likely more ways to do this than this method, but I find this works well for me.

1. First, if you need a new certificate, you need a new CSR. You DO NOT have to create the CSR on the server that will use the certificate. Use ANY IIS server to create and complete a new certificate request. Ensure you use 2048 bit certificates.

2. Purchase a certificate from a trusted certificate authority. I prefer SSL2Buy.com.

3. Once you have your certificate it will be downloadable as a ZIP file. It will contain .cer files. In order to install the certificate (firstly onto our GUI IIS server) we need it to be in the .pfx format, as this format lets us store the certificate's private key within it. Extract the certificates, and in IIS, complete the certificate request and select the certificate that's named www.yourdomain.com.cer - You should store the certificate in the "WebHosting" section if prompted.

4. Next, the certificate is installed, but in the wrong server. So we need to export it. Run MMC.exe, File, Add/Remove Snapins / Add the Certificates snap in, select computer account. Find the imported certificate. 

5. Export the certificate, right click, All Tasks, Export. Select .PFX format. Ensure you tick the "Make Private Key Exportable". You will be required to set a password against the certificate to protect the private key. Save the Certificate and then copy it to your IIS server (which has no GUI i.e. server core). 

6. Next we need to install the certificate with PowerShell.

PS C:\>$mypwd = Get-Credential -UserName 'Enter password below' -Message 'Enter password below'

PS C:\>Import-PfxCertificate -FilePath C:\mypfx.pfx -CertStoreLocation Cert:\LocalMachine\WebHosting -Password $mypwd.Password

7. Next we need to update the certificate on the existing binding:

We'll need to know the thumbprint of the certificate and the AppID of the website. I like to change to powershell in core, because it's good for parsing results in a readable format. Run PowerShell.exe then navigate to:

PS Cert:\LocalMachine\WebHosting\>

Run

dir | fl

You should be able to identify the certificate you have installed. Grab the Thumbprint.

8. Next we need the AppID - Run:

netsh http show sslcert

Find the AppID for your website you want to replace the SSL certificate for.

9. Next we use the AppID and Thumbprint to use the new certificate with the website - Note You need to EXIT from PowerShell before running this command - run this in CMD:

netsh http update sslcert hostnameport=www.techshizz.com:443 certhash=C4FA12345678923618B90972707121345678988811 appid={4ab64e81-e14b-4a21-b022-59fc66abcd64} certstorename=WebHosting

10. - DONE!