Windows Update Stuck on “Searching for Updates” on Windows Server 2012 R2

This one was a nightmare. If you search the internet for “Searching for Updates” you will find a lot of pages but none that I saw had this resolution.

In my case on my server the problem was actually related to Flash updates. After working with Microsoft Support it was discovered that a large number of pending Adobe Flash updates were causing the search to never finish so the fix was to manually update Flash.  This was done by installing KB3214628

Hope this helps someone else out, this took MS Support weeks to figure out.

-Eric

Secure PowerShell Scripts running via Windows Task Scheduler using MD5 Hashes to safeguard against Tampering

Over the years the number of Task Scheduled based PowerShell scripts has increased. However, this poses serious potential security risks.

The Security Issue

Given that these tasks commonly run as a service account, with additional rights, it is a potential attack vector.

Simply changing the underlying script can allow a hacker access to anything the service account has access to.Even signing the scripts can be useless as the system can be configured to ignore signing.

The Solution

I have created this one-liner that Task Scheduler can use that will only run the script if the hash of the script matches the hash listed in the one-liner. If someone tries to change this in Task Scheduler they would be required to reenter the proper password.

powershell.exe -command if ([System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘))) -eq ‘33-CD-2A-54-ED-F3-0F-94-5F-D2-97-D9-FE-4F-45-79‘) {. c:\temp\test.ps1} else {Send-MailMessage -SmtpServer smtp.server.domain.com -From whatever@domain.com -To you@domain.com -Subject ‘Failed to Run Script – Hash Not Correct’}

Notes about One Line Script Executor

  • You need to replace c:\temp\test.ps1 with the path to your script. (two places in this example)
  • You must supply the hash of the script. (use the following command to get it)

[System.BitConverter]::ToString((New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider).ComputeHash([System.IO.File]::ReadAllBytes(‘C:\temp\test.ps1‘)))

  • Script will email you if hash fails.
    • Change TO: and FROM: to match your needs.
  • Do NOT use double quotes in this script, do NOT forget that CMD will pass this to PowerShell, and will strip out double quotes.

If this helped you or perhaps you have suggestions to make it better, please do leave them in the comments.

Enjoy

-Eric

Unauthorized 401 when calling Coldfusion CFC Component WebService on IIS

If you just setup a fresh Coldfusion/IIS box and all of a sudden you check one of your CFC Component WebServices and get a 401 you are not alone!

I bet you went to the folder and triple checked IIS that Anonymous Authentication was enabled and everything else was disabled and yet still didnt work. Right about that time perhaps you start questioning everything you know in this world. I mean IIS is set to anonymous yet it’s telling you its not authenticating as if it were sent to Windows Authentication.

The Solution

Rest assured, you are not losing it. Simply you like me likely made the mistake of blanket turning on Windows Authentication at the root which in turned enabled it for the virtual folder:

/jakarta

CFC’s must pass back to this folder since they are processed server side. Anyways the easy solution is to set /jakarta folder to Anonymous Authentication.

Hey if this helped you or you know something I should add to make it better, please leave it in the comments!

-Eric

Fix: Windows 10 Start Menu (and Modern Subsystem) Freezes and Stops Working

Nothing gets me more upset than seeing a common issue that never seems to get fixed. Since Windows 10 inception I have noticed a rather odd issue that occurs about weekly where my Start Menu, all Metro (Modern) Apps, and even Internet Explorer (which is odd given its a Win32 App) locks up, freezes, and just plan stops working.

The only obvious cure had been to reboot the PC.

However through alot of trial an error have figured out a workaround to get your PC back on its feet.

The Workaround

  • Simply open Task Manager (CTRL + SHIFT + ESC)
  • Click More Details (if needed)
  • Go to Details
  • Locate: siHost.exe
  • Right Click, End Process Tree

Note: This may need to be done twice in my testing but should always return the start menu after that second try. Many times it only takes once.

More Detail

You may notice when this happens that there are the following events in the event logs:

The program ShellExperienceHost.exe version 10.0.10586.218 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Process ID: 2290
Start Time: 01d1a082cc447ca3
Termination Time: 4294967295
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Report Id: 524e2a97-0c76-11e6-8dae-64006a80564a
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App

Also you may see errors about SearchUI.exe

 

Workaround: Chrome will not PIN sites to Windows 10 Taskbar

I could rant for a long while about how Microsoft removed the verb “Pin to Taskbar” from the Shell.Application COM object but I won’t. I will simply say that I think they did that to keep OEM’s from putting crap on it when you buy a new PC. However as so often is the case, there was unintended side effects. Reasonable use cases like Chrome being able to PIN websites and Corporate IT being able to PIN corporate applications comes to mind. Lets not talk about how anti-competitive it looks when Internet Explorer (IE) is able to still pin items to the taskbar yet 3rd Party browsers like Chrome are left in the dust.

Ok I said I wouldn’t rant, here is the workaround.

  • Simply do the normal process in Chrome to PIN something to the start menu.
  • Then go here:
    • C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
      • Note: <username> will be your username you use to logon to Windows. If you dont know it simply go to c:\users and you should be able to figure it out
  • Find the shortcut Chrome created for your website, right click and you will see “PIN to Taskbar”

Also thanks to Reddit for figuring this out:

Chrome "Add To Taskbar" Issue from Windows10

Leave a comment if it helped you!

-Eric

Fix | Windows 10, “the connection cannot proceed because authentication is not enabled”

Ah security, the balance between not allowing access at all and allowing too much access.

In Windows 10 Microsoft changed RDP’s defaults. They modified the default for “SecurityLayer” from 0 to 2. Even if you go into the user interface and disable: “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” Still doesn’t change that value to a 2.

Simple fix:

  1. Open RegEdit
  2. Navigate to this Key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  3. Change “SecurityLayer” to a zero
  4. Reboot and done!

Fix | NVidia Control Panel will not save

Just got Lightroom 6!! Finally they are using the GPU to make things faster. Just one problem, its using my crappy Intel 4600 GPU instead of the NVidia Quadro K1100M in my dual GPU Notebook.

Adobes own advise from their FAQ is to disable the Intel Card. I tried that, all it did is screw up almost everything on the PC. Thanks Adobe for that… So looking around the interwebs I found way too many people having this issue but none having a good solution.

After about 3 hours of messing around with ProcessMon.exe I discovered it was trying to write to c:\ProgramData\NVidia Corporation\Drs folder. Only problem is that folder did not exist.

Simply create the folder, and give “everyone” full control in the security Tab and you should be good to go.

One thing to note, it seemed like it took two saves to start working for me, not sure what that was about but finally I was able to use the “Managed 3D Settings” part of the NVidia Control Panel to set Lightroom.exe to use the NVidia GPU.

Hope it helps you!

-Eric

Bug | Android | Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED)

Quick one… After spending far too much time I figured it out an issue where I was getting the following error in Chrome on Android when trying to access a SSL website I hosted at my home on port 2000..

“Error 111 (net::ERR_TUNNEL_CONNECTION_FAILED)”

Some extra details… this was on my Nexus 4 on AT&T running first 4.2.1 then 4.2.2.

The real issue, Android for some unknown reason will not allow you to use unstandard ports for SSL (i.e. only port 443 works when using https)

I confirmed this by trying a SSL website on port 2000 using my wifes iphone on AT&T. Sure enough it worked fine. So its not AT&T. Also worth pointing out it works fine on wifi.

Hopefully this is just a bug and will be fixed in the future. The only thing I could do was move my SSL website to the standard port 443.

There was zero info on this on the net so I wanted to get it out there. Hope it sheds some light on it for you. If it did leave a comment so I know.

Office 2013 Installer Failure | “not supported upgrading from a preview version”

Well you are likely here because you are the adventurous type who had Office 2013 Preview installed and then tried to uninstall and install the full release.

Microsoft Office 2013 does not support upgrading from a preview version of Microsoft Office 2013. You must first uninstall these preview versions of Microsoft Office 2013 products and associated technologies:

Microsoft Office 2013 Professional Plus 2013

Some may advise you to go into control panel and remove all Office items from the programs list. However if you are like me then that will not be enough.

If you are still having issues after reviewing the programs list in the control panel then go ahead and delete the following registry key:

HKEY_CLASSES_ROOT\Installer\Products0005102110000000100000000F01FEC

If for some reason that isn’t enough, then delete these as well:

HKEY_CLASSES_ROOT\Installer\Patches\D5360E4B109548941BFB078A144B11D5
HKEY_CLASSES_ROOT\Installer\Patches\D5360E4B109548941BFB078A144B11D5
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\

if that still doesn’t do it, then search for the phrase “2013” at the root of the registry and start wacking keys that look office 2013 related. However I am pretty sure that first one will take care of you.

Hey if I helped ya, or you can add something to the conversation then please let me know in the comments belooooooow! I take payment in the form of “thanks” in the comments 😉

Installing Windows 8 RTM to Apple Macbook Air (Boot Camp)

Hey everyone, I wanted to make a few notes to help others get Windows 8 running on their Macbook Air without it locking, freezing, or poor network performance.

First we should stop that whole freezing problem or you will get very upset in the middle of a driver install (been there.)

You need to open a command prompt as administrator. You can do this by clicking start, then typing “cmd” right clicking on the cmd icon and selecting “Run as Administrator’”

Once open run this command:

bcdedit /set disabledynamictick yes

For those who want to know what this does please check out this great post: http://www.withinwindows.com/2012/06/28/workaround-for-windows-8-freezing-issues/

Once installed you will need reboot then install the boot camp drivers. This is done by making the install disk in Apple OS (Mountain Kitty). THERE IS NO DOWNLOAD LINK FOR THIS! DARN YOU APPLE!!! WHAT A PAIN! /RANT OFF

Once you have the Boot Camp disk, copy the contents to a folder on your desktop. Right click on the setup.exe, go to the compatibility tab, then click “Change settings for all users” button on the bottom.

On the next screen change the  “run this program in compatibility mode for:” to Windows 7. Additionally check off the bottom box for “run this program as an administrator”.

Then click OK, then OK again, then run the setup.exe

Once installed go ahead and reboot. This should get you part of the way.

Don’t delete that BootCamp Install folder just yet, deep in there we need the following folder. Just be aware, we will use it soon.

\Drivers\NVidia\NVidiaChipset64

Now lets click the start button, type “device manager” and click the settings “thing” on the top right to discover the “device manager” icon from the remains of the control panel.

Once device manager is open we have a few things to do. First lets take care of those two peskey un-drivered devices “coprocessor” and “SM Bus”.

Right click on one at a time and update the driver. Direct Windows to that folder on the desktop for \Drivers\NVidia\NVidiaChipset64 (or 32 if you are running x86). This folder should be able to updated both missing drivers.

NEXT lets go ahead and change the WiFi driver back to the native Windows 8 driver (Bootcamp had replaced it with a lesser driver that has some issues only in windows 8.)

Simply find the Wireless Network Adapter, its something like “Boardcom 802.11n” right click then “update driver software”, then Search Automaticly for updated drivers.

Thank should do it. Go ahead and reboot one last time for good measure.

Hopefully that saves some of you some time. IF I have helped you all I ask in return is leave a comment and say so. I get a great kick out of it.

Cheers!

-Eric