PowerShell Error: The underlying connection was closed: An unexpected error occurred on a send

I got mad the other day, trying to do a simple wget (i.e. invoke-webrequest) to an Azure Function I made and I was getting:

The underlying connection was closed: An unexpected error occurred on a send

I tried switching to .NET Webclient but still same error.

What was more frustrating is that it worked on my dev machine, worked on the server I was running to code on in a browser, just not in powershell.

The Fix

Apparently PowerShell version 5 defaults to TLS 1.0. Azure Functions require TLS 1.2. The fix is super simple, just add this in your code on its own line:

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Powershell | The Last $Error and Emailing it

OMG some things in Powershell are just too confusing to be useful. What if you need to see the last error message again. What if you want to write it into your script to email you when the error happens?

Well first, its all in $Error

However, $Error is an array.  To access it really requires notation like this:

$Error[0]

The [0] says give me back the last error. Where [1] would say to give me back the second to last error message.

The Problem….

Ok now here is where it gets “funky”. If you just type $Error[0] you get the entire error message like so: (note I am using an error message from some Lync work I have been doing, the names have been changed to protect well me lol)

Set-CsUser : Management object not found for identity “Jerry.Springer@Contoso.com”.
At C:\Scripts\EnableLyncUsers.ps1:138 char:15
+                 Set-CsUser <<<<  -Identity $user.UserPrincipalName -SipAddress $user.UserPrincipalName
    + CategoryInfo          : NotSpecified: (:) [Set-CsUser], ManagementException
    + FullyQualifiedErrorId : Microsoft.Rtc.Management.AD.ManagementException,Microsoft.Rtc.Management.AD.Cmdlets.S
   etOcsUserCmdlet

BUT…. if you type write-host $Error[0] you get this:

Management object not found for identity “Jerry.Springer@Contoso.com”.

So what gives right??? Why when you use Write-Host OR even better when you try to email $Error[0] do we get the crappy short error message? Well I don’t have the answer BUT I do have a great work around.

The Solution….

[string]$ErrorString = $Error[0].Exception
[string]$ErrorString = $ErrorString + ” `n `n ”
[string]$ErrorString = $ErrorString + $Error[0].InvocationInfo.PositionMessage

(that’s 3 lines BTW)

As far as I can tell the only thing one needs are the short error message and the line, script, and command. To do this use the code above and then simply use Write-Host or email that new $ErrorString variable. If you need other data follow the info below from how I figured this out.

Emailing the Error? Simply use this code (replace stuff inside of < > then remove the < >):

    [string]$ErrorString = $Error[0].Exception
    [string]$ErrorString = $ErrorString + ” `n `n ”
    [string]$ErrorString = $ErrorString + $Error[0].InvocationInfo.PositionMessage

    $SmtpClient = new-object system.net.mail.smtpClient
    $MailMessage = New-Object system.net.mail.mailmessage
    $SmtpClient.Host = “<SMTP IP OR NAME>”
    $mailmessage.from = <from@domain.com>
    $mailmessage.To.add(“email1@domain.com,email2@domain.com”)
    $mailmessage.Subject = “<Subject of Email>”
    $MailMessage.IsBodyHtml = $false
    $mailmessage.Body = $ErrorString
 
    $smtpclient.Send($mailmessage)

How did I figure this out?

First I indexed $Error to get me the first result [0]

Next I used the power of Get-Member

$Error[0] | Get-Member

This dumped out all the properties

TypeName: System.Management.Automation.ErrorRecord

Name                  MemberType     Definition                                                                    
—-                  ———-     ———-                                                                    
Equals                Method         bool Equals(System.Object obj)                                                
GetHashCode           Method         int GetHashCode()                                                             
GetObjectData         Method         System.Void GetObjectData(System.Runtime.Serialization.SerializationInfo inf…
GetType               Method         type GetType()                                                                
ToString              Method         string ToString()                                                             
CategoryInfo          Property       System.Management.Automation.ErrorCategoryInfo CategoryInfo {get;}            
ErrorDetails          Property       System.Management.Automation.ErrorDetails ErrorDetails {get;set;}             
Exception             Property       System.Exception Exception {get;}                                             
FullyQualifiedErrorId Property       System.String FullyQualifiedErrorId {get;}                                    
InvocationInfo        Property       System.Management.Automation.InvocationInfo InvocationInfo {get;}             
PipelineIterationInfo Property       System.Collections.ObjectModel.ReadOnlyCollection`1[[System.Int32, mscorlib,…
TargetObject          Property       System.Object TargetObject {get;}                                             
PSMessageDetails      ScriptProperty System.Object PSMessageDetails {get=& { Set-StrictMode -Version 1; $this.Exc…

All of the properties normally can be accessed like this:

$Error[0].Exception

But if you try to write-host $Error[0].InvocationInfo you get:

System.Management.Automation.InvocationInfo

Well that’s not very useful… the reason for this is there are deeper items in the $Error[0].InvocationInfo tree. So if we go ahead and whip out get-member again on $Error[0].InvocationInfo lets see what we get:

TypeName: System.Management.Automation.InvocationInfo

Name             MemberType Definition                                                                             
—-             ———- ———-                                                                             
Equals           Method     bool Equals(System.Object obj)                                                         
GetHashCode      Method     int GetHashCode()                                                                      
GetType          Method     type GetType()                                                                         
ToString         Method     string ToString()                                                                      
BoundParameters  Property   System.Collections.Generic.Dictionary`2[[System.String, mscorlib, Version=2.0.0.0, Cu…
CommandOrigin    Property   System.Management.Automation.CommandOrigin CommandOrigin {get;}                        
ExpectingInput   Property   System.Boolean ExpectingInput {get;}                                                   
HistoryId        Property   System.Int64 HistoryId {get;}                                                          
InvocationName   Property   System.String InvocationName {get;}                                                    
Line             Property   System.String Line {get;}                                                              
MyCommand        Property   System.Management.Automation.CommandInfo MyCommand {get;}                              
OffsetInLine     Property   System.Int32 OffsetInLine {get;}                                                       
PipelineLength   Property   System.Int32 PipelineLength {get;}                                                     
PipelinePosition Property   System.Int32 PipelinePosition {get;}                                                   
PositionMessage  Property   System.String PositionMessage {get;}                                                   
ScriptLineNumber Property   System.Int32 ScriptLineNumber {get;}                                                   
ScriptName       Property   System.String ScriptName {get;}                                                        
UnboundArguments Property   System.Collections.Generic.List`1[[System.Object, mscorlib, Version=2.0.0.0, Culture=…

Ah… there’s more stuff. Lastly I just needed to figure out what items inside of $Error[0].InvocationInfo I needed. Turns out just one thing. So to write-host it all I needed to do is call:

Write-Host $Error[0].InvocationInfo.PositionMessage

Hope that opens your mind to how more complex objects work in Powershell.

Hey!

Did I help? Make Sense? Something Wrong? Put it in the comments. Love to hear when my write-ups help folks out.

Enjoy

-Eric

SCCM 2012 | Native Windows Update Client Not Working

Hey there, are you deploying the Microsoft System Center 2012 Client to your desktops and then like magic the native Windows Client stops working?

Perhaps you even checked the c:\windows\windowsupdate.log file and found this nugget:

2012-07-12    13:57:53:803     392    1220    Misc    WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab are not trusted: Error 0x800b0001

Well then you had the same problem I did. The way I got it to work for me was by installing this hotfix from MS.

http://support.microsoft.com/kb/2720211

In a nutshell you installed .NET 4.0 and WSUS 3.0 With SP2 (as you were required to) and BAMM! Fail.

Hope it helps, if it does leave a comment, love to know when people are helped.

Fix: The WinRM settings are not configured correctly | SCCM Unified Installer

Microsoft just released SCCM 2012 to VL customers. Very excited to tear into it. However I got stuck right in the beginning of the installer with:

The WinRM settings are not configured correctly

image

Well looking at the logs here:

\Users\<user>\AppData\Local\Microsoft System Center 2012\Unified Installer\LOGS

I discovered:

[4/10/2012 9:20:08 AM] DEBUG – Server: localhost, winrm\client\auth\CredSSP = False

All you need to do to fix this is run the following commands on the computer you are running the installer from:

winrm set winrm/config/client/auth @{CredSSP="True"}

winrm set winrm/config/client @{TrustedHosts="*"}

Also run these commands on the computer you are installing too (if it’s the same box just run all commands)

winrm qc -q
winrm set winrm/config/service/auth @{CredSSP="True"}
winrm set winrm/config/winrs @{AllowRemoteShellAccess="True"}
winrm set winrm/config/winrs @{MaxMemoryPerShellMB="2048"}

That should take care of you. Just in case it doesn’t the old other thing I had done was to add .Net 3.5.1, all RSAT Tools, and IIS from Roles and Features.

Hope it helps. If it does please leave a comment below and let me know this was worth my time posting 😉

DNS Error | The server forwarders cannot be updated.

If you ever get the following message:

The server forwarders cannot be updated.
A zone configuration problem occurred.

image

When setting up conditional forwarders in Windows 2003 R2 DNS Server then more then likely its because the zone already exists as a stub zone.

In my case I tried to add xyz.local and got this error message each time. My first move was to check if there was a xyz.local stub zone and sure enough there was NOT. After some more checking I noticed there was a “local” stub zone.

Make sure to check for the root level as a stub zone, I bet you will find that is your issue.

Hope it helps!

-Eric

Fix: None of your e-mail accounts could send to this recipient.

So I am a huge fan of these odd ball issues. When one of my users called me telling me they couldn’t send a “few” messages to people I told the helpdesk I was going to look into it myself.

They got this NDR back:

“None of your e-mail accounts could send to this recipient.”

image

Now I have never seen that error before, and what really got my interest was there was no x.x.x error code. This lead me to think it was a local issue with the client.

Some Google searching lead me to think it had to do with missing message connectors (like fax, etc..) but this user didn’t have any of that.

Some times it really helps to just talk to the end user. After speaking to her we discovered this only happened when clicking a mailto: hyperlink from a forwarded email down in the thread.

image

When I went back to my desk I noticed that my FROM: tags were not hyperlinked like the ones from my user.

After comparing the differences I finally noticed that she had the SalesForce.com plug-in installed. What it is doing is actually sending outlook a email type of “MAILTO” instead of SMTP.

After pressing ALT+K you can double click the resolved address and see what the email type is. If its set to MAILTO it will not work. You can however press the internet type button and it will change it to SMTP (which will allow it to send).

image

So there is no real solution right now, I am going to check with SF.com enterprise support but I have a feeling they wont do anything about it. After showing the end user what not to do and showing how to correct it she was happy enough with the solution.

If you find the same problem or any other add-on causing this please let me know so I can add it to the list.

UPDATE: Thanks to Andrew down there in the comments Outlook 2007 has been patched by MS: http://support.microsoft.com/kb/2475888/en-us

UPDATE 2: Thanks to Tom, we now know MS is hopefully rolling out a patch for Outlook 2010 sometime this month (fingers crossed).

UPDATE 3: I just saw there might be a fix for 2010 you can test out this hotfix from MS. If it works let me know in the comments: http://support.microsoft.com/kb/2475888/en-us or possibly http://support.microsoft.com/kb/2597052.

Cannot connect to Outlook Anywhere (Outlook 2007 RPC over HTTP)

While am a sure there are a ton of reasons Outlook Anywhere will not work, here are the two huge issues we ran into when getting this working.

1) Wild Card Certificates (special handling)

If you are using a wild card certificate, you will need to run the following connect on whatever CAS server you are using:

Set-OutlookProvider -Identity EXPR -CertPrincipalName msstd:*.contoso.com

You can also check what the current settings are by using:

Note: *.contoso.com is replaced with your wildcard certificate name.

Get-OutlookProvider

by changing that setting it will update autodiscovery to set that into the outlook client configuration as shown here:

For more details about wildcards and Outlook Anywhere go here: http://technet.microsoft.com/en-us/library/cc535023.aspx

2) Issues with IIS and Certificate Settings

Everyone who is trying to get Outlook Anywhere working should triple check that on the root of the IIS site is set to ignore client certificates.

To do that first go to the properties of the IIS website that has your RPC proxy (the root of the website)


Then click the directory Security Tab, and click Edit on Secure communications

Make sure “Ignore Client Certificates” is selected.

You can change all of the sub folders but you must make sure it is set to ignore on the root site.

So there you have it, those were to two issues we had and were able to resolve.

I would like to thank Jason B (one of my Network Administrators) who did the research to discover the second issue.

Fix: BES 5 on SQL 2008 (BAS: “cannot display the webpage”)

Wanted to take a quick second to let everyone know SQL 2008 does work on BlackBerry Enterprise Server 5.0. After spending what could arguably be the greatest waste of one hour of my life on the phone with TSupport they told me it’s not supported. However it does. Since its not officially supported make sure to always tell them you are running SQL 2005 and if for some reason the server breaks you are on your own.

The install was using a remote SQL 2008 cluster (although should work the same for a non-cluster.) The actual install worked fine, DB’s were created and every looked good. NETSTAT –an showed it was listening on 443 but when I went to a browser I would get “Internet Explorer cannot display the webpage”.

I never laugh so hard as when TSupport level 1 told me to click the “Diagnose Connection Problems”. That alone told me I was in for a bumpy ride.

Officially IE8 (Internet Explorer 8 ) is not supported and nether is SQL 2008. This is just another example of RIM not getting it (very common). In fact you think that once got the server running using the migration tools is going to be a snap. Well think again, no IT policy import and export between 4 and 5. Shame on RIM, seriously. Their Java programmers are on another planet. The user migrator isnt bad however.

Make sure to install MR1 right after installing the server (even before its actually working).

So my problem ended up being the SQL settings. Make sure in the BlackBerry Server Configuration you check off “Use dynamic ports”. It will not work hard coded to 1433 even if you have that set on the SQL Server.

One last recommendation, change the LDAP settings to just the domain name. By default it puts a domain controller in there. Only problem, if that DC is not there BES will not be able to query. Assuming your DNS is setup to resolve FQDN to your DC’s then change the LDAP from server.domain.ext to domain.ext as shown in this example. Always make sure to click verify.

*** UPDATE **** Installing the Native SQL Server Client 10.0 also seemed to help. Had problems with Office Communication Server 2007 intergration that was fixed by installing the client. Also make sure you are running the 2.1.19 (for 4.6 OS and lower) and 2.2.21 (for 4.7 OS and greater).

Fix: “The current SKU is invalid” when adding second node to SQL 2008 Cluster

Quick post, was building a SQL 2008 Active / Passive cluster today on Windows 2003 x64 and got stuck when adding the second node.

Turns out to be a bug in the install media. Microsoft has a hotfix posted but that doesn’t seem to work correctly.

Got the correct fix from here:

http://forums.techarena.in/server-cluster/1032365.htm

The Workaround:

In the install media folder under \x64 find the DefaultSetup.ini file.

Just comment out the key (while you’re in the file copy the key) and put the key in during the installation.

Worked perfectly.