Deleting Folders or Files

I recently ran into an error with a client’s off-site backup using Cloudberry to Backblaze B2 that simply said: file name segment must be no more than 250 bytes

Nice, right? Digging into the logs, I found that it was erroring out on an amazingly long .JS file a user had copied over with a bunch of personal files.

Enter SuperDelete on Github. Download it from the release page or compile it yourself, move it to the problem folder and let it do its magic. Simply run the executable (no installation necessary!) and name the file in question and you’re golden!

Using ProcessExplorer Integration with VirusTotal

1. Download Process Explorer from its homepage here: Process Explorer

2. Extract the ZIP file contents to a folder of your choosing. If you don’t have a 3rd party Zip program (I recommend 7-Zip!) you can use Windows’ built-in one: right click the Zip file and select “Extract all…”

3. Double-click the file procexp.exe

4. Enable “Check VirusTotal.com”

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-enable-vt.png

The new column VirusTotal will be added automatically, and initially show “Hash submitted…”. After a few seconds it will show the results

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-vt-standard.png

5. Processes that are running as System and not as a standard user won’t show a VirusTotal result until Process Explorer is restarted with elevated permissions

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-admin-launch.png

You may see a UAC prompt here… click Yes. After a few seconds, we will see the VirusTotal result for every process:

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-admin.png

A VirusTotal result of 0/55 means that 55 anti-virus products have checked the file and that non of them have detected anything awry!

Click the result/link to open the detailed report in a web browser. There you’ll find when the scan was done and other useful information like what anti-virus products detected anything and what type of possible infection/malware.

Example of a VirusTotal detection:

Process Explorer + VirusTotal (to check all processes with 50+ AV's)

   Note If only one AV detected something chances are that it’s a “false positive” (wrongly detected) and that the file is clean. Click the VirusTotal link to get more details about it. 6. If you have processes that show “Unknown” in the VirusTotal column, it means that specific file and version has never been uploaded to VirusTotal. To automatically upload these files to VirusTotal select this option:

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-submit-unknown.png

7. To submit a file to VirusTotal manually, any file (not only “Unknown” ones), which means to upload and re-scan the file, double click a process, go to the Image tab and click the button below named “Submit”

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-submit-one.png

You can then exit the Properties window and wait until you see a result in the VirusTotal column for that process. It’ll take a few minutes.
8. You can also do a VirusTotal check for all the DLL files a process uses. Select a process and press Ctrl+L to toggle the lower pane. It will submit the file hashes to VirusTotal and show the result after a few seconds:

Process Explorer + VirusTotal (to check all processes with 50+ AV's)-pe-lower-pane.png

If you find more than one suspicious process and want to terminate them, it’s recommended by Mark Russinovich, the father of Process Explorer, to first suspend (via right click menu) them. As the vast majority of malware infections include multiple processes that can easily restart each other when a single one is killed, suspending first is a much safer way.

Acronis Backup Failure and Warning Due to Addon

Recently encountered this one with Acronis Backup and Recovery 11.7. Backups were failing and throwing warnings saying

Failed to load addon: ArsAgentProvider.dll

Message: Cannot load the dynamic library

Event code: 0x00C10001+0x00000001+0x0000FFF0+0x8007007E

Code: 12,648,449(0xC10001)

 

After a good bit of troubleshooting and searching, I found this article that says it applies to 11.5, but works for 11.7. Download the DLL file and throw it into your Acronis directory. The file was COMPLETELY gone from my directory, even after running a repair install.

The next backup I kicked off went through 100% successfully.

ESXI iSCSI Connection or NAS Showing As Normal / Degraded

I ran into this issue at a client where we were forced to use an iSCSI connection for their backup. After upgrading to ESXI v6, the connection started showing as Normal / Degraded.

After doing a number of troubleshooting items, I found an obscure forum post where it was claimed that ESXI will flag it as degraded if there is only one connection (ie. the connection is not redundent).

I ended up un-bonding my NAS’s two NICs, added the “new” second NIC as a target for ESXI, rescanned the storage devices on ESXI, and voila… my degradation was resolved!

Enable DNS Request Logging for Windows Servers

I am in the process of decommissioning several DNS and Active Directory servers and wanted to make sure there were no undocumented devices on the LAN that were statically set to use one of the soon-to-be-decommissioned DNS servers. I figured the best way to do this would be to record all requests for DNS from the specific servers and it is fairly straight forward to do.
1. Open the Domain Name System Microsoft Management Console (DNS MMC) snap-in by going to Start, Programs, Administrative Tools, and then DNS Manager
2. From the DNS Server, right-click the server and select Properties

3. The Properties pop-window will appear on your screen.
4. Select the Debug Logging tab and the Log packets debugging check box, respectively.
5. Ensure that the Incoming, UDP, Queries/Transfers, and Request check boxes are selected.

To ensure that the server’s drive does not exceed capacity, make sure you set an appropriate file size limit!

6. Click the OK button.

That is it! Your text file will start logging items for you. This will work on:

  • Windows Server 2003
  • Windows Server 2003 R2
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Fixing Server Error in ‘/owa’ Application Error

Ran into this one today… and it is  nothing you want to see happen on an Exchange server! I was re-assigning services to a new SSL certificate when I started getting this error. After doing some searching, I found the easy fix from Microsoft. Under Server Config > Client Access, you can click Reset Virtual Directories on the far right. From there, you can choose which directories to rebuild (OWA, Autodiscover, etc.) Doing that fixed my issue for OWA!

 

 

More info can be found in Microsoft’s Technet Article: https://technet.microsoft.com/en-us/library/ff629372(v=exchg.141).aspx

Remote Desktop Gateway server is temporarily unavailable

I am currently building a Remote Desktop Server paired with a Remote Desktop Gateway and I ran into this error:

“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable.”

After troubleshooting a bit, I found that the error occurs if you have multiple sites binded in IIS to your Port 443. Make sure you have ONE site binded to 443 and you’ll be good to go!

Easily Enable Active Directory Recycle Bin in Windows Server 2012 R2

I recently enabled Azure Active Directory (AD) Connect and wanted to turn this feature on. After doing some reading, I found a simple way to enable the AD Recycle Bin.

  1. In the management console, go to ToolsActive Directory Administrative Center
  2. Select Local Domain and in the Tasks Pane
  3. Select Enable Recycle Bin.
  4. Click OK

    NOTE: Be aware this feature cannot be disabled.

  5. Click OK.  Once enabled, wait for AD replication to complete as this is a change made on the configuration partition. This process may take a while should your organization have a large active directory infrastructure.

A very simple enablement of a process that could save you hours of restore time.  Again, this process cannot be reversed once invoked.

Empty the Recycle Bin for All Users with Powershell

On a new client’s server, I ran into an issue where a drive was running low on space and I found that another user account on the server (which had been deleted) had files in the Recycle Bin!

Thankfully, I found this Powershell command which worked to delete the files. All you have to do is open a Powershell console as admin and run the following command:

Get-ChildItem “C:`$Recycle.bin\” -Force | Remove-Item -Recurse -force

You can append -Whatif to do a test run and see what files will be deleted before actually deleting them.