Situation: After configuring LAPS, the client finds some computers’ local administrator password generated by LAPS doesn’t work. They have multiple IT people to try it. LAPS UI and Get-AdmPwdPassword -ComputerName pco1 shows the same password. But the PC doesn’t take it. They also run gpupdate /force on the PC.
Troubleshooting: we find the problem. Some apps and services use administrator account with original password to login. That locked the administrator account.
Situation: The client just configured Microsoft Local Administrator Password Solution in their domain environment. After that, some computers getting thee errors:
Event ID: 7
The computer does not have the necessary permission to write the local administrator password to its object in Active Directory. Please submit an AD Request to have permissions set on your Department OU.
Event ID: 101
The assignment of application Local Administrator Password Solution from policy LAPS GPO failed. The error was : %%1274
Event ID: 103
The removal of the assignment of application Local Administrator Password Solution from policy LAPS GPO failed. The error was : %%2
Event ID: 108
Failed to apply changes to software installation settings. The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon. The error was : %%1274
Troubleshooting: 1. It doesn’t has LAPS UI.
2. We find the LAPS is not installed correctly. LAPS folder under C:\Program Files doesn’t shows AdmPwd.UI.
3. LAPS UI on Manage Computer doesn’t show the computer local administrator’s password.
Troubleshooting: They didn’t move computers into LAPS OU so that failed to apply changes to software installation settings. Move the computers into the LAPS OU and Re-install LASP UI.
Situation: After configuring LAPS, the client gets this Event 12294: The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.
Troubleshooting:
Error ID 12294 means there are numerous failure authentication events in security log due to incorrect credentials or could be a virus issue.
As you have changed the built-in domain Administrator password then ensure that the credentials are updated everywhere. e.g. for service account, IIS application pool, account tied to a scheduled task, virtual machine, mapped drice, etc…
If you have already verified the the old Administrator credentials are updatetd everywhere then the reason for event 12294 is worm virus and you need to full virus scan and Malicious Software Removal tool Virus to remove the Win32/Conficker malware family.
Resolution 4: It could be add-ins issue. Go to Outlook add-in Adobe Send & Track for Microsoft Outlook – Acrobat. Disabling it.
Resolution 5: Enable Exchange cached mode.
Resolution 6: That happens because you may have a large email size so that you must wait a moment for the sync completed.
Resolution 7: This seems to be a problem only with IMAP accounts.
I fixed my problem on the IMAP account (which, ahem, started after a Microsoft update) by using Outlook’s “repair” tool:
– In Outlook, right click on the mailbox in the left-side navigation bar.
– Choose “Account Properties.”
– In a blue toolbar about 1/3 of the way down the window, “Repair” is one of the choices.
– Click Repair. It only took about 5 seconds.
If you move the emails and receive this popup,
Open Outlook > File > Options > Mail > Under Conversation Clean up, Uncheck When a reply modifies a message, don’t move the original > Restart Outlook (it is is already unchecked, check it Restart Outlook, Uncheck it and Restart Outlook)
2. If above doesn’t work, uncheck all options under Conversation Clean Up
3. Account Settings > Open your account > More settings > Under Advanced tab, put INBOX in Root Folder Path. (If your all folders disappear, simply remove INBOX from here). Note: Do NOT use option # 3 above. With an IMAP account this will empty an entire folder! Really, REALLY dumb suggestion that cost me a ton of data!
4. Select Cleaned up items will go to this folder.
This is a known issue with IMAP accounts. The change (read state) needs to sync with the server before you can move it, which only takes a split second, but outlook keeps a hold on the message until you switch messages.
Situation: The client uses Veeam backup to back up their Hyper-v VMs. The backup doesn’t work and rescan Backup Repositories takes forever.
Troubleshooting: We find the client just configured Microsoft Local AdministratorPassword Solution (LAPS). All local and domain administrators’ passwords have been managed by LAPS. So, administrator save in the Veeam don’t work. There are some places need to check the credentials.
Login Veeam Backup and Replication
Click on Backup Infrastructure
Right-Click on Host
4. Select Properties
5. Navigate to Credentials.
6. Edit credentials
If you have multiple Backup Repositories, check them by going to Property.
Situation: When starting or restarting a Windows service, you may receive this message: This user can’t sign in because this account is currently disabled.
Troubleshooting: In most cases, the Logon account password is expired or disable.
Situation: The client uses Veeam backup to back up their Hyper-v VMs. The backup doesn’t work on multiple Hyper-V hosts. Source host requires Veeam integration components to be upgraded.
Troubleshooting: We find the client just configured Microsoft Local Administrator Password Solution (LAPS). All local and domain administrators’ passwords have been managed by LAPS. So, administrator save in the Veeam don’t work. There are some places need to check the credentials.
Login Veeam Backup and Replication
Click on Backup Infrastructure
Right-Click on Host
4. Select Properties
5. Navigate to Credentials.
6. Edit credentials
If you have multiple Backup Repositories, check them by going to Property.
Situation: The client has a general accounting email address. Accounting mailbox doesn’t show any emails. Message trace shows the status of all emails is Resolved.
Troubleshooting: 1. If status shows Resolved, it could be the email address could be forwarded to someone else. By the way, If the mailbox receives emails, trace message should show Delivered.