Microsoft LAPS doesn’t show the password

Situation: The client has deployed Microsoft LAPS. However some of computers don’t show the administrator password when checking local administrator under User’s Property>Attribute Editor.

Troubleshooting 1: Run gpdaute /force or restart the computer to apply the GPO.

Troubleshooting2: The local administrator account is disabled. Enable it.

Troubleshooting 3: GPO can’t install the LAPS software as showing gpupdate /R:

Computer Policy update has completed successfully.

The following warnings were encountered during computer policy processing:

The Group Policy Client Side Extension Software Installation was unable to apply one or more settings because the changes must be processed before system startup or user logon. The system will wait for Group Policy processing to finish completely before the next startup or logon for this user, and this may result in slow startup and boot performance.
User Policy update has completed successfully.

For more detailed information, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

Certain Computer policies are enabled that can only run during startup.

OK to restart? (Y/N)

If the gpupdate /force doesn’t install LAPS, please install it manually.

Outlook Search doesn’t show some emails

Summary of resolution:

-Toggled the cached exchange mode

-checked on outlook web – all good / sent items are there

-Look up the lost messages in the outlook all file – no go

-Search tool = Indexing –  no go

-Choose location to search = good

-Created registry dword value = SaveSent =

-Clear the outlook profile – no go

-Run dsregcmd /forcerecovery

 

-Please create a new windows profile.

-Run the Outlook and Sync the emails from cloud.

-Export the PST file and Import it to the original windows profile.

 

-Go to  the Registry edit HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Windows Search > New DWORD (32-Bit) “PreventIndexingOutlook”> Edit the DWORD and set the value to “1”. The search function works

-unchecked the option of “Improve search speed by limiting the number of results shown” from File > option > Search in Outlook

-close outlook and go to Windows search and run outlook.exe /resetnavpane

-Restart Windows Search in task manager.

Outlook issues because of out of spaces

Situation: The client reports his Outlook is low and can’t search.

Troubleshooting: We find the computer C drive has only 2GB free spaces. After free more spaces on C drive, it is low again in one or two days. Finally, we find the user has 3 email profiles and use a lot of spaces. you can check the email file from C:\Users\username\AppData\Local\Microsoft\Outlook.

Cleaning old email files fixes the problem.

Adobe Acrobat V9.0 doesn’t work after installing a free version of Acrobat DC reader

Situation: When a user tries to install a free version of Acrobat DC reader, it asks him to uninstall Old Adobe Acrobat V9.0.

Resolution: in Adobe, I went to Edit> Preference> Page Display> Rendering> Smooth Text> Drop down was set to never and I changed it to Monitor. click okay and the issues is resolved

 

Local Administrator password generated by LAPS doesn’t work

Situation: After configuring LAPS, the client finds some computers’ local administrator password generated by LAPS doesn’t work. They have multiple IT people to try it. LAPS UI and Get-AdmPwdPassword -ComputerName pco1 shows the same password. But the PC doesn’t take it. They also run gpupdate /force on the PC.

197504-image.png

Troubleshooting: we find the problem. Some apps and services use administrator account with original password to login. That locked the administrator account.

After deploying LAPS, some computers getting Event ID: 7, 101 and 103

Situation: The client just configured Microsoft Local Administrator Password Solution in their domain environment. After that, some computers getting thee errors:

Event ID: 7

The computer does not have the necessary permission to write the local administrator password to its object in Active Directory.  Please submit an AD Request to have permissions set on your Department OU.

Event ID: 101

The assignment of application Local Administrator Password Solution from policy LAPS GPO failed.  The error was : %%1274

Event ID: 103

The removal of the assignment of application Local Administrator Password Solution from policy LAPS GPO failed.  The error was : %%2

Event ID: 108

Failed to apply changes to software installation settings.  The installation of software deployed through Group Policy for this user has been delayed until the next logon because the changes must be applied before the user logon.  The error was : %%1274

Troubleshooting: 1. It doesn’t has LAPS UI.

2. We find the LAPS is not installed correctly. LAPS folder under C:\Program Files doesn’t shows AdmPwd.UI.

3. LAPS UI on Manage Computer doesn’t show the computer local administrator’s password.

Troubleshooting: They didn’t move computers into LAPS OU so that failed to apply changes to software installation settings. Move the computers into the LAPS OU and Re-install LASP UI.

 

 

Fixing Event ID 12294: The SAM database was unable to lockout the account of Administrator due to a resource error

Situation: After configuring LAPS, the client gets this Event 12294: The SAM database was unable to lockout the account of Administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

Troubleshooting:

Error ID 12294 means there are numerous failure authentication events in security log due to incorrect credentials or could be a virus issue.

As you have changed the built-in domain Administrator password then ensure that the credentials are updated everywhere. e.g. for service account, IIS application pool, account tied to a scheduled task,  virtual machine, mapped drice, etc…

If you have already verified the the old Administrator credentials are updatetd everywhere then the reason for event 12294 is worm virus and you need to full virus scan and Malicious Software Removal tool Virus to remove the Win32/Conficker malware family.

Event ID: 12294 Woes
http://blogs.technet.com/b/mempson/archive/2012/01/13/event-id-12294-woes.aspx

Malicious Software Removal tool Virus to remove the Win32/Conficker malware family.
http://support.microsoft.com/kb/962007