Author: Bob Lin

One of our SQL server running on Windows 2008 R2 keeps having a problem recently. Every morning around 9 AM, the users can’t access the database and we can’t login to the SQL Server. After 10 to 15 minutes, everything is normal.

1. The backup completed around 5 AM.

2. No scheduled task running at that time.

3. The only errors message in Event Viewer is related to Software Protection service:

Log Name:      System
Source:        Service Control Manager
Date:          6/8/2018 8:45:50 AM
Event ID:      7000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SQLserver03
Description:
The Software Protection service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Log Name:      System
Source:        Service Control Manager
Date:          6/8/2018 8:45:49 AM
Event ID:      7009
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SQLserver03
Description:
A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

Log Name:      System
Source:        Service Control Manager
Date:          6/8/2018 8:39:19 AM
Event ID:      7011
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SQLserver03
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SQLWriter service.

Any suggestion how to troubleshoot this issue?

I deployed WSUS this morning. In the ADUC, I created a new OU, HSA in our case, and move two test computers into the OU.

In Group Policy Management, I enabled Windows Update as shown.

In WSUS Console, make sure Use Group Policy is enabled. I also created computer group name HSA. I also run gpupdate /force. It has been  over 4 hours, I don’t see any computers in WSUS.

How can we fix the problem.

Situation: the client followed all the steps in using admt 3.2 to migrate users and passwords but for some reason he was stuck on the Password Options Migrate passwords screen in ADMT with this message”Unable to establish a session with the password export server. The local machine does not have an encryption key for source domain ‘SERVER2012’. Please install a local encryption key. See the ADMT help for information on password migration.”

Quoted from online:

A new PES key was generated under the credentials of my TargetDomain migration account, and PES service was reinstalled on PDC.SourceDomain – – no improvement.

Contrary to the MS ADMT3.2 documentation [p65] we changed the PES service account credentials from Targetdomain\PES_account  to  SourceDomain\Mig

I can now successfully perform password migration within ADMT3.2 User Migration… using either  Targetdomain\PES_account  or  SourceDomain\Mig  as the account running ADMT on ADMT platform [GC-DC.TargetDomain.TargetForest.local]

The only outstanding question is WHY ?

– Why is the MS documentation not tallying with experience ?

– why has no one else explicitly blogged / newsgrouped this config ?

Ah well – running PES under a Source admin acocunt seems to work.

You may want to try Active Directory Migration Tool version 3.2. Please check this link:

https://www.microsoft.com/en-us/download/details.aspx?id=56570

https://www.microsoft.com/en-us/download/details.aspx?id=1838

Q: We are running Windows 2012 R2. Can we do in-place upgrade Windows 2019?

A: Microsoft engineer said: “We have been working hard improving the in-place upgrade experience in Windows Server 2019.  Yes, you are able to do an in-place upgrade of either Windows 2012 R2 or 2016 to Windows Server 2019”.

To save multiple pictures, say more than 9, please follow these steps:

1. Tap one of picture for seconds, and then select More.

2. Select pictures, and tap the envelope icon.

3. You will have these options: shared with an email, save to cloud such as OneDrive and Google drive.

Right click on one of User Preset, then select Show in Explorer.

Or open the Preset folder by going c:\Users\%username%\AppData\Roaming\Adobe\Lightroom\Develop Preset\User Preset.

Here you can delete or change the preset file name.

Situation: the client created DHCP for VoIP 192.168.20.0/24 on the Windows server.

On the Cisco SG300, he also configured DHCP Relay for VoIP VLAN. command: ip dhcp relay address 192.168.20.0, ip dhcp relay enable.

However, phone devices on VoIP VLAN don’t receive the IP addresses from the DHCP.

Troubleshooting: on «DHCP Relay Server Table» you need to add the Windows Server IP Address and then, on DHCP> Interface Settings you need to add the VLAN where you want to apply the relay.

Situation: The client create two VLAN, VLAN 1 (192.168.16.0/24) for data and VLAN 30 (192.168.20.0/240 for VoIP. They  would like the VoIP access to the Internet and VLAN 1 can 1. Add VLAN 30 network to the Address Objects in SonicWALL by going to Network>Address Objects. Enter VLAN30 as Name, select LAN as Zone Assignment, Type=Network, Network=192.168.20.0, Netmask 255.255.255.0.

2. Address Objects in SonicWALL by going to Network>Address Objects. access VLAN 30. Enter Name (TopSW2 in our example), Zone Assignment (LAN=VLAN 1), Type (host, don’t put network here because this is for routing), IP address (192.168.16.64 which is VLAN 1  IP address for the switch. Don’t put VLAN 30 IP address here, otherwise the router doesn’t know to route the traffics).

3. Click Routing under network.

4. Click Add under Route Policies. Enter or select these info: Source=Any, Destination=VALN30, Service=Any, Gateway=TpSW2 (which we added above), Interface=X0 (which SonicWALL connecting to VLAN 1).

5. Click OK to save the configuration.

6. Test it.

You need to enable Desktop Experience. Please follow this post for step by step details:

http://www.chicagotech.net/WordPress/2018/07/30/how-to-enable-de…-windows-2012-r2/