March 21 Microsoft update patches

Well we already know that March was really black for Microsoft updates. I just want to mention few of them:

  • Exchange had remote code execution and a lot of organizations were hacked. Patch is already available. Look here for more info. Microsoft timeline is interesting on this exploit and is publicly available here or maybe take a look of the date of this post.
  • Windows DNS servers had also remote code execution vulnerability and also here are patches already available 
  • Windows 10 had blue screen when trying to print on some printers

The latest one was les critical for system administrators, but when you ask helpdesk, they had a lot of work and they uninstall the latest update KB5000802. Anyway, this is a security update and it should not to be best practice to uninstall the latest update (but there is no other way). At the same time, if you want not to have the same problem the day after, you had to defer windows update in time – what is not a recommended way. From today, there is a patch also for the latest mistake. It is available on this link. Please install it and turn your updating process back on.

Did you close CMD window on Server core?

Yes, in some cases this can be a problem. As is true, that if you are connected in remote to a computer, you can just press CTRL + ALT + END and start a new window in Task Manager, this becomes more difficult if you are remote connected in remote session. In This case this shortcut will not work.
Well, the problem is pretty easy to solve:
Run PowerShell as Administrator on some other computer and find the session ID with command:
QUSER /Server:ServerName
You will see all active connections and here you will find also a SessionID for the connection that you want to kill.
Now you know your SessionID and finaly you can kill the connection. This can be done in two ways:
– As command in CMD: logoff Your_SessionID /server:ServerName
– In PowerShell: Invoke-RDUserLogoff -HostServer ServerName -UnifiedSessionId SessionID
Well, now you lose your session and if you will connect to that server, you will have a new session with your CMD window opened.

Windows Server 2019 Activation Error

Activation ErrorIf someone has a problem with activation of Windows server 2019 Standard Evaluation edition, maybe I can help someone with my post.
When I tried to activate the server, I received the error code 0xC004F069. Searching for this code on internet, I received many explanations like problems with KMS server, not accessible thru internet and so one. Of course, no one of this errors was the right error and I had to do my research.
The problem in this case is Evaluation edition and you have to solve this issue as first. To do this you have to change the scope of server using DISM command:
DISM /online /set-edition:serverstandard /productkey: N69G4-B89J2-4G8F4-WWYCC-J464C /accepteula – this key is GVLK Key!
This example is for Standard edition. Be aware that as product key you must use GVLK Keys!
If you need to know to which edition you can change, use the command
Dism /Online /Get-TargetEditions before you specify eddition in previous command
After this (you will see a progress bar with installation) you need to reboot the server. When the server will come back, you can activate it with your key:
Slmgr -ipk:YOUR-KEY
Slmgr -ato
Hope that I helped someone. Let me know.

RDWeb client error: »An unexpected server authentication certificate was received from remote PC«

If you are using HTML5 web site for remote apps and you have to change a certificate, you may expect some problems.
This technology is pretty new and there are not so many posts on internet, so troubleshooting could be difficult. In addition, you have more technologies and this means more problems.
I adopted HTML5 long time ago and everything worked fine for a long time. I have to say, that it was better that I expected. But now I have to change the certificate. Well, this is not a complicated job… or it is? The answer is yes, it is.
I have changed my certificate as usual, form server manager. I tried to connect to website and everything was OK. Then I tried to launch an application and I got this error:

RDP HTML5 Connection error
Wow, what to do now?! I remember that when I setup web client framework, I had to run PowerShell cmdlet to register the certificate. So, if I had changed the certificate, I have to register a new one – rerun PowerShell cmdlet —— .
This apparently didn’t solve my issue because from my computer it seems the situation haven’t change. But then a customer tried to work from a new computer and it worked! Why???
The reason was in cookies and cache files on the computer browser! Yes, you have to delete all cookies and cache files and (at least in my case) the webpage will work again.

RDP HTML5 Firefox setting RDP HTML5 Edge setting

Reset local domain/Administrator password on Server (2016) 2019

In past I already wrote about resetting Administrator password in this post. That was perfect for Windows 10 (till 1903) and Servers 2012 and 2016. Probably Microsoft was not really satisfied that users were able to “recover” lost passwords in such an easy way (this is my opinion). It is OK if these steps are used to reset your lost password, but not if you use them to reset a password from a stolen computer.

I think that this is the reason that you cannot rename cmd.exe in other executables and run it before you log in – for example to change the password. It makes sense, it is perfect for me as it is more secure. But someone forgot something: it is not a requirement to open CMD to use NET USER command, you can do it from PowerShell as well – and it’s working also in Server 2019!

Here are the steps (they are very similar as previous steps):

  1. Boot from DVD – you need to access to Windows system drive offline – installation DVD has all tools that you need.
  2. From menu select Repair your computer. This will give you the ability to change some files.
  3. In the next menu select Troubleshot.
  4. Select Command prompt. This is what we need – we want to modify some files.
  5. Now you need to replace the file:
    1. Go to C: (supposing that C: is your system drive)
    2. Type cd \Windows\System32 – to enter into the folder
    3. Type ren osk.exe osk.old – be smart, you need to preserve the original file and put it back at the end of the process! If you don’t replace it again it means that you leave open a surface attack!!!
    4. Replace the file with a copy C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe osk.exe
  6. Reboot the server in normal mode.
  7. From the logon screen choose Onscreen keyboard (as in picture).
  8. PowerShell window will be opened – and you are a local system user!!! You can do a lot of things.
  9. Change the password with command Net user Administrator Password – where Administrator is the username of local or domain administrator and Password is the password that you want to set.
  10. Login to server with the new password – just to test that it is working.
  11. Reboot the server and redo all the steps from 1 to 5, but in the way to put back all things in the original state. You need to replace original onscreen keyboard:
    1. Go to C:
    2. Type cd \Windows\System32
    3. Type del osk.exe
    4. Replace a file with ren osk.old osk.exe
  12. Reboot the server.

That’s all. I recommend you to disconnect the server from the internet in the time you are doing these steps. In the same way you can access to the PowerShell window, it can be accessed by anyone who can see logon screen!