Deploy VPN connection remotely

Here’s what I’ve developed to push a VPN client connection within Windows networking to remote PCs. One flaw is that this is user-based; I’m not sure if it could be applied to all users.

  1. Create a VPN connection with your desired settings on a template workstation
  2. Navigate to %appdata%\Microsoft\Network\Connections\Pbk
  3. Copy “rasphone.pbk” to a central source
  4. Either distribute that .pbk file directly to users to double-click on, or drop it into the same folder on their profile as it was originally retrieved from.

This .pbk file doesn’t store user credentials, so you will need to inform your user of those in advance.

Skype for Business contact wrong name

I recently solved an odd issue with Skype for Business and an apparent duplicate contact name.

For a single user, when they searched and made a favorite of Employee A, the display name and contact card would appear as Employee B.

At first I thought this was related to Employee A being on temporary layoff and returning, in which time we had assigned that email address to Employee B. However this turned out to be a red herring.

Next I tried to clear the Skype contact cache, based on a Microsoft KB article: https://support.microsoft.com/en-ca/kb/2435699

This didn’t solve the issue either.

I finally solved this by looking within the personal Contacts of this user’s Outlook mailbox. They had a contact for Employee A which contained a bunch of info for Employee B; I presume this was manually created during the layoff period.

Skype for Business was modifying it’s display of the contact based on the personal contact found in the mailbox, rather than strictly what was in the Global Address List.

I deleted that personal contact, restarted Skype, and Employee A once again appeared as himself.

Visio alternative for network documentation

I’ve been attempting to put effort towards network documentation at work, with the intention of accurate maps for LAN and WAN connectivity.
Microsoft Visio is the first product that comes to mind for this purpose, however it comes with a licensing cost. Here are two alternatives I’ve used:

yED

http://www.yworks.com/products/yed

Right now this is my product of choice; it is fully featured with no limitations, comes with a large amount of icons and shapes for use, and has the ability to import many more.

Using it is very intuitive and quick to pick up.

LucidChart

https://www.lucidchart.com

This web service produces very nice looking drawings, with an easy to use interface and great organization of drawings. It comes with icons and shapes from some of the big brands like AWS and Cisco.

The only reason I moved on from this is that the free tier only allows a specific number of drawings, with a small number of objects each. This limitation proved too great to continue using.

Account Currently Disabled

I encountered and resolved a very strange issue tonight, regarding a locked out account.

Using group policy, I have a bunch of deployment scripts that run at Shutdown. For a select group of computers, these scripts didn’t appear to be running.

My first thought was that the computer account was disconnected from the domain, but all indications appeared that this was not the issue.

I was able to connect to a problem computer with PSexec, and did so with the -S switch as our shutdown scripts run as the SYSTEM account (or NETWORK SERVICE when accessing the file server).

When I ran the command in my script manually, I received this error:

Logon Failure: Account Currently Disabled

This was really strange; everything about the accounts in use were active, and definitely not locked out.

When I modified the command to not use network resources, it succeeded. I looked into the Security event log, and noticed an event saying “A logon was attempted using explicit credentials.”

In this event, it also referenced an old account name and computer name from a legacy Active Directory domain, which was previously migrated from.

This triggered a realization, and my next place to look was the Credential Manager.

Sure enough, I ran the following command on the remote computer:

cmdkey /list

and saw an entry for my DFS path (Target: domain.ca) with credentials referencing the original non-migrated computer name and account which no longer exists! Somehow this must have stuck around for quite some time.

I ran a delete command for that credential:

cmdkey /delete:domain.ca

And now it’s working properly! Next step, stick this command into Group Policy so that it fixes any other machines having the problem.

 

Error 5120 – CSV Paused State

Since implementing CommVault Simpana, I have been receiving almost daily warnings of the following error (Event ID 5120) in my System log:

Cluster Shared Volume 'CSV2' ('CSV2') has entered a paused state because of '(c0000435)'. All I/O will temporarily be queued until a path to the volume is reestablished.

After some thorough investigation resolved a bunch of issues with cluster communication, this error continued to appear.

I was finally able to resolve this from happening by unregistering the EqualLogic VSS Hardware Provider, using this command:

"C:\Program Files\EqualLogic\bin\eqlvss" /unregserver

The strange thing is, I had specifically set CommVault to use the CSV Shadow Copy Provider, with the setting “VSSProviders” on my clients. Despite this, there must have still been some VSS ties to the EQL provider.