In this post, I describe how to get the last logon date for computers in Active Directory using PowerShell. Get last logon date for a single computer To retrieve the last logon date for a single computer, specified by name, use the following PowerShell cmdlet: Get-ADComputer -Identity %COMPUTERNAME% -Properties LastLogonDate | FT Name, LastLogonDate Get last logon date for all computers To retrieve the last logon date for all computers in a domain, use the following PowerShell cmdlet: Get-ADComputer -Filter * -Properties LastLogonDate  | FT Name, LastLogonDate Related Post -  Test WMI Query with PowerShell

This post describes how to fix the error: The WinRM client cannot process the request. The authentication mechanism requested by the client is not supported by the server or unencrypted traffic is disabled in the service configuration. Verify the unencrypted traffic setting in the service configuration or specify one of the authentication mechanisms supported by the server. Cause This error can occur when you try to connect to a machine using PowerShell Remoting and the authentication mechanism specified is disabled in the WinRM configuration of that machine. You can check the WinRM authentication settings by running the following command on the machine you are trying to connect to: winrm get winrm/config/service/auth Resolution To resolve the issue, enable the authentication mechanism you are trying to connect with. In my case, the 'Dis

This post describes how to fix the error PackageManagement\Install-Package : No match was found for the specified search criteria and module name 'AzureRM', 'nuget', 'azuread', 'msonline', 'vmware.powercli', sqlserver' and more. Cause This error can occur when trying to install packages/modules if the account being used does not have any repositories configured.  You can check this by running: Get-PSRepository Note: I had to install PowerShell v5 from Windows Management Framework 5 (WMF 5) for Get-PSRepository to work.  Please read this post if PowerShell does not open on Windows Server 2008 R2  after installing WMF 5. Resolution If the PowerShell Gallery (PSGallery) repository is not installed, either logon as another user who has this repository installed, or restore it by running (ensure you have an internet connection): Register-PSRepository -Default If this fails, please see my other post  No match was f

I recently discovered this page which contains the syndicated content for this blog powered by Feedburner  http://feeds2.feedburner.com/HowardSimpsonsBlog?format=XML . Just thought I'd post it here for those that are interested.

This post describes how to fix the error: The client cannot connect to the destination specified in the request. Verify that the service on the desination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM. If the destination is the WinRM service, run the following command on the destination to analyze and configure the WinRM service: "winrm quickconfig". For more information, see the about_Remote_Troubleshooting Help topic. Cause This error can occur when you try to connect to a machine using PowerShell remoting.  There are a few potential causes: - PowerShell remoting is not enabled. - The Windows Remote Management (WS-Management) service is stopped. - The WinRM firewall exception is not enabled - The LocalAccountTokenFilterPolicy has not been configured to grant administrative rights remotely to local users Resolution - Open PowerShell as an admin

In this post, I describe a quick way to test a WMI connection with a query run using PowerShell.  This can be done from both local and remote machines. Local Machine Open PowerShell and run the following example command: Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem" You can replace the query parameter value with other WMI queries. Remote Machine To test a WMI connection to a remote machine, open PowerShell and run the following example command, replacing the ComputerName parameter value with the appropriate machine name: Get-WmiObject -query "SELECT * FROM Win32_OperatingSystem -ComputerName MachineName wbemtest You can also test WMI by running wbemtest (Start > Run > wbemtest). Press the Connect button, then the Connect button again, then the Query button: Paste SELECT * FROM Win32_OperatingSystem into the Enter Query textbox, then press the Apply button to see the Query Result : This can also be used to test WMI on remote

This post describes how to fix the error for web applications in IIS: HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers. Cause This error can occur when you attempt to access an IIS web application and the Windows Authentication settings in IIS have been incorrectly configured. Resolution To resolve the issue, browse to the web application in IIS, go to Authentication and ensure Windows Authentication is enabled: Next, with 'Windows Authentication' selected, press 'Providers...' in the right hand Actions pane, then check that both 'Negotiate' and 'NTLM' are present:

This post describes one way to fix the issue when PowerShell does not open on Windows Server 2008 R2. Issue On Windows Server 2008 R2, after installing WMF 5.0, PowerShell does not open. Pressing the shortcut results in the PowerShell window briefly displaying then immediately disappearing. If you try to run PowerShell from a command prompt, you will see the error "The type initializer for 'System.Management.Automation.Tracing.PSEtwLog' threw an exception. Resolution To resolve the issue, install the Microsoft .NET Framework 4.5. Video YouTube link:  PowerShell does not open on Windows Server 2008 R2 Related Posts -  WARNING: Unable to resolve package source 'https //www.powershellgallery.com/api/v2' -  .NET Framework has not been installed because a certificate chain could not be built to a trusted root authority -  A file that is required cannot be installed because the cabinet file has an invalid digital signature. This may indicate that

This post describes how to fix HTTP error 500.19 with error code 0x8007007e. Cause This error can occur in a few different situations: 1. If the ASP.NET role service has not been installed. 2. If WSUS is also installed on the same machine.  This adds an "xpress" scheme to the httpCompression section of the IIS config XML which references a suscomp.dll.  You can check this by running: %windir%\system32\inetsrv\appcmd.exe list config -section:system.webServer/httpCompression The xpress scheme looks like this: <scheme name="xpress" doStaticCompression="false" doDynamicCompression="true" dll="C:\Program Files\Update Services\WebServices\suscomp.dll" staticCompressionLevel="10" dynamicCompressionLevel="0" /> Any 32 bit applications running in IIS will try to load the suscomp.dll which is only available as 64 bit out of the box so the error above occurs. Resolution Remove the "xpress&q

This post describes how to fix the error: The WinRM client cannot process the request. It cannot determine the content type of the HTTP response from the destination computer. The content type is absent or invalid. Cause This error can occur if you're connecting via wsman to the wrong port. Note: If you don't specify a port, the connection will be attempted on port 80. connect-wsman -connectionuri http://EXCH-2K16-2.exch2016.net/PowerShell -credential exch2016\sysadmin Fix To resolve the issue, specify the appropriate port. To find out which port to use, run the following PowerShell command on your Exchange server: Get-WSManInstance -ResourceURI winrm/config/listener -Enumerate The default is 5985. connect-wsman -connectionuri http://EXCH-2K16-2.exch2016.net :5985 /PowerShell -credential exch2016\sysadmin Related Posts

In this blog post, I discuss the 'Password must meet complexity requirements' policy, what it means and a regex to test it.  I also describe how you can still set a password which does not meet the complexity requirements. Where is this policy? This policy can be accessed by running secpol.msc > Account Policies > Password Policy: What does this policy do? If you open the policy, the explain text describes what this policy does: There are a couple of things to watch out for with this explain text: 1. Non-alphabetic characters The full list from Microsoft is: ~!@#$%^&*_-+=`|(){}[]:;"'<>,.?/ You will notice that £ and € are missing from this list.  If you include those characters in your password, they are permitted but they do not count towards a category with regards to "Contain characters from three of the following four categories". 2. Length The explain text states "Be at least six characters in length&q

This blog post describes how to fix the error 'The value provided for parameter isn't in the correct format. The correct format is "\<FolderPath>".' Cause This error can occur when creating a new public folder on Microsoft Exchange 2016.  In the screenshot below, I have specified an invalid folder name, however, Exchange still attempts to create the public folder as there is no validation on the text box. You can see the invalid public folder in the list of public folders: As expected, Exchange can't handle an invalid folder name, you get an error if you try to navigate into this folder: Resolution To fix the issue, delete the invalid folder name and create a new folder without using any invalid characters:

A quick and easy way to check the SSL certificate expiration date in Windows across all your environments at once is to use the network documentation tool XIA Configuration. Once installed, the XIA Configuration Client scans the Windows Machines on a network.  It retrieves detailed information about how these machines have been configured including certificates and certificate expiry dates. Certificate expiration dates can then be checked in the XIA Configuration Server web interface in a couple of different ways: 1. Windows Machine Properties Open a Windows Machine item then navigate to Security > Machine Certificates to check the Expiry Date of each certificate individually. 2. SSL Certificate Report Run the SSL Certificate Report to check the Expiry Date and Days Until Expiry across all the Windows Machines across all your environments at once. You can sort the data so that certificates closest to expiring are shown at the top. Video Watch a video describ

This blog post describes how to add a GDPR cookie policy consent popup modal box to a website. Popup Modal Box I started with the popup box.  I wanted something that appeared above everything else in the bottom left.  This is easily achieved using an element such as a div and CSS such as: position: fixed; left: 20px; bottom: 20px; z-index: 999999 You may want to give it a black background with some transparency and white text: background-color: #111; opacity: 0.9; color: #fff; You may also want to add some border-radius and box-shadow. Within the box you can then add text such as "This website uses cookies" and "By continuing to browse, you are agreeing to our use of cookies as explained in our Cookie Policy ." Button At the bottom of this box, I added a Close button.  I used JavaScript to handle the OnClientClick event.  This finds the popup box by ID and hides it. function btnCloseCookiePopup_Click() {   document.getElementById(

This post describes how to fix the error 'DNString length mismatch'. Cause This error can occur when a new Outlook Web App mailbox policy is created in Microsoft Exchange.  I found this issue on Exchange 2016. The error then occurs when you try to open Outlook Web App policies tab. Trying to diagnose the issue in PowerShell by running Get-OwaMailboxPolicy also leads to the same error. Further investigation using ADSI Edit reveals the object causing the error. Resolution To resolve the issue, delete the object using ADSI Edit. The Outlook Web App policies tab now opens again.

This post describes how to fix the error "Operation terminated with error -1032 (JET_errFileAccessDenied, Cannot access file, the file is locked or in use)" This error can occur on Microsoft Exchange 2016 when you try to repair a mailbox database using eseutil. Cause The Exchange Management Console does not have the necessary privileges to access the file. Fix Open the EMC as Administrator.  eseutil should now have the privileges required to repair the database.

This post describes how to fix the error "Failed to mount database. Error: An Active Manager operation failed. Error: The database action failed. Error: Operation failed with message: MapiExceptionDatabaseError: Unable to mount database." This error can occur on Microsoft Exchange 2016 when you try to mount a mailbox database. Cause One cause of this error is the mailbox database being in a 'dirty shutdown' state. To check the state of a mailbox database, open the Exchange Management Console and run the following (replacing the path as necessary): eseutil /mh "C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox Database 0969320567\Mailbox Database 0969320567.edb" Fix 1 To repair the database, run the following in the EMC: eseutil /p "C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\Mailbox Database 0969320567\Mailbox Database 0969320567.edb" The state should now be 'clean shutdown': You should now b

This post describes how to fix the error: Cannot open mailbox /o=First Organization/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Configuration/cn=Servers/cn=EXCH-2K16-2/cn=Microsoft System Attendant. This error can occur on Microsoft Exchange 2016 when you try to open the add-ins section. Cause One cause of this error is if one or more mailbox databases are not mounted. Fix To resolve this issue, open the Exchange admin center, navigate to servers, then databases and check if any are dismounted.  If that is the case, select the mailbox database, press the ellipses, then press Mount. Error If the mount fails, the following post describes one way to resolve this error: Failed to mount database. Error: An Active Manager operation failed. Operation failed with message: MapiExceptionDatabaseError Video YouTube link:  Cannot open mailbox/o=first organization/ou=exchange administrative group Microsoft System Attendant

Save time and effort by using XIA Configuration to automatically create detailed, technical documentation including version history, comparison, reporting and inventory discovery. Find out more in this demonstration video:

XIA Configuration 10 has recently been released and with it comes the ability to document defined Windows registry keys and values. Registry Keys Scan Settings Data Collected Display Name Registry Hive Located (true/false) Registry Values Scan Settings Data Collected Display Name Value Type Value Located (true/false) Web interface The data is presented within a Windows Machine item in the XIA Configuration web interface: Windows Registry Value Summary Report Use the reporting feature to query the registry across all the Windows servers and workstations in an environment at once: Learn more:  Scan and Check Windows Registry Keys and Values

If you've installed XIA Configuration 10 and you're not sure what to do next, take a look at the Getting Started video below. It covers how to perform scans using the XIA Configuration Client as well as how to view, organise and query the data in the XIA Configuration Server web interface.

If you're keen to try XIA Configuration Server v10 and you want some help with the installation, check out the latest installation video below. The video runs through the installation wizard and describes what to do if you don't have a SQL server available.  The advanced options at the end of the wizard are also explained. Next, watch how to get started with XIA Configuration 10 >

CENTREL Solutions has released version 10 of its network documentation tool XIA Configuration. Check out some of the new features below: Windows The ability to scan Windows Server 2012 and above using only a PowerShell remoting connection. Learn more about how XIA Configuration can be used as a server documentation tool . Azure Support for manually scanning Azure tenants which have two-factor authentication or Microsoft Live accounts. Learn more about how XIA Configuration can be used as an Azure documentation tool . HTML Editor An improved HTML editor control. Learn more  > SQL Server 2017 Support for scanning and documenting SQL Server 2017. Learn more about how XIA Configuration can be used as a SQL Server inventory tool . Registry Support for documenting defined registry keys and values on Windows machines. Learn more > Free Trial You can try XIA Configuration 10 for free by requesting a free trial license >

Issue This blog post describes how to fix the error: .NET Framework 4.6.2 has not been installed because a certificate chain could not be built to a trusted root authority on Windows 7 and Server 2008 R2. Cause This error can occur when installing the .NET Framework 4.7/4.6.2/4.6.1/4.6 or 4.5.2 on Windows Server 2008 SP2, Windows 7 SP1 and Windows Server 2008 R2 SP1 when an internet connection is not available. Resolution Download and import the latest Microsoft root certificate into Trusted Root Certification Authorities on the Local Machine using the Certificates snap-in in MMC. Please read the following Microsoft article for different methods of doing this: https://support.microsoft.com/en-gb/help/3149737/known-issue-for-security-update-3136000-for-the-net-framework-4-6-1-4 Edit: The above link is currently broken.  However, the Microsoft root certificate can be downloaded from this page:  https://ww

This post describes one way to fix the error "Location is not accessible - C:\ is not accessible - Access is denied." This can be frustrating as the C:\ drive can't be accessed! The cause of this issue in my case was because a user had been created in local users and groups with a home folder connected to \\localhost\c$.  This changed the security of the C:\ drive to only allow access to that user and Administrators. Fix 1. Right click the C:\ drive and select Properties then go to the Security tab, press Advanced then Continue to open Advanced Security Settings 2. Now press Add then the 'Select a principal' hyperlink 3. Change the Location to the local machine if necessary, then type Users, Check Names and press OK 4. Press OK, then OK, then Yes in the Windows Security dialog box Windows will now set the security information.  Click the Windows Security box to check the progress - you may see some errors setting the security on sub