What kind of server channel are your running on: SAC or LTS?

  • Context:

I installed a SAC (Semi Annual Channel) based server and wanted to know what’s the difference with the LTS (Long Term Support) branch?


Source: https://docs.microsoft.com/en-us/windows-server/get-started-19/servicing-channels-19
There’s only 18 months support for the SAC channel.
There’s no upgrade path between branches, so you need to install from scratch when you want to move to a new branch.
That’s a big the deal.
I also wanted to have some code that would help me differentiate these 2 channels?

  • Solution:

I started to dig in google and the registry. I found this relevant info:

Source: https://docs.microsoft.com/en-us/previous-versions/windows/desktop/legacy/hh846315(v=vs.85)

The WMI repository can help and contains the following:

Get-CimInstance -Property Caption -ClassName Win32_OperatingSystem |
Select -expand Caption



NB: Notice the year in the caption name before the edition (ex: Standard or Datacenter)
When the server is on a LTS channel, the year is specified whereas when on a SAC channel, it’s absent.

While there is a Get-ComputerInfo cmdlet, it doesn’t meet my needs. I wrote another function

The isExpired property is only valid for the SAC channel. I should modify the code accordingly in a further release.
If you run on the LTS channel, I would recommend that you use the official info on this site: https://support.microsoft.com/en-us/lifecycle/search

Let’s see the above function in action:

On a Windows server 2016

On a Windows server 2019

On a Windows Server 1903

On a Windows Server 1709

Notice that this SAC channel is expired

On a Windows 2012 R2 Server

Again, the LTS channel have an expiry date specified on this site: https://support.microsoft.com/en-us/lifecycle/search

Advertisements

Quick post: IIS drive

  • Context:

I installed recently a SAC (Semi Annual Channel) based Windows Server and I wanted to use some IIS cmdlets to configure it.

  • Problem:

The IIS: drive didn’t mount

  • Solution:

It appears that there are actually 2 modules.

One that doesn’t mount the IIS drive: the IISAdministration module

One that does: the WebAdministration module

What’s the difference between these 2 modules?

The IISAdministration module is more recent and compatible with both Windows PowerShell and PowerShell (Core).

Quick post: DISM and Features on Demand (FOD)

  • Context:

I started to migrate to the 1809 Windows 10 branch and Remote Server Administration Tools (RSAT) are no longer provided as a separate patch (MSU/cab file) but as a Feature on Demand.

  • Problem:

I wanted to avoid computers downloading the package from Windows Update or the default location set by Group Policy or the Windows directory of a mounted image or a running Windows installation that is shared on the network.

  • Solution:

I downloaded the FOD ISO image and extracted just the cab files I needed.

With the following structure (yes, you need the metadata subfolder and its content + meet the package dependencies)

you can use the Add-WindowsCapability cmdlet and do:

$Source = '\\server-share\whereIextractedCabfiles'
$HT = @{
 Name ='Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0'
 Online = [switch]::Present
 LimitAccess = [switch]::Present
}
Add-WindowsCapability @HT -Source:"$($Source)"

Quick post: Windows branch downgrade

  • Context:

We started testing the Windows 10 1809 on different hardware and we noticed some issues. Explorer keeps crashing and we decided to rollback.

  • Problem:

After the upgrade a new account logged on the computer.
DISM.exe /Online /Initiate-OSUninstall now refuses to run and says:

Error: 0xc16a0102
The OS uninstall cannot be initiated. User profiles were added.

  • Solution:

Identify the offending profile by opening the dism log file

Delete the offending profile

$UserProfiles = Get-WmiObject -Class Win32_UserProfile
# View it
$u = $UserProfiles | ? LocalPath -match 'myOffendingUserName'
$u
# Delete user folder
Get-Item "$($u.LocalPath)" | 
Remove-Item -Force -Recurse -Confirm:$false
# Delete user profile reference
$u.Delete()

Rollback to 1803 is now successful using dism.exe 😎

Decipher a message

As part of the PowerShell Summit, there’s a scripting competition also known as the “iron scripter” contest.

This year, one of the challenges was published on this page https://ironscripter.us/a-challenge-from-the-dark-faction/

There’s a message encoded with the Caesar Cipher on this page: http://bit.ly/DarkFactionMessage which leads to this text file



You can find more details on the Caesar Cipher on this wikipedia page.

About my solution: It’s clear that % is the space character. I needed to know if a character is upper or lower case and I did a substitution to the left in the ascii table by 5 or 37. Plus in some cases, I had to adjust the character without using a substitution (or I just simply failed to find the common denominator)

My quick and dirty solution is the following:

It looks like this:

The original text can be found on this page: https://devops-collective-inc.gitbook.io/the-monad-manifesto-annotated/what-is-monad

Quick tip: how to add REG_NONE value

  • Context

A colleague of mine sent me a message saying that I need to add a reg_none value.

Although the referenced article talks about REG_SZ (String Value) – How to suppress the AutoDiscover redirect warning in Outlook – I can only see REG_NONE values under HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers

  • Problem

I started to innocently do the following but it failed:

$v = 'autodiscover-s.outlook.com'
$p = 'HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers'
Set-ItemProperty -Value $null -Type None -Path $p -Name $v -Force -Verbose
Set-ItemProperty -Value '' -Type None -Path $p -Name $v -Force -Verbose

I ended with the following error messages:
Set-ItemProperty : Value cannot be null.
Set-ItemProperty : The type of the value object did not match the specified RegistryValueKind or the object could not be properly converted


I almost gave up and started to look for an acceptable answer on the web.

  • Solution

The best answer I found is on this page: https://stackoverflow.com/questions/47530823/set-reg-none-value-via-powershell
Kudos to Mathias R. Jessen. He has the solution and the relevant answer! Awesome!

It’s true, the value is a null byte array and it’s revealed by using the Get-Member cmdlet:

$v = 'autodiscover-s.outlook.com'
$p = 'HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers'
Get-ItemProperty -Path $p -Name $v | gm

The solution is:

$v = 'autodiscover-s.outlook.com'
$p = 'HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover\RedirectServers'
Set-ItemProperty -Value ([byte[]]@()) -Type None -Path $p -Name $v -Force -Verbose

Quick tip: avoid error 0x800f0954

  • Context:

I was comparing features of Windows between branches and got this error when I run the Get-WindowsCapability cmdlet:
Get-WindowsCapability : Get-WindowsCapability failed. Error code = 0x800f0954

I also tried

DISM.exe /online /get-capabilities

If you open the dism.log file as suggested, it doesn’t help in this case:

  • Cause:

It’s not obvious unless you start reading the help of dism.exe or use the tab completion of the Get-WindowsCapability cmdlet and see that there are more parameters than those documented online, like /Source and /LimitAccess

If your computer is not allowed to contact Windows Update or uses a WSUS server that has not activated the UpdateCategories named ‘Windows 10 Feature On Demand (FOD)’ and approved the capability source files for FOD

You may notice in the WindowsUpdate.log that when you don’t use the /LitmitAcces that you’ve some lines like this:
ComApi *END * Search ClientId = TrustedInstaller FOD Enumerate, Updates found = 0, ServiceId…

And if I open the CBS.log file suggested in the dism.log file, I can see that 0x800f0954 means CBS_E_INVALID_WINDOWS_UPDATE_COUNT_WSUS

  • Solution:

Just use the /LimitAccess as suggested 😀

Get-WindowsCapability -Online -LimitAccess

Wouldn’t it be nice to have a dism command (and its equivalent PowerShell cmdlet) to know what sources it queries and/or will use?
Wouldn’t it be nice to have an official documentation that tells how to configure FOD in WSUS next to this one
(btw, WSUS is mentioned only once on a page next to above one and says the following 😦

)
If you read this article and know the answer to these 2 questions, please ping me in the comments below.