September 10, 2015

Stop Windows Telemetry/Tracking Windows 7 and 8.1

Straight up copy for my records of this great article

http://techne.alaya.net/?p=12499

Below is a list of Windows updates which add telemetry/tracking. Before uninstalling them and rebooting make sure that you have Windows Update set to not automatically install updates:
KB3083325 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: September 2015 more info
KB3083324 Windows Update Client for Windows 7 and Windows Server 2008 R2: September 2015 more info
KB2976978 Compatibility update for Windows 8.1 and Windows 8 more info
KB3075853 Windows Update Client for Windows 8.1 and Windows Server 2012 R2: August 2015 more info
KB3065987 Windows Update Client for Windows 7 and Windows Server 2008 R2: July 2015 more info
KB3050265 Windows Update Client for Windows 7: June 2015 more info
KB3075851 Windows Update Client for Windows 7 and Windows Server 2008 R2: August 2015 more info
KB2902907 MS Security Essentials/Windows Defender related update [no description/information available]
KB3068708 Update for customer experience and diagnostic telemetry more info
KB3022345 Update for customer experience and diagnostic telemetry more info
KB2952664 Compatibility update for upgrading Windows 7 more info
KB2990214 Update that enables you to upgrade from Windows 7 to a later version of Windows more info
KB3035583 Update installs Get Windows 10 app in Windows 8.1 and Windows 7 SP1 more info
KB971033 Description of the update for Windows Activation Technologies more info
KB3021917 Update to Windows 7 SP1 for performance improvements more info
KB3044374 Update that enables you to upgrade from Windows 8.1 to a later version of Windows more info
KB3075249 Update that adds telemetry points to consent.exe in Windows 8.1 and Windows 7 more info
KB3080149 Update for customer experience and diagnostic telemetry more info
They can be uninstalled manually via elevated command prompt with the following commands:
wusa /uninstall /kb:3083325 /quiet /norestart
wusa /uninstall /kb:3083324 /quiet /norestart
wusa /uninstall /kb:2976978 /quiet /norestart
wusa /uninstall /kb:3075853 /quiet /norestart
wusa /uninstall /kb:3065987 /quiet /norestart
wusa /uninstall /kb:3050265 /quiet /norestart
wusa /uninstall /kb:3075851 /quiet /norestart
wusa /uninstall /kb:2902907 /quiet /norestart
wusa /uninstall /kb:3068708 /quiet /norestart
wusa /uninstall /kb:3022345 /quiet /norestart
wusa /uninstall /kb:2952664 /quiet /norestart
wusa /uninstall /kb:2990214 /quiet /norestart
wusa /uninstall /kb:3035583 /quiet /norestart
wusa /uninstall /kb:971033 /quiet /norestart
wusa /uninstall /kb:3021917 /quiet /norestart
wusa /uninstall /kb:3044374 /quiet /norestart
wusa /uninstall /kb:3075249 /quiet /norestart
wusa /uninstall /kb:3080149 /quiet /norestart


The following services should be removed:
In an elevated command prompt run the following:
sc stop DiagTrack
sc stop dmwappushservice
sc delete DiagTrack
sc delete dmwappushservice
echo "" > C:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etl
Open the Task Scheduler (Win key then type “sched”). Under Task Scheduler Library -> Microsoft delete the following items:
Everything under “Application Experience”
Everything under “Autochk”
Everything under “Customer Experience Improvement Program”
Under “Disk Diagnostic” delete only the “Microsoft-Windows-DiskDiagnosticDataCollector”
Under “Maintenance” “WinSAT”
“Media Center” and click the “status” column, then select all non-disabled entries and disable them.
Block these hosts

a-0001.a-msedge.net
choice.microsoft.com
choice.microsoft.com.nsatc.net
compatexchange.cloudapp.net
corp.sts.microsoft.com
corpext.msitadfs.glbdns2.microsoft.com
cs1.wpc.v0cdn.net
df.telemetry.microsoft.com
diagnostics.support.microsoft.com
fe2.update.microsoft.com.akadns.net
feedback.microsoft-hohm.com
feedback.search.microsoft.com
feedback.windows.com
i1.services.social.microsoft.com
i1.services.social.microsoft.com.nsatc.net
oca.telemetry.microsoft.com
oca.telemetry.microsoft.com.nsatc.net
pre.footprintpredict.com
redir.metaservices.microsoft.com
reports.wes.df.telemetry.microsoft.com
services.wes.df.telemetry.microsoft.com
settings-sandbox.data.microsoft.com
sls.update.microsoft.com.akadns.net
sqm.df.telemetry.microsoft.com
sqm.telemetry.microsoft.com
sqm.telemetry.microsoft.com.nsatc.net
statsfe1.ws.microsoft.com
statsfe2.update.microsoft.com.akadns.net
statsfe2.ws.microsoft.com
survey.watson.microsoft.com
telecommand.telemetry.microsoft.com
telecommand.telemetry.microsoft.com.nsatc.net
telemetry.appex.bing.net
telemetry.appex.bing.net:443
telemetry.microsoft.com
telemetry.urs.microsoft.com
vortex.data.microsoft.com
vortex-sandbox.data.microsoft.com
vortex-win.data.microsoft.com
watson.live.com
watson.microsoft.com
watson.ppe.telemetry.microsoft.com
watson.telemetry.microsoft.com
watson.telemetry.microsoft.com.nsatc.net
wes.df.telemetry.microsoft.com

June 16, 2015

Windows Server 2008 R2 - Please shutdown this system and reboot into Directory Services Restore Mode

Error message :


Error status: 0x0000001. please shutdown this system and reboot into directory services restore mode

The server bluescreens, reboots into safe mode and repeats the cycle

Solution

The solution that worked was found on technet forums

1.  Restart the server and press F8 key, select Directory Services restore mode.
2.  Log in with the local administrator username and password
3.  Type cd \windows\system32
4.  type NTDSUTIL
5.  type activate instance NTDS
6.  type files
7.  If you encounter an error stating that the Jet engine could not be initialized exit out of ntdsutil.
8.  type cd\
9.  type md backupad
10. type cd \windows\ntds
11. type copy ntds.dit c:\backupad
12. type cd \windows\system32
13. type esentutl /g c:\windows\ntds\ntds.dit
14. This will perform an integrity check, (the results indicate that the jet database is corrupt)
15. Type esentutl /p   c:\windows\ntds\ntds.dit
16. Agree with the prompt
17. type cd \windows\ntds
18. type move *.log c:\backupad   (or just delete the log files)
This should complete the repair.  To verify that the repair has worked successfully:
1.  type cd \windows\system32
2.  type ntdsutil
3.  type activate instance ntds
3.  type files        (you should no longer get an error when you do this)
4.  type info       (file info should now appear correctly) 
One final step, now sure if it's required:
From the NTDSUTIL command prompt:
1.  type Semantic Database Analysis
2.  type Go

The addition is the error fix as described on Microsoft support article
3. ntdsutil "sem d a" "go f"

May 15, 2015

Manually delete linked clones or stale virtual desktops in VMware Horizon View

Here are some errors that get thrown out:

Failed to remove VM <VM path> from the View Composer inventory - null

Desktop Composer Fault: Virtual Machine with Input Specification already exists

Pool or Desktop stuck showing "Deleting (missing)"


  • Log on to the View composer server.
  • Open an elevated command prompt and navigate to "C:\Program Files (x86)\VMware\VMware View Composer".
  • Run this command: sviconfig -operation=RemoveSviClone -VmName=<Virtual Machine Name> -AdminUser=<username> -AdminPassword=<password> -ServerUrl=https://localhost:18443/SviService/v2_0. 
  • ComposerCommand
  • If it does not run successfully, you'll have to manually delete the VM from the ADAM database. See KB articles


Links and references


VMware KB: 2015112
VMware KB: 2009844

http://michkloc.com/failed-to-remove-vm-vm-path-from-the-view-composer-inventory-null/

http://www.vladan.fr/delete-orphaned-horizon-view-replica/

http://vcdx56.com/2013/10/23/can-not-delete-desktop-pool-in-vmware-horizon-view/

April 30, 2015

Disable IPv4 autoconfiguration for 169.254 duplicate addresses

Quick description

  • static IPs configured on various Windows servers running under VMware
  • after reboot they show both the static configured IP as well as a 169.254.10.50 (example)
  • the invalid IP shows as "prefered"

Fix

  • disable autoconfiguration
    • netsh interface ipv4 show inter
    • netsh interface ipv4 set interface 11 dadtransmits=0 store=persistent
  • disable DHCP client service
  • reboot






March 27, 2015

Quickly recover VMware orphaned virtual machines

After the ESXi OS crashed, it was quickly reinstalled to a fresh USB.

Once 'reconnected' in vCenter the existing datastore was recognized automatically however few things were missing:
- networking settings
- firewall rules
- auto-start for any VMs
- all VMs showed as 'orphaned'

Quick way to restore the VMs :
- enable SSH
- find your volume for the datastore in /vmfs/volumes
- run these line

# find /vmfs/volumes/53456cd6-ee79d800-ad57-002590e2fde0/ -name "*.vmx" | sed
's/\(.*\)/vim-cmd solo\/registervm "\1"/' > /restorevmx

# sh /restorevmx
# rm /restorevmx

What it does is search for all .vmx files in the datastore and runs the 'vim-cmd solo/registervm' command. 
Running it on existing VMs that are not 'orphaned' will just cause the tool to skip them

The best part is that the VMs don't have to be removed from inventory to be re-added

There doesn't seem to be any downsides as long as you don't remove them in vCenter.

References: VMware KB 1006160

February 10, 2015

automating winhelp2002 MVP HOSTS file to pfSense 2.2

Intro

looking to implement - "...HOSTS file to block ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and even most hijackers."


pfSense uses dnsmasq and we need to convert entries from HOSTS file to the dnsmasq format

0.0.0.0 static.a-ads.com -> address=/static.a-ads.com/127.0.0.1

We will have it scheduled to run daily at midnight to keep the list up to date

noteOn pfSense 2.2, The DNS Forwarder is not active by default. It has been replaced by Unbound as a DNS Resolver. It may still be used, and is still active on upgraded configurations. To use the DNS Forwarder (dnsmasq) on 2.2, first disable Unbound and then enable the DNS Forwarder.Dec 26, 2014
DNS Forwarder - PFSenseDocs
https://doc.pfsense.org/index.php/DNS_Forwarder

Therefore this applies only if you're using dnsmasq

Preparation

install package cron 0.1.8

create folder in ssh 
  # mkdir /usr/local/etc/dnsmasq.d/

go to pfSense: 
Services -> DNS Forwarded
  enable advanced button and enter: 
  conf-dir=/usr/local/etc/dnsmasq.d



Command

fetch -qR http://winhelp2002.mvps.org/hosts.txt /root/hosts.txt && perl -e 'while(<>){ chomp; lc; next if /^#/; if (/^0\.0\.0\.0\s([-a-z0-9.]*)/) { print "address=\/$1\/127.0.0.1\n"; } }' /root/hosts.txt > /usr/local/etc/dnsmasq.d/entries && pfSsh.php playback svc restart dnsmasq

broken down and explained

fetch -qR http://winhelp2002.mvps.org/hosts.txt /root/hosts.txt 
&& 

# -q, --quiet
Quiet mode.
# -R, --keep-output
The output files are precious, and should not be deleted
under any circumstances, even if the transfer failed or was
incomplete.

# saves to /root/hosts.txt
---------------------------------------------------------------------------

perl -e '
  while(<>) {    # for every line in input file (specified as argument below)

    chomp;         # remove newlines

    lc;                 # lowercase all characters

    next if /^#/;  # skip if it matches character '#' at the begining - comments

    if (/^0\.0\.0\.0\s([-a-z0-9.]*)/)     
        # if it matches this 0.0.0.0(space)(url - can only contain a-z0-9 and a dash)
        # example 0.0.0.0 static.a-ads.com

    { 
       print "address=\/$1\/127.0.0.1\n"; 
        # print what we matched $1 and the rest of the text so it looks like: 
        #   address=/static.a-ads.com/127.0.0.1

     } 
  }' 

/root/hosts.txt                                          # our input file
> /usr/local/etc/dnsmasq.d/entries          # save to this file
&& 
---------------------------------------------------------------------------

pfSsh.php playback svc restart dnsmasq   # restart dnsmasq service to reload file


Application


test the line by running it in the SSH - check the output of
/root/hosts.txt
/usr/local/etc/dnsmasq.d/entries


when everything runs and you have the 'entries' file populated correctly, schedule it to run daily 

Schedule


After you install the package, go to pfSense: 
Services -> Cron
Pay attention to add full paths