Friday, 31 October 2014

ipconfig /release: An error occurred while releasing interface Loopback Pseudo-Interface 1

Today when I start and login into my laptop I have noticed that my laptop doesn't have Internet Access but it was connected with LAN network. Then I tried to disable and enable the LAN Network Adapter, now I am getting ip conflict message. So that I have decided to flushdns and release ip address. When I try to release IP by using ipconfig/release command, the following error occurs 'An error occurred while releasing interface Loopback Pseudo-Interface 1 : The system cannot find the file specified.'
C:\>ipconfig /release

Windows IP Configuration
An error occurred while releasing interface Loopback Pseudo-Interface 1 : The sy
stem cannot find the file specified.

The operation failed as no adapter is in the state permissible for
this operation.
After I have analyzed some time, found the following recommended solutions

Steps taken to fix issue in my laptop (windows 7):

- Changed the machine IP manually into temporary IP address.
- Disable and Enabled LAN Network Adapter.
- I got the Internet Access through my LAN Network.
- Restarted the machine.
- Run the commands ipconfig/flushdns and ipconfig/release
- Now changed the IP manually to my original IP address.

Other Recommended Solutions:

http://answers.microsoft.com/en-us/windows/forum/windows_vista-networking/an-error-occurred-while-releasing-interface/4261cacb-e924-4d74-a349-4f3b898c27a9

http://www.sevenforums.com/network-sharing/281902-unidentified-network-no-internet-access-lan.html

http://www.tomshardware.com/forum/34947-43-cannot-renew-release

http://www.reddit.com/r/techsupport/comments/1if7t4/connected_to_network_but_no_internet_access/

Sunday, 26 October 2014

PowerShell: Get-ADUser - Filter and Select Attributes

The Active Directory powershell cmdlet Get-ADUser supports different default and extended properties. Refer this article Get-ADUser Default and Extended Properties for more details. Get-ADUser cmdlet also supports smart LDAP Filter and SQL Like Filter to select only required users. In this article, I am going to write different examples to list AD user properties and Export AD User properties to CSV using PowerShell.

Get-ADUser - Select all properties:

Use the below code to list all the supported AD user properties.
Import-Module ActiveDirectory
Get-ADuser -identity 'Morgan' -Properties *          

Get-ADUser - Filter and List Selected properties:

This command lists the selected properties as table format of AD users whose City contains the text 'Austin'.
Import-Module ActiveDirectory
Get-ADUser -Filter 'City -like "*Austin*"' -Properties * |
 Select -Property Name,City,Mail,Department | FT -A          

Get-ADUser - LDAP Filter:

Instead of SQL Like Filter, you can also use LDAP filter to select only required users. Refer this article (AD LDAP Filter Examples) to get more LDAP filter examples.
Import-Module ActiveDirectory
Get-ADUser -LDAPFilter '(Department=*Admin*)' -Properties * |
  Select -Property Name,City,Mail,Department,DistinguishedName | FT -A 

Get-ADUser - Select users from specific OU:

This command select all the AD users from the Organisation Unit 'Austin' and lists the selected properties.
Import-Module ActiveDirectory
Get-ADUser -Filter * -SearchBase "OU=Austin,DC=TestDomain,DC=Local" -Properties * |
 Select -Property Name,Mail,Department | FL           

Get-ADUser - Export Selected properties to CSV file:

This command export the selected proprties to CSV file of AD users whose City contains the text 'Austin'.
Import-Module ActiveDirectory
Get-ADUser -Filter 'City -like "*Austin*"' -Properties * |
  Select -Property Name,City,Mail,Department,DistinguishedName | 
  Export-CSV C:\\ADUsers.csv -NoTypeInformation -Encoding UTF8
Export ADUsers CSV output:
AD PowerShell: Get-ADUser - Export Selected properties to CSV file

Saturday, 25 October 2014

How to: Run Program as Local System Account

   Running a Program or Batch file under different user account is one of the easiest way to impersonate a Program/Application with some other user's privilege. For every administrators, this would be the common need either for testing or to impersonate different user privilege. In this article, I am going to write and explain about how to run a program or batch script under Local System account context.

You can execute or run a program under local system account by using sysinternals's Psexec utility. you can download at http://technet.microsoft.com/en-us/sysinternals/bb897553. You can use the -s switch to run a program as the system account. The following example shows how to start a cmd.exe session under the system account:
C:\PSTools> PsExec -s cmd.exe

PsExec v2.1 - Execute processes remotely
Copyright (C) 2001-2013 Mark Russinovich
Sysinternals - www.sysinternals.com

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami
nt authority\system

C:\Windows\system32>exit
cmd.exe exited on HP-PC with error code 0.
How to Run Program or Batch file under Local System Account

Once you have completed the work you can revert to current user by executing exit command.


Thanks,
Morgan
Software Developer

AD User Logon Audit Events

Auditing AD user logon activity is one of the importance task for every System Admin to ensue AD Domain security. This auditing should includes user logon, logoff, logon failure and account lockout. Active Directory Logon and Logon failure events are categorized under following three categories

Account Logon/Logon failure Event IDs (Domain Controller events):

When a domain user login into his/her client pc which connected the Active Directory domain, the domain user account is authenticated by a domain controller (logon server) before login into client-pc. At this time, either logon or logon failure will event will be logged in the Domain Controller(logon server). Checkout the article Enable Account Logon Audit Event IDs to configure Group Policy to log account logon audit events in DC.

Event ID Event Type Reason
4768 Success/Failure A Kerberos authentication ticket (TGT) was requested to DC.
4769 Success/Failure A Kerberos service ticket was requested to DC.
4771FailureKerberos pre-authentication failed.
4776Success/FailureThe domain controller attempted to validate the credentials for an account.

Account Lockout Event ID: 4740

When a domain user login into his/her client pc which connected the Active Directory domain with wrong password continuously, the account lockout event 4740 will be logged in Domain Controller (logon server). See this article Event 4740 to know more about 4740.

Logon/Logoff events (Client events):

Logon/Logoff Audit events will be logged in local computer, when a user login either by using a domain account or a local account. The logon (4624) and logon failure (4625) event contains the detailed info about user logon activity. Checkout the article Enable Logon/Logoff Audit Event IDs to configure Group Policy to log logon audit events in client-pc.

Event ID Audit Type Event Type Reason
4624 Logon Success An account was successfully logged on.
4625 Logon Failre User account failed to log on.
4634 Logoff Success User account was logged off.
4647 Logoff Success 4647: User initiated logoff.


Thanks,
Morgan
Software Developer

Tuesday, 14 October 2014

How to Find Locked out and Logon Failure Reason

Tracking and finding source and root cause of the frequent Active Directory User Account Lockout is a cumbersome task now a days. Unlike other normal logon types (Logon Type 2 -Interactive Logon and Logon Type 10 -Remote Logon), we can’t easily say/track the failure reason for the Logon Type 3, Logon Type 7 and Logon Type 8. Because most of the time, the failures surrounded with these logon types are triggered or initiated by either saved/cached credentials or through third party tools. In this article, I am going to explain about how to trace and find Account Lockout Source and Logon Failure Reason for AD User.

Summary:


How to Find Account Lockout Reason for Logon Type 3

This logon type occurs due to accessing a computer from elsewhere on the network (i.e Remote Desktop sharing tool), or accessing other resources like Network Share from elsewhere on the network by passing credentials. One of the most common sources of logon events with Logon type 3 is connections to shared folders or printers. But also other over-the-network logons are classed as logon type 3 as well as most logons to IIS except Basic authentication.

Consider following scenario:
      DC1         - Active Directory Domain Controller 
      Morgan-PC    - End user desktop computer
Now, when a user or any other applications tries to access resources like Network Share from Morgan-PC with wrong credentials, we will get the logon failure event 4625 with logon type 3 in DC1, it will points the machine Morgan-PC as Source Machine.

 Event 4625 for Logon Type 3:
Computer:      DC1.TestDomain.Com
Description:  An account failed to log on.

Logon Type:   3

Account For Which Logon Failed:
  Account Name:  Morgan
  Account Domain:  TESTDOMAIN

Failure Information:
  Failure Reason:  Unknown user name or bad password.
  Status:   0xc000006d
  Sub Status:  0xc000006a

Network Information:
  Workstation Name: Morgan-PC
  Source Network Address: 212.158.1.110
  Source Port:  51283

How to Trace AD User Lockout Reason for Logon Type 8

The logon type 8 occurs when the password was sent over the network in the clear text. Basic authentication in IIS is most possible cause for this kind of logon failure. As for as I know there are two commonly used Microsoft IIS based services with Basic Authentication by end users via either by their desktop or mobile device, such are OWA client and SharePoint server.

When an end-user connect the Basic authentication enabled OWA client from their desktop-pc/mobile device with wrong passwords, the event 4625 with logon type 8 will be logged in Exchange Server which hosts the OWA.

Consider the following scenario:
     DC1   - Active Directory Domain Controller 
     ExchSvr    - Exchange Server integrated with AD with OWA and DC1 as Authentication Server
     Morgan-PC/Mobile   - End user computer/mobile device
Now, when the user morgan tries to connect the OWA client from his desktop “Morgan-PC” with wrong password,
  • The logon failure event 4625 with logon type 8 will be logged in ExchSvr, and this event will points the Morgan-PC as Source Machine. 
  • Any one of these Authentication failure logon event (4768/4771/4776) will be logged in DC1 depends upon the authentication mechanism configured in AD, and this event will points the machine ExchSvr as Source Machine.
Computer:      ExchSVR.TestDomain.Com
Description: An account failed to log on.

Logon Type:   8

Account For Which Logon Failed:
  Account Name:  Morgan
  Account Domain:  TestDomain

Failure Information:
  Failure Reason:  Unknown user name or bad password.
  Status:   0xc000006d
  Sub Status:  0xc000006a

Process Information:
  Caller Process ID: 0xce4
  Caller Process Name: C:\Windows\System32\inetsrv\w3wp.exe

Network Information:
  Workstation Name: ExchSVR
  Source Network Address: 212.158.1.110
  Source Port:  40977
To track the starting point of this logon failure, we need to read events from two machines DC1 and ExchSVR.
  • By DC1 event, we can conclude the failure is triggered from ExchSVR
  • And then from ExchSVR event , we can conclude the actual failure was triggered from Morgan-PC (Source Network Address).

How to Find AD User Lockout Source for Logon Type 7

As for as I know there are two possibilities for logon failure with Logon type 7.

- In most cases, this logon type occurs when a user unlock the password protected workstation screen, Windows treats this logon as logon type 7. If your entered valid password, the event 4624 logged in workstation event log with logon type 7 and if you entered wrong password, the event 4625 will be logged with logon type 7.

- There may be a possibility to get account locked by Cached Active Directory Password.

Logon Type 7 event info for Login failure when unlock the workstation screen:
Description:
An account failed to log on.

Logon Type:   7

Failure Information:
 Failure Reason:  Unknown user name or bad password.

Process Information:
 Caller Process ID: 0x1d3
 Caller Process Name: C:\Windows\System32\winlogon.exe
Logon Type 7 event for other login failure like cached cached credentials:
Description:
An account failed to log on.

Logon Type:   7

Failure Information:
 Failure Reason:  An error occurred during logon.

Process Information:
 Caller Process ID: 0x1f4
 Caller Process Name: C:\Windows\System32\lsass.exe

Thanks,
Morgan
Software Developer

Wednesday, 8 October 2014

Case Sensitive Search in SQL Query (Where)

Normally, in programming languages like C# .NET, we need to explicitly add criteria to ignore case sensitive search or compare operations but whereas in SQL Server, search operation by using where query is not case sensitive by default. So to make case sensitive where query, we need to add explicit criteria which is SQL Collation.

SQL Collation:

SQL Collation is a clause that can be applied to a database definition or a column definition to define the collation, or to a character string expression to apply a collation cast. It encodes the rules governing the proper use of characters for either a language, such as Greek or Polish, or an alphabet such as Latin1_General (the Latin alphabet used by western European languages).

Default Collation of the SQL Server installation is SQL_Latin1_General_CP1_CI_AS and this is not case sensitive. Consider the UserTable with following names Morgan morgan MorgaN
--Create Test Table
CREATE TABLE UserTable(
UserID int, UserName varchar(250))
 
--Insert rows into Table
Insert into UserTable values(1,'Morgan')
Insert into UserTable values(2,'morgan')
Insert into UserTable values(2,'MorgaN')
If we run below Query,
Select * from UserTable where UserName = 'morgan'
it will returns all the rows, since all the rows contains same data and record search is not case Sensitive.

Case Sensitive Search in SQL (Where) Query

 To get only case sensitive records you need to change collation of the UserName column. Default Collation of the SQL Server installation SQL_Latin1_General_CP1_CI_AS and this is not case sensitive.

This is new query to get results with case sensitive operation.
Select * from UserTable where UserName COLLATE Latin1_General_CS_AS = 'morgan'

Case Sensitive Search in SQL (Where) Query
Thanks,
Morgan
Software Developer