Tag Archives: Windows Server

Windows Server 2016: CDPUserSvc has stopped working

You may observe the following error on Windows Server 2016 immediately after OS startup:

CDPUUserSvc_65df7 has stopped working

This “has stopped working” part tells us that some unhandled exception occurred, so we can switch over to Event Viewer to find some more details about it:

svchost.exe_CDPUserSvc_65df7 – Exception code: 0xc0000005

Exception details are the following:

Faulting application name: svchost.exe_CDPUserSvc_65df7, version: 10.0.14393.0, time stamp: 0x57899b1c
Faulting module name: cdp.dll, version: 10.0.14393.1715, time stamp: 0x59b0d38c
Exception code: 0xc0000005
Fault offset: 0x0000000000193cf5
Faulting process id: 0x1b14

After quick research I found out that this error was introduced with some Microsoft updates and to resolve it on Windows Server 2016 14393.1884 you just need to apply another update 🙂 More specifically you need to install KB4053579, which can be downloaded from Windows Update Catalog. Applying this update resolves this error.

Please follow and like us:

Windows Server 2016 Nano Server – Just enough OS model

I’ve recently spent some time exploring Windows Nano Server installation option and wrote detailed blog post for StarWind blog entitled  “Windows Server 2016 Nano Server – Just enough OS model” you can read it here. Article covers Nano Server basic concepts and compares this installation type with conventional Full Server and Server Core installation options – if you find this topic interesting please read on @ StarWinds Blog.

Please follow and like us:

The trust relationship between this workstation and the primary domain failed – proper fix

All to often I see people doing wrong corrective action whenever they encounter “The trust relationship between this workstation and the primary domain failed” error, it seems that even some Microsoft documentation gives you bad advice. What you have to do if you got this error is use proper resolution methods instead of lengthy and wrong join workgroup, then join to domain again approach.

In case you working with multiple VMs joined to domain and play with snapshots you may very likely run into this error at some point. Here is the screen shot:

This error caused by the fact that your computer account secure channel is broken. All computers joined to domain have SID along with their “username” and password albeit you never touch or input those things in any explicit way. Un-join and re-join again to domain procedure will create new SID for your computer which may be not the thing you want. When you log on to domain with user name and password secure channel is being established, but it can be broken in the following scenarios:

  • Machine was offline more than 30 days since last computer password reset (it happens automatically for machine approximately every 30 days when it is online)
  • OS was reinstalled (this process creates new machine SID)
  • LSA on the machine is out of sync

Key thing to remember when you got this issue is never join workgroup and then to domain again as this process creates new SID and your machine will lose all its group memberships (if it had any, of course).

Right fixes:

  1. ADUC > Reset Computer, then rejoin machine to domain
  2. dsmod computer -reset, rejoin: dsmod computer “cn=COMPUTER-NAME,ou=Computers,dc=domain,dc=com” -reset
  3. nltest (no rejoin or reboot required): nltest /server:COMPUTER_NAME /sc_reset:domain\domain_controller_name
  4. PowerShell way: Test-ComputerSecureChannel -Repair (no rejoin or reboot required)

I strongly recommend you to remember option 4. So if you see “The trust relationship between this workstation and the primary domain failed” you know that secure channel is broken, you just logon as local administrator on this machine and run this:

Once done logoff your local user and logon back using domain credentials, problem solved!

Please follow and like us:

How to: quickly check which installation type of Windows Server you are using?

Just a quick how to post. When you do more and more remote management with PowerShell it may be necessary for you to quickly check if you run Full Server or Core or Nano. And unless you never logon locally to the box you and you only managing it via PowerShell then you may be not very sure if it is running Full Server, Minimal Management Interface, Core or Nano. There is a ServerLevel registry key available starting from Windows Server 2012, and quick look up for its value will answer this question:

Sample output you may see in case of Nano Server:

Another use case for this key is when you writing a script and need to adjust its behavior depending on whether it is being executed on Full Server, Core or Nano.

Please follow and like us:

Windows 10 Hyper-V: What is “Upgrade Configuration Version…” option?

Recently I imported some old VM into my Windows 10 Hyper-V and noticed that unlike VMs I created with latest version of Hyper-V it has an extra option named “Upgrade Configuration Versions..”:

Hyper-V Upgrade Configuration Version

To me option name is a bit confusing (which sometimes happens in MSFT products out of best intentions in attempts to simplify their wizards and wording). I was confused by this option name as it makes me think about configurations versioning and management rather about what it really means.  To put it simply it is equivalent of what you can see in VMware Workstation as “Upgrade Virtual Hardware”/”VM hardware compatibility” (isn’t it more appropriate name? but I guess there is also differentiation needs which software vendors may have 🙂 ).

What you should know about this is in the past (prior to Windows 10) your VMs have been upgraded automatically to new configuration version, but now you have more control over this and have upgrade it manually via GUI (see screenshot above) or using Update-VMVersion cmdlet.

“Upgrade Configuration Version…” option presented in VM properties only when your VM is in offline state. Operation is almost instant and unfortunately it doesn’t give you that VMware Workstation wizard which explains available versions and why you may want to upgrade/added features. But essentially Hyper-V no longer upgrades VMs by default to allow you to move them back to older versions in case it will be necessary and upgrade is needed to enable new features for VM (see table below):

Hyper-V Upgrade Configuration Version - Features Table

Features available/added in different VM versions. Source: Ben Armstrong’s Virtualization Blog – Upgrading your Virtual Machine version

Virtual machines created on Windows 10 use version 6.2 configurations, and the highest value for now is 8.0 (Served 2016/Windows 10 Anniversary update). You can use this table to get an idea of configuration versions in different base OS versions:

Hyper-V Upgrade Configuration Version - Versions Table

To check configuration versions of VMs on your Hyper-V host:

To get configuration version supported by your host use (add –Default parameter to see default one):

You can read more in official MSFT documentation: Upgrade virtual machine version in Hyper-V on Windows 10 or Windows Server 2016

Please follow and like us:

How to change Network Profile in Windows Server 2012/2016

Sometimes Windows picks up wrong profile for you network and there is no obvious (or even any?) way to change this via GUI. But you can easily do this with PowerShell (v4.0 or newer):

I guess looking at above and keeping in mind that you have get-help cmdlet changing Network Profile is no longer an issue for you.

Please follow and like us:

WDS, DHCP and different subnets

I decided that it make sense for me to jot down different things as I prepare to 70-410 and other MSFT exams from MCSA Server 2012 track, though since recently I have strange feeling that I’m trying to take MSFT exams when they about to retire 🙂 .

One of the questions/topics we had since Server 2008 is WDS and there are some facts to be aware of when it comes to WDS.

  1. Port 67. WDS server uses UDP 67 and this is the same port on which DHCP server listening too. In case of coexistence of DHCH and WDS on the same server you have to configure WDS not to listen on port 67. When you add WDS role on a server which already hosts DHCP role all configuration settings for such coexistence (points 1 & 2 in this list) being configured for you automagically. But if WDS installed first and then you adding DHCP role you have to take care about this manually.
  2.  DHCP Option 60. Once you configured DHCP server not to listen on port 67, you have to configure DHCP option 60 which will tells DHCP clients that their DHCP server is also WDS server/PXE (Preboot eXecution Environment) server. You have to switch on DCHP option 60 and set it to “PXEClient”. In addition to this TFTP should be allowed on FDS along with BINL service (UDP 4011). Note: DHCP option 060 PXE Client does not appear unless your server has the WDS role installed.
  3.  RFC 1542. If your DHCP/WDS server is on a different subnet from one your client reside in then you have to have RFC 1542 compliant router between these subnets, and most modern routers are RFC 1542 compliant. Such routers can be configured to pass BOOTP broadcasts (i.e. broadcast messages which use ports 67 and 68). If you don’t have router compliant with such standard you have to leverage RRAS role and configure DHCP Relay agent.
Please follow and like us:

How to install windows feature when you removed it with “- Remove” flag

Windows Server 2012 introduced so called “Features on Demand” which is nothing more than fancy term for removal of unused feature binaries (aka “feature payloads”) from your installation to decrease installation footprint, so that you can’t bring them back without using some external source. In conjunction with Minimal Server interface and post install ability to move along Full GUI – Core spectrum a lot of folks trying also to remove feature payloads, i.e. doing something like:

This works just fine, but bringing removed feature back maybe difficult, especially when you removed feature from OS with applied updates yet you do not have image with such updates applied. And even if you don’t have any updates you may have hard time figuring out how to properly specify source to bring removed feature back. So here is an example how to do it:

First you need to mount your Windows Server installation ISO and make sure that you know relevant drive letter (it is “D” in example below). Next list images available in install.wim file to identify image ID of Windows edition you need (Standard/Enterprise, FULL/CORE) by means of the following command:

Screenshot of the output:


In my case it was necessary to use image with index id 2 (Standard edition, full install). With this info you can install required feature specifying image ID as a source:

Sample screenshot:

Install-WindowsFeature from source

I think this example will be enough for you to bring back your “features on demand” 🙂


Please follow and like us:

What’s new in Windows Server 2016

I was somewhat busy with all things K2 recently and there are a lot of interesting stuff about to be released in version 4.7 soon. Because of that I didn’t have enough time to follow new developments on MSFT side but find some time to read up on Windows Server 2016 new features the other day, as well as watch recording of CBT Nuggets webinar “What to Expect in Microsoft Server 2016” by their new instructor Michael Watkins. This blog post is largely based on info from this webinar plus some info from MVA Course: What’s new in Windows Server 2016 Preview.

First I would take some feedback Michael Watkins who just recently joined CBT Nuggets team. As he has a wealth of prior experience in teaching relevant topics his way of structuring and explaining material, as well as vocabulary range and usage are just brilliant (sorry can’t help but notice this as an amateur linguist 🙂 ), but his voice is a bit of a problem – not everybody will find it pleasant to listen and sometimes it is a bit too silent even when you set your volume to max (and it seems not to be recording quality but just the way he speaks, i.e. he is not consistently loud). In that respect his type of voice is similar to Greg Shields who did “Microsoft System Center 2012 70-246” training for CBT.

So at the moment there is Windows Server Technical Preview 4 is readily available for you to download and try and RTM is expected to arrive at some later point this spring. So it is high time to have at least a brief look at new features we are going to get there. MSFT explains their investment choices as a response to the following trends/problems in IT:


Image source: MVA Course: What’s new in Windows Server 2016 Preview

Essentially there are five major new features/improvements areas:

  • Nano Server. This one is a little bit different than core and a lot different than GUI.
  • Containers. Technology known as Docker in Linux world and especially important thing for web-based apps. Basically a great way to isolate apps from the OS.
  • Virtualization Enhancements. These are mainly focused on security and identification improvements.
  • Storage Direct and Storage QoS. Allow you to control storage bandwidth, capability and flexibility allocation.
  • Software-defined Network. New paradigm for building and managing networks is here, and MSFT created technology which allow you to implement SDN with Windows Server 2016.

We are going to get the following flavors/editions of Windows Server 2016:

  • Nano Server (similar to core)
  • Server Core
  • Server with a Desktop Experience

(1) Nano Server is a headless (aka GUI-less), x64 only version of Windows server. As opposed to Core, Nano Server is a purpose-built version of OS and not an installation option like core where you getting all the binaries and then select between Core & GUI.

It has no GUI at all. At the time of deployment you have to decide how to use Nano Server. It is purpose built OS based on packages. See details in “Getting Started with Nano Server” on MSDN. So packages architecture introduced to keep it lean. At the moment the following packages are available:

  • Compute
  • FailoverCluster
  • Guest
  • OEM-Drivers
  • Storage
  • Reverse Forwarders

As MSFT documentation puts it Nano Server “is similar to Windows Server in Server Core mode, but significantly smaller, has no local logon capability, and only supports 64-bit applications, tools, and agents. It takes up far less disk space, sets up significantly faster, and requires far fewer updates and restarts than Windows Server. When it does restart, it restarts much faster.”

In terms of remote administration it is almost the same as Server Core (but keep in mind the fact highlighted above – it has no local logon capability). So as Michael Watkins puts it, Server Core introduced brave new GUI-free world, Nano Server kicks that up a notch. In a dry language there is no local logon capability (true headless or headless-only, if you please) + x64 only workloads, admin tools and binaries.

To administer Nano Server remotely you can use PowerShell, WMI and different x64 remote management consoles (Hyper-V Manager etc.)

(2) Containers. This is a DevOps thing which is allows you to package & run apps withing containers (physical/virtual) which are fully self-contained with no footprint on base OS at all (all dependencies are inside of container). Containers architecture comprise of the following layers Layers:

  • App A (Bins/Libraries) | App B (Bins/Libraries) | Containers Layer
  • Container Management Stack
  • Host OS with Container Support
  • Server


Image source: Windows IT Pro

There are two types of containers as you can see from the picture above:

  1. Windows Server Container (first available in TP3) – shared base OS, very scalable & resource efficient. Good for trusted multi-tenant environment/private cloud type of environment.
  2. Hyper-V Container. Higher/extra level of isolation alternative to Windows Server Container. Good for shared hosting/highly regulated environment. Multiple applications for multiple tenants/public multi-tenant environment. More resources required but isolation is better.

Both types of containers can use the same image.

And after reading till this point you may get a feeling that this just terminology update + use case refinement (with some technical improvements) similar to one which we see when Terminal Services evolved into Remote Desktop Services (we got Remote Desktop and Remote Apps later) and further down the road MSFT technology mix evolved into idea that you have Desktop, Presentation and Application virtualization set of use cases/technologies. If you followed their predecessors for you it was probably sort of like evolution of existing things – use cases clarified and delineated and slew of new terminology introduced. So for newbies it was something absolutely new for veterans logical evolution with some renaming of parts.

Docker Integration. 

Dockerized App (supports Windows Server Container, Linux Container) and can run anywhere Customer Datacenter, Microsoft Azure, Service Provider:


Image source: azure.microsoft.com

Docker introduced/popularized containers. Server 2016 offers integration with Docker. Docker is just an open-source engine which automates deployment of apps as containers. MSFT partnered with Docker so you can run “dockerized” apps in your MSFT environment and vice versa.

Docker Hub is a huge collection of open and curated applications available for download.

(3) Virtualization Enchancements

MSFT recognized Hyper-V problems and become more serious about security/legitimacy.

Host Guardian Service. If attacker seizes control of host OS it used to be too easy to access guest VMs next. Now better isolation provided to protect VMs in such scenario. Host Guardian service allows to create Guardian Fabric to mitigate against previously mentioned attack and also to define legitimate hosts and created shielded-tenant VMs. It leverages BitLocker which was introduced for Windows Client long time ago and now made its way into Server OS. So in a way we again see old technology leveraged for new use case and hiding behind new shiny name.

Shielded VMs are protected from tampering so that they only can be run within fabric designated to this VM and cannot be moved and run elsewhere.


Image source: rlevchenko.com

Existing VMs can be converted into shielded VMs.

(4) Storage Direct and Storage QoS

Here we also entering in the era of Software Defined Storage, as Microsoft further improves Storage Spaces technology by adding tight integration with System Center and reinventing it as Storage Spaces Direct.

Storage Spaces Direct stack

Image source: technet.microsoft.com

Storage Spaces Direct offers two deployment options:

  1. Compute and Storage Resources joined/managed together -for small deployments
  2. Compute and Storage resources are separate and managed separately – for larger deployments

Storage Spaces Direct deployment choice

Image source: blogs.technet.microsoft.com

Storage QoS. Name is somewhat self-explanatory and now we have things like Rate Limiters (on Hyper-V Cluster) and Policy Manager + I/O scheduler (on Scale Out FS cluster) – I can’t help thinking that architectural pattern here is the same as in infamous NAP. Picture gives you a good top-level idea what we have here:

Storage QoS

Image source: blogs.technet.microsoft.com

(5) Software Defined Network

I first heard about SDN concept back in 2012 when visiting lecture of Nick McKeown and Scott Shenker which they gave at Moscow Polytechnic Museum. Lecture was entitled “Internet of tomorrow: How SDN will change the rules”  (recording in English is available on YouTube) and it gives best possible explanations of why and what of SDN by pioneers and leading researchers in this field. These guys not only were involved into initial research but also launched SDN and network virtualization start up Nicira which was focused on bringing related technologies to market, it was launched in 2007 and in 2012 acquired by VMware for $1.26 billion.

Now you can find SDN concepts implementation in Cisco (9K solution) and VMware products. SDN is all about introducing abstraction of higher-level functionality for better management of networks by means of decoupling network data plane and control plane. Or in other words it is Network Function Virtualization. And now Microsoft offers you their own implementation of this concept which includes the following components:

  • Network Controllers (Standardized Rest API & PowerShell)
  • Service Managers (Software load balancer, Virtual network Firewall, HNV L2/L3GW, S2S GW, VPN GW, SC for 3rd party VNF)
  • Hyper-V Host


Image source: technet.microsoft.com

Network Controller is a foundation for SDN and it is Highly Available & Highly Scalable brand new server role for WS2016 which includes:South-bound API – communication with your physical networkNorth-bound API – communication with network controller

Do you still remember southbridge/northbridge terminology from hardware world of motherboards and chipsets? 😉

To conclude 5 major change areas seem to be very interesting to learn more about and open up new possibilities to design your it infrastructure and deliver your IT services.

Also after looking at the investments area in this version of Windows Server you can see that role of Windows admin profession evolves in a direction of a “fabric admin“, as essentially you now can use Windows server to manage compute, storage and network resources, i.e. fabric on top of which other services are running. So in a way it an end of an era when Windows admin could say “I manage Windows, storage questions handled by storage guy and for networking things there is a networking admin” now Windows administrator supposed to manage entire fabric of compute, storage and network resources – entire fabric (or at least this is Microsoft vision for Windows admin and Windows Server 🙂 ).

More resources for those who are in a mood for learning more about Windows Server 2016:

TechNet Library: What’s New in Windows Server 2016 Technical Preview 4

MVA Course: What’s new in Windows Server 2016 Preview

For those who worrying about system requirements for this OS – those are traditionally super humble/match those of previous version (but everybody knows what those minimum requirements mean anyway 😉 ), you can look through the relevant info at System Requirements and Installation section of Windows Server 2016 Technical Preview documentation on TechNet.

Please follow and like us: