How to restore accidentally deleted one note files.

Due to any unwanted circumstance such as incorrect migration, space issue.. etc, you may lose one note files. Fortunately Microsoft one note have automatic backup (out of your regular backup application) that keep certain numbers of files till the retention you have specified.

These settings can be configure from one note application itself.

Open one note, select File from menu list, select Options then select Save & Backup.

onenote_issue.jpg

By default the backup location is typically configured to user profile unless if not change by user/administrator.

e.g.

C:\Users\<UserAlias>\AppData\Local\Microsoft\OneNote\<OneNoteVersion>\Backup

backup_copy.jpg

 

From this location you should see different section and backup copies. Select latest copy then open in one note then right click select Move or Copy option OR you can merge with any existing one note section.

copymove.jpg

Life saver option who use one note

Advertisements

vCenter backup via vCenter Appliance Management interface (VAMI) to SMB fails

Following error can be seen when you edit Backup schedule.

Error in method invocation module ‘util.Messages’ has no attribute ‘ScheduleLocationDoesNotExist’

schedule.jpg

Backup now (Immediate backup) fails with error. “SMB location is invalid”

backupnow.jpg

Following lines can be seen in applmgmt.log (/var/log/vmware/applmgmt/)

2019-06-07T22:12:28.673 [15209]ERROR:backupRestoreAPI:Failed to mount the cifs share //ad.gsslabs.org/ at /storage/remote/backup/cifs/fs.labs.org/h3CYi0qm/g5dWY4YQ; Err: rc=32, stdOut:, stdErr: mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
2019-06-07T22:12:28.673 [15209]ERROR:backupRestoreAPI:Couldn't mount the cifs share //ad.gsslabs.org/ at /storage/remote/backup/cifs/fs.labs.org/h3CYi0qm/g5dWY4YQ
2019-06-07T22:12:28.689 [15209]ERROR:vmware.appliance.vapi.impl:pint.Error('com.vmware.applmgmt.err_invalid_remote_loc', '%(0)s location is invalid.', **{'args': LocationType(string='SMB')})

This issue happens when SMB1 is disabled on File Server OR blocked in network. If you are using windows as file server then run following PowerShell to see current status of SMB version 1 & 2.

Get-SmbServerConfiguration |select EnableSMB1Protocol, EnableSMB2Protocol

Typical Output

Get-SmbServerConfiguration |select EnableSMB1Protocol, EnableSMB2Protocol
EnableSMB1Protocol EnableSMB2Protocol
------------------ ------------------
             False               True

Enabling SMB1 version may help to fix this issue.

Set-SmbServerConfiguration -EnableSMB1Protocol $true

Typical Output

Confirm, Are you sure you want to perform this action?
Performing operation 'Modify' on Target 'SMB Server Configuration'.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): Y

Please note, if SMB1 is disabled deliberately due to security concern as it considered  weaker protocol compare to SMB2/3 then use alternate protocol (HTTP, FTP, NFS..ETC) to take vCenter backup via VAMI.

vCenter upgrade OR un-installation of version 6.5 may fail on windows server

During upgrade from any existing supported version OR un installation of windows based vCenter fails with following error.

VMware Message Bus Configuration service failed stop.
Couldn't install the message bus configuration service, due to the following reason: traceback
File \Program Files\VMware\vCenter Server\Firstboot\mbcs_firstboot.py. Line 276.
..
..
The directory is not empty

vCenter_upgrade_failed

This issue comes because stale directory known as tomcat.8080 create at various location inside vCenter server that cause upgrade, reinstallation and various different vCenter operation.

To solve this issue, open vCenter installation directory and search tomcat.8080

vCenter_search.jpg

Typical location of this directory

\Program Files\VMware\vCenter Server\mbcs\tomcat.8080
\Program Files\VMware\vCenter Server\vmon\tomcat.8080
\Program Files\VMware\vCenter Server\vsm\wrapper\tomcat.8080

Take backup of all these directory and delete.

Attempt to upgrade/uninstall vCenter that stuck due to this error.

Figure out who is deleting files from windows operating system

File OR folder from windows operating system (client/OS) might miss due to many different reason. A user may logon to system interactively OR remotely then delete the file OR a malicious process may also delete the file. If you are unsure who is deleting files/folder then windows auditing is the best way to figure this out.

Follow this sequence to understand the concepts.

Enable windows auditing from Local Security Policy (run – secpol.msc). If you are doing against multiple servers then edit group policies from domain controller.

SCpolicy1

You can use following PowerShell to automate this step.

secedit /export /cfg c:\secpol.cfg
(gc C:\secpol.cfg).replace("AuditObjectAccess = 0", "AuditObjectAccess = 3") | Out-File C:\secpol.cfg
secedit /configure /db c:\windows\security\local.sdb /cfg c:\secpol.cfg /areas SECURITYPOLICY
rm -force c:\secpol.cfg -confirm:$false

 

Update group policy using following command.

gpupdate /force

Select folder that needs to be audited. In my example, I am enabling auditing for Delete action on c:\temp\temp folder

SCpolicy2.jpg

You can use below PowerShell

#Uncomment if foder you intending to be audited isn’t created so far.
#New-Item -type directory -path C:\temp\temp
$Folder= "c:\temp\temp"
$ACL = Get-Acl $Folder
$ar1 = New-object System.Security.AccessControl.FileSystemAuditRule ("EveryOne","Delete","3")
$Acl.SetAuditRule($ar1)
Set-Acl $Folder $ACL

 

Now if anyone (user/process) delete your file then event will be generated in your event viewer. For e.g. I am deleting File1.txt using windows explorer (right click \delete) second file using PowerShell.

RM -Force C:\Temp\TEMP\File2.txt -Confirm:$false

 

Open Event viewer and search Security log for Event ID 4656 with “File System” task category and with “Accesses: DELETE” string. “Subject: XXXX” will show you who has deleted a file.

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: MM/DD/YYYY HH:MM:SS
Event ID: 4656
Task Category: File System
Level: Information
Keywords: Audit Success
User: N/A
Computer: server.domain.local
Description:
A handle to an object was requested.
Subject:
Security ID: domain\user1
Account Name: user1
Account Domain: domain
Logon ID: 0x98B5C
Object:
Object Server: Security
Object Type: File
Object Name: C:\Temp\Temp\File2.txt
Handle ID: 0x774
Resource Attributes: -
Process Information:
Process ID: 0x4c4c
Process Name: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
Access Request Information:
Transaction ID: {00000000-0000-0000-0000-000000000000}
Accesses: DELETE
ReadAttributes
Access Reasons: DELETE: Granted by D:(A;ID;FA;;;BA)
ReadAttributes: Granted by D:(A;ID;FA;;;BA)
Access Mask: 0x10080
Privileges Used for Access Check: -
Restricted SID Count: 0

 

OR you can below basic PowerShell to query system event viewer log.

Get-EventLog -LogName Security -InstanceId 4656

Power2-OUT.jpg

#new-item, #uncomment

Active Directory deployment using cloud formation in AWS

Paste following code in notepad and save file with YML extension (eg. ActiveDirectory.yml).

AWSTemplateFormatVersion: 2010-09-09
Parameters:
 ADDomainName:
  Description: "Name the AD domain, eg. Mydomain.LOCAL"
  Type: String
 AdminPassword:
  NoEcho: true
  Description: "Type the password of default 'Admin', hint Pass@me123"
  Type: String
 MyVPC:
  Description: VPC to operate in
  Type: AWS::EC2::VPC::Id
 EditionType:
  Description: "Type of AD"
  Type: String
  Default: Enterprise
  AllowedValues:
    - Standard
    - Enterprise
 PrivateSubnet1ID:
   Description: 'ID of the private subnet 1 in Availability Zone 1 (e.g., subnet-a0246dcd)'
   Type: 'AWS::EC2::Subnet::Id'
 PrivateSubnet2ID:
   Description: 'ID of the private subnet 2 in Availability Zone 2 (e.g., subnet-a0246dcd)'
   Type: 'AWS::EC2::Subnet::Id'

Resources:
  MYDIR:
    Type: 'AWS::DirectoryService::MicrosoftAD'
    Properties:
        Name: !Ref ADDomainName
        Password: !Ref AdminPassword
        Edition: !Ref EditionType
        VpcSettings:
            SubnetIds:
                - !Ref PrivateSubnet1ID
                - !Ref PrivateSubnet2ID
            VpcId: !Ref MyVPC
Outputs:
  DomainName:
    Description: Newly Created Domain name is
    Value: !Ref ADDomainName
    Export:
      Name: DomainName
  DirectoryID:
    Description: ID of AD that will be used in EC2 & SQL servers
    Value: !Ref MYDIR
    Export:
     Name: Directory-ID
  DNS:
    Description: IP address of DNS servers.
    Value: !Join
          - ','
          - !GetAtt MYDIR.DnsIpAddresses
    Export:
     Name: DnsIpAddresses

 

Open AWS console. Go to Cloud formation service then create a New stack, browse and select the YML file created for above step.

SelectFile.jpg

 

Specify Stack name, parameters such as AD name, Admin password, Edition, VPC, Subnet.

Parameter.jpg

 

AWS will prepare resource in background, status will remain Create_in_progress.

Working.jpg

 

After completion, Status will turn to complete, Output tab will show columns as return result, the value in Export Name can be used for any future cloud formation deployment such as Windows EC2, AWS RDS.. ETC.

Final.jpg

Here are the details of Managed AD in AWS.
AWS Managed Microsoft AD
AD DS on AWS

Since this is my blog on AWS cloud formation, I will try improving above code and include few more use cases such as accessing managed AD, creating AWS RDS and joining EC2 in AWS.

Retrieve Active Directory object properties using VBScript.

In many circumstance, you may need to isolate application and Active directory issues that may popup because of bad network OR configuration of environment. In one of last challenge to isolate application performance issues with network while retrieving AD object I used following VBScript rather than custom application.

Create a text file eg. RetrieveProxy.vbs in your desired location (mine is c:\tools). Paste following code into notepad.

This will retrieve ‘user1’ proxy address from Active directory.

StartTime=Now
REM wscript.echo Starttime
Set objUser=GetObject("LDAP://192.168.2.100/CN=user1,OU=Myusers,DC=domain,DC=local")
ProxyAddress=objUser.proxyAddresses
EndTime=Now
TimeTaken=DateDiff("s",StartTime,EndTime)
wscript.echo("Proxy Address: "&ProxyAddress", Bind took "&TimeTaken&" Seconds, From "&StartTime&" To "EndTime)

You can run either using command line.

commandout.jpg

Or by simply double clicking on “RetriveProxy.vbs”.

window1out.jpg

In above script,

  • You can modify the property name you wish to retrieve from AD. I have used “proxyAddress” you can have “whenCreated”, “whenChanged” OR any other available object properties.
  • You can change IP OR FQDN of Domain controller. It can be without IP/FQDN as well, Eg. “LDAP:// CN=user1,OU=Myusers,DC=domain,DC=local”, in that case it will connect nearest available domain controller.
  • Adding variable ‘StartTime’ OR ‘EndTime’ is completely optional, I have used it so I can see time taken during retrieval so that I can compare it other application doing similar stuff. If it take longer time then expected then definitely some of n/w resources are at fault somewhere.

Following is the modified version so it can run against all objects of an OU (Organizational unit).

StartTime=Now
REM wscript.echo Starttime
Set objUsers=GetObject("LDAP://192.168.2.100/OU=MyUsers,DC=domain,DC=local")
objUsers.Filter = Array("User")
Dim AllUsersProxy
For Each obj In objUsers
   AllUsersProxy=AllUsersProxy&obj.cn&"  "&obj.proxyAddresses&vbnewline
Next
EndTime=Now
TimeTaken=DateDiff("s",StartTime,EndTime)
wscript.echo("Proxy Addresses: "&vbnewline&AllUsersProxy&"Bind took "&TimeTaken&" Seconds, From " &StartTime&" To "&EndTime)

Please note, this script retrieve two properties and output will be new line for each objects.

commandout3

windowout2.jpg

 

Design Windows form using PowerShell

As you all be agree, windows forms are more user friendly then command line interface. If you are a windows admin and figuring out how to write a windows form using PS code then use following link and download Form Builder PS script to easily write such code.

In my simple example, created a windows form with a ‘Button’ and a ‘Label’ however your script may have lots of different options.

FormMaker.jpg

Once you complete preparation of your windows form, then click on ‘Export’, this will develop code file for the form and windows control you have selected. Now you write down code on ‘Button’ click. I have added following line of code.

$Button_click=
 {
  $wmiOS = Get-WmiObject -Class Win32_OperatingSystem;
  $OS = $wmiOS.caption;
  $mLabel1.Text=$OS
 }

$mButton1.add_click($Button_click)

Outputfile.jpg

Entire script can be copied from Here.

    Add-Type -AssemblyName System.Windows.Forms
    Add-Type -AssemblyName System.Drawing
    $MyForm = New-Object System.Windows.Forms.Form
    $MyForm.Text="MyForm"
    $MyForm.Size = New-Object System.Drawing.Size(400,200) 

        $mButton1 = New-Object System.Windows.Forms.Button
                $mButton1.Text="GetOSVersion"
                $mButton1.Top="43"
                $mButton1.Left="7"
                $mButton1.Anchor="Left,Top"
        $mButton1.Size = New-Object System.Drawing.Size(120,23)
        $MyForm.Controls.Add($mButton1) 

        $mLabel1 = New-Object System.Windows.Forms.Label
                $mLabel1.Text=""
                $mLabel1.Top="83"
                $mLabel1.Left="17"
                $mLabel1.Anchor="Left,Top"
        $mLabel1.Size = New-Object System.Drawing.Size(400,23)
        $MyForm.Controls.Add($mLabel1) 

        $Button_click=
        {
        $wmiOS = Get-WmiObject -Class Win32_OperatingSystem;
        $OS = $wmiOS.caption;
        $mLabel1.Text=$OS
        }
        $mButton1.add_click($Button_click)

        $MyForm.ShowDialog()

If you feel the underline code should remain hidden and the end user should not see the background logic then you can convert your PS1 script to EXE using PS2EXE tool.