Activation Error Code 0x8007000D. slmgr.vbs The data is invalid.

Scenario:
Windows Server 2008 R2. Refusing to activate.
Changed Keys, reset the spp service, renamed tokens.bat, removed softwaredistribution / any other fix under the sun

Errors:

Through the GUI.
Activation Error Code 0x8007000D

through the Telephone Option
The data is invalid.
Next screen just shows the numbers 1 2 3 4 5 6 7 8 9

slmgr.vbs /dlv to get the Installation ID
C:\Windows\system32\slmgr.vbs(1333, 5) (null): The data is invalid.

Microsoft Fix It wasn’t available and the permissions it mentioned matched what I had.
https://support.microsoft.com/en-us/help/2230957/error-code-0x8007000d-when-trying-to-activate-a-windows-server-2008-or-windows-7-machine-using-any-type-of-product-key.

The fix:
Albeit struggling, there is some merit to Microsofts article above.

Note: Always take a backup first.

To fix, I took ownership of the Key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root and set “replace permissions on child objects” in the advanced security.

Once applied, I was able to successfully activate. I hope this helps someone else out there.

Exchange 2013. VSS Exchange Writer. Reset without Reboot.

I’ve found that the Microsoft Exchange Writer will be in a retryable error quite often and this can be a right pain in the backside to organise an outage and get the server restarted.

Writer name: ‘Microsoft Exchange Writer’
Writer Id: {76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}
Writer Instance Id: {963d5c60-7683-4a2b-9ec4-85af944723b9}
State: [5] Waiting for completion
Last error: Retryable error

There is a relatively non-impacting way to reset this.

Restart service MSExchangeRepl

Exchange 2013. VSS Microsoft Exchange Writer. Reset without Reboot.

I’ve found that the Microsoft Exchange Writer will be in a retryable error quite often and this can be a right pain in the backside to organise an outage and get the server restarted.

Writer name: ‘Microsoft Exchange Writer’
State: [5] Waiting for completion
Last error: Retryable error

There is a relatively non-impacting way to reset this.

Restart service MSExchangeRepl. Some sources suggest restarting the Microsoft Information Store Service, at least in my environment I haven’t found this necessary

Writer name: ‘Microsoft Exchange Writer’
State: [1] Stable
Last error: No error

Exchange 2013. IMAP (S) not Connectable. No peer certificate available

You are find IMAPS connections aren’t working. You’ve checked the settings with Get-IMAPSettings and confirmed the services are running.

Testing with OpenSSL you find there are problems with the SSL Handshake

openssl s_client -showcerts -connect %ServerName%:993
Loading ‘screen’ into random state – done
CONNECTED(00000634)
write:errno=10054

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 317 bytes

New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated

It took me a while to find this. It looks like Active Manager has intervened and disabled the Imap component.

Get-ComponentState -Identity ExchangeServer

And what do we see?

Component State
——— —–
ImapProxy Inactive

This kind of makes sense, just think about what you do to the Hub Transport component when you patch servers in a DAG.

This can be fixed by running

Set-ServerComponentState -Identity ExchangeServer1 -Component imapproxy -State Active -Requester HealthApi

SCCM. SQL Query for AV Detections. v_gs_threats.

Rather than using the in built SCCM’s reports, I run a customized query to return Anti Virus detection.

SELECT v_R_System.Name0 as Name,Username,DetectionID,DetectionTime,ThreatName,Path,CleaningAction,ActionSuccess
From v_GS_Threats
Inner Join v_R_System
ON v_GS_Threats.ResourceID=v_R_System.ResourceID
WHERE DetectionTime >= DATEADD(DAY,-%days%, GETDATE())

Edit the days value depending on how far back you want to go. I like to run this weekly and in my case, it would be -7.

You can use this if you build your own report in Reporting Services or if you are that way inclined, wrap it in Powershell to send an HTML email.

You can download and install the SQL Powershell module on a non sql server by following the instructions here http://guidestomicrosoft.com/2015/01/13/install-sql-server-powershell-module-sqlps/

v_GS_Threats. SCCM. CleaningAction Table.

I was using SQL Server Reporting services to create my own malware report out of SCCM.

Out of the v_GS_Threats table I am able to pull out CleaningAction, however this is an integer and doesn’t really tell me much.

After searching around for a while, I managed to find the information in a Technet Forum post. See below.

CleaningAction Cleaning Text
0 Unknown
1 Detected
2 Cleaned
3 Quarantined
4 Removed
5 Allowed
6 Blocked
9 Quarantined
101 CleanFailed
102 QuarantineFailed
103 RemoveFailed
104 Allow Failed
105 Abandoned
107 BlockedFailed

Source: https://social.technet.microsoft.com/Forums/systemcenter/en-US/5df107ba-1956-4025-9ee7-cf8bb51f1837/scep-database-cleaningaction-column?forum=FCSNext

Direct Access 2012 R2 – Configuration settings stored in GPOs cannot be backed up – Domain Removed

Scenario: You’ve decommissioned a domain from your Forest. You’ve found the need to change some settings in your Direct Access configuration.

You get the error “Direct Access Configuration settings stored in GPOs cannot be backed up”, you try to remove the Configuration to redo it all, you get told “PDC for domain.com cannot be contacted”.

Do Note: If you are going to try the solution, ensure you make backups of your registry keys and other entries first.

Solution: Under key, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RaMgmtSvc\Config] you will find a entry called “ServerGPO”, with a domain name and GUID. This may be a valid domain and in my case, it was. Note the GUID and search for it in Group Policy Editor. You will find your group policy configuration.

In my case, this still had Group Policy settings pointing to my old domain. Unfortunately, templates for these group policy settings don’t appear to exist yet.

I duplicated the policy and using a registry.pol editor, I was able to edit the keys out, saving the file as registry.pol.

I haven’t found any free editors, however you can use TorchSofts trial at http://www.torchsoft.com/en/rw_information.html. This can also be done via powershell and vbscript, use google and you will find some who have put it together for you. Unfortunately, trying this in wordpad or notepad corrupts the file. 🙂

After creating my new registry.pol file, I went to \\domain.com\sysvol\domain.com\policies\myguid\machine, replaced the file, opened registry editor and under key [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RaMgmtSvc\Config] and edited ServerGPO to my new Group Policy object \\domain.com\guid

Of course, this would be much easier with valid adm template where you can edit the Group Policy Object.