Upon rebooting a Terminal Server that had resource issues, we could not log back into the server through RDP. We could log in through iLO, and it was apparent that the logins were working but they were very slow. Upon examining the services, we could see that the IPSEC service was not started.
Trying to manually start the service gave the following popup: “Could not start the IPSEC Services service on Local Computer. Error 2: The system cannot find the file specified.” The event logs also showed that TCP/IP was in blocking mode.
Disabling the service and rebooting restored all network communication, but trying to start the service would drop all connectivity again and slow down the server. I found another article that said that IPSEC may need to be rebuilt. When I looked for the registry keys for IPSEC, they were not there. After I ran the following commands, the registry keys were populated, and IPSEC was able to run properly.
To rebuild IPSEC, follow these steps: [more]
- Click Start, click Run, type regedit, and then click OK.
- In Registry Editor, locate and then click the following subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\IPsec\Policy\Local. (In my case, the server’s registry ended before IPsec. If this is the case, skip to step 6.)
- On the Edit menu, click Delete.
- Click Yes to confirm that you want to delete the subkey
- Quit Registry Editor
- Click Start, click Run, type regsvr32 polstore.dll, and then click OK.
This is a quick credssp registry fix for the following error when trying to connect to a machine using RDP (Remote Desktop):
This is because the server you are connecting to is not patched up to date, and the machine you are connecting from is. Modify the registry to allow your machine to connect to it:
- Open Regedit.
- Navigate to the following registry key, or create it if it does not exist:
- Create a new DWORD value called “AllowEncryptionOracle“
- Set the new registry entry to have a value of 2:
5. Connect to the server that you were unable to connect to before.
Run this from an elevated command prompt to achieve the same result:
- REG ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /v AllowEncryptionOracle /t REG_DWORD /d 2
VSS writers and VSS writers Related Windows Services details are below:
|VSS Writer||Service Name||Service Display Name|
|ADAM $instanceName Writer||ADAM_$instanceName||$instanceName|
|ASR Writer||VSS||Volume Shadow Copy|
|BITS Writer||BITS||Background Intelligent Transfer Service|
|Certificate Authority||CertSvc||Active Directory Certificate Services|
|COM+ REGDB Writer||VSS||Volume Shadow Copy|
|DFS Replication service writer||DFSR||DFS Replication|
|DHCP Jet Writer||DHCPServer||DHCP Server|
|FRS Writer||NtFrs||File Replication|
|FSRM writer||srmsvc||File Server Resource Manager|
|IIS Config Writer||AppHostSvc||Application Host Helper Service|
|IIS Metabase Writer||IISADMIN||IIS Admin Service|
|Microsoft Exchange Replica Writer||MSExchangeRepl||Microsoft Exchange Replication Service|
|Microsoft Exchange Writer||MSExchangeIS||Microsoft Exchange Information Store|
|Microsoft Hyper-V VSS Writer||vmms||Hyper-V Virtual Machine Management|
|MSMQ Writer (MSMQ)||MSMQ||Message Queuing|
|MSSearch Service Writer||WSearch||Windows Search|
|NPS VSS Writer||EventSystem||COM+ Event System|
|NTDS||NTDS||Active Directory Domain Services|
|OSearch VSS Writer||OSearch||Office SharePoint Server Search|
|OSearch14 VSS Writer||OSearch14||SharePoint Server Search 14|
|OSearch15 VSS Writer||OSearch15||SharePoint Server Search 15|
|Registry Writer||VSS||Volume Shadow Copy|
|Shadow Copy Optimization Writer||VSS||Volume Shadow Copy|
|SharePoint Services Writer||SPWriter||Windows SharePoint Services VSS Writer|
|SPSearch VSS Writer||SPSearch||Windows SharePoint Services Search|
|SPSearch4 VSS Writer||SPSearch4||SharePoint Foundation Search V4|
|SqlServerWriter||SQLWriter||SQL Server VSS Writer|
|System Writer||CryptSvc||Cryptographic Services|
|TermServLicensing||TermServLicensing||Remote Desktop Licensing|
|WDS VSS Writer||WDSServer||Windows Deployment Services Server|
|WIDWriter||WIDWriter||Windows Internal Database VSS Writer|
|WINS Jet Writer||WINS||Windows Internet Name Service (WINS)|
|Windows Server Storage VSS Writer||WseStorageSvc||Windows Server Essentials Storage Service|
|WMI Writer||Winmgmt||Windows Management Instrumentation|
I am also trying to find some easy way rather than complex methods to do via scripts. For Azure we have variety of methods to operate including powershell and CLI. Here we can use the CLI method to export the Azure DNs zone files to txt and we can import them again using very less effort in CLI to restore. For restring refer to the article How to import/export DNS zone file to Azure DNS using CLI here.
You can download the readymade script from the link Azure DNS Zone Imports Script.
#Login to Azure using CLI with Username and Password
az login -u <Put Username Here> -p <Put Password Here>
az account set -s <Put Subscription Name here>
#Set date format to create folder automatically with the date to export zone files
$date = Get-Date
$dateFormat = $date.ToString(“yyyy-MM-dd”)
New-Item -ItemType directory -Path “D\AzureDNSBackup\$dateFormat”
#Use below command to export the each zone file one at a time
az network dns zone export -g “Put Resource Group Name Here” -n “Put zone name here” -f “D:\AzureDNSBackup\$dateFormat\ZoneFileName.txt”
#Export the list of zone files from folder to a file
Get-ChildItem -Path “D:\AzureDNSBackup\$dateFormat\*.txt” | out-file “D:\AzureDNSBackup\$dateFormat\Zone_List.txt”
#Send the zone file list in email for the backup confirmation
$filename = “D:\AzureDNSBackup\$dateFormat\Zone_List.txt”
$smtpServer = “relay Server Name/IP”
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment($filename)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = “Sender Email Address here”
$msg.To.Add(“Put Recipeint Email Address Here”)
$msg.Subject = “Daily Azure DNS Zone Backup – $((Get-Date).ToShortDateString())”
$msg.Body = “Daily Azure DNS Zone Backup done to D drive AzureDNSBackup folder on server “ServerName”, Backup Zone List Attached”
$msg.IsBodyHTML = $true
This procedure is the only one which worked for me on a Windows 2012 R2 and 2016 RDP session:
1. Click Start
2. Type osk (to bring up the on screen keyboard)
3. Hit enter
4. Once the on screen keyboard is open, hold ctrl+Alt on your physical keyboard, then click on the del key in the on screen keyboard.
5. Minimize the on screen Keyboard
6. Click Change a password.