Fix A Broken Trust Relationship With Domain without Removing/Rejoining

Have you been hit with the login error: The trust relationship between this workstation and the primary domain failed.
GOOD News, there is a fix (If you can get into the machine – see below)
Just change your computer password using netdom.exe!

netdom.exe resetpwd /s: /ud: /pd:*
= a domain controller in the joined domain
= DOMAIN\User format with rights to change the computer password

Can’t log in because you don’t have the local admin password? Try this trick:

  • Turn off computer.
  • Remove network cable.
  • Turn on computer.
  • Login using regular domain credentials
  • This should work with any credentials recently used on that machine as they will be cached locally.

    Thanks to: http://implbits.com/active-directory/2012/04/13/dont-rejoin-to-fix.html

    Exchange 2016 – Transport Provider Refuses to Start 0xC0630005

    I have had issues with my Exchange server receiving, or more aptly, not receiving emails. It decided that it no longer wanted to work at approximately 8pm on a Saturday. Do you know what else happened at about the same time? A handful of Windows updates!
    So MS broke their own program. I assume they are working to fix this problem, but I still need to receive mail. I have several choices; remove the windows updates that were applied; search the Internet for a solution; or check my event logs to look for a hint to the problem.

    For my troubles I get this beauty:

    Microsoft Exchange couldn’t start transport agents. The Microsoft Exchange Transport service will be stopped. Exception details: Failed to create type ‘Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll’ due to error ‘Exception from HRESULT: 0xC0630005’. : Microsoft.Exchange.Data.ExchangeConfigurationException: Failed to create type ‘Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory’ from assembly ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll’ due to error ‘Exception from HRESULT: 0xC0630005’. —> Microsoft.Exchange.Data.ExchangeConfigurationException: Exception from HRESULT: 0xC0630005 —> System.Runtime.InteropServices.COMException: Exception from HRESULT: 0xC0630005
    at Microsoft.Exchange.Data.Transport.Interop.IComInvoke.ComAsyncInvoke(IProxyCallback callback)
    at Microsoft.Exchange.Transport.Agent.ContentFilter.Util.InvokeExLapi(ComProxy comProxy, AsyncCompletionCallback callback, ComArguments comArguments, MailItem mailItem, Byte[] requestType)
    at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.InitializeFilter()
    — End of inner exception stack trace —
    at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.InitializeFilter()
    at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory.Configure(Boolean onStartup)
    at Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory..ctor()
    — End of inner exception stack trace —
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable.CreateAgentFactory(AgentInfo agentInfo)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.FactoryTable..ctor(IEnumerable agents, FactoryInitializer factoryInitializer)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.RuntimeSettings..ctor(MExConfiguration config, String agentGroup, FactoryInitializer factoryInitializer, AgentGrayExceptionHandler agentGrayExceptionHandler, IExecutionStatisticsCollectorFactory statisticCollectorFactory, ITransportSettingsConfiguration settingsConfiguration)
    at Microsoft.Exchange.Data.Transport.Internal.MExRuntime.MExRuntime.Initialize(String configFile, String agentGroup, ProcessTransportRole processTransportRole, String installPath, AgentGrayExceptionHandler agentGrayExceptionHandler, IExecutionStatisticsCollectorFactory statisticCollectorFactory, FactoryInitializer factoryInitializer, ITransportSettingsConfiguration transportSettingsConfiguration)
    at Microsoft.Exchange.Transport.Extensibility.AgentComponent.Load()

    After a bit of research, HRESULT: 0xC0630005 seems to be an access violation. The transport services is running under the NETWORK SERVICE account. I proceeded to check the permissions of the folder tree of the file in the event log error: ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll.
    I found that on the ‘C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene folder, NETWORK SERVICE was denied WRITE access. I removed the DENY WRITE. I followed up the path to find where the NETWORK SERVICE permission were being inherited. That led me to the C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles folder. I gave NETWORK SERVICE the added permission of ALLOW MODIFY.
    I also checked the C:\Program Files\Microsoft\Exchange Server\V15\BIN folder and updated its NETWORK SERVICE permission to ALLOW MODIFY as well. I tried restarting the service. It still failed.
    In my searching online, I came across this thread:

    https://social.technet.microsoft.com/Forums/office/en-US/bc5cca0d-fd1c-45d7-9f17-7e6b31a3702c/cant-start-transport-service-after-installing-march-2017-windows-updates?forum=Exch2016GD

    From it, I go the idea to uninstall and reinstall the content filter agent.

    Uninstall-TransportAgent -Identity “Content Filter Agent”

    Install-TransportAgent -Name “Content Filter Agent” -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory” -AssemblyPath “C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”

    This helped in that the Transport Service would remain running, and content filtering (I checked the status of my Barracuda IP Block List Provider) seems to be active.

    Test-IPBlockListProvider “Barracuda IP Block List Provider” -IPAddress 121.34.188.148

    RunspaceId : 9e5504bf-41ce-4f1d-9d4c-7b73fbdc95a0
    Provider : Barracuda IP Block List Provider
    ProviderResult : {127.0.0.2}
    Matched : True

    Although the Transport Service is running, there are warnings in the event log regarding database version issues:

    Source:ESE; EventID:642; edgetransport (18040) Sender Reputation Database: The database format feature version 8980 (0x2314) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001)

    Source:ESE; EventID:642; edgetransport (18040) Transport Mail Database: The database format feature version 8980 (0x2314) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001).

    Source:ESE; EventID:642; edgetransport (18040) IP Filtering Database: The database format feature version 9000 (0x2328) could not be used due to the current database format 1568.20.0, controlled by the parameter 1073741825 (0x40000001).

    For more information, click http://www.microsoft.com/contentredirect.asp.

    and also some errors occurred while running the uninstall/reinstall commands:

    Cmdlet failed. Cmdlet Install-TransportAgent, parameters -Name “Content Filter Agent” -TransportAgentFactory “Microsoft.Exchange.Transport.Agent.ContentFilter.ContentFilterAgentFactory” -AssemblyPath “C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\agents\Hygiene\Microsoft.Exchange.Transport.Agent.Hygiene.dll”.

    So, still have some things to sort out, but email is flowing. Hopefully Microsoft patches Exchange in short order.

    Bypass Windows Account Logon – Password Reset

    If you are in the situation where you forgot the local account (Not Microsoft LiveID) password, there are several ways to reset the password. Most use a boot disk using Linux to access the SAM file are blank the password.
    This method also uses a boot disk or recovery disk to access the command prompt.
    Once at the command prompt, follow these step:

    1. Find the Windows\System32 folder (It likely won’t be C: in the recovery environment
    2. Rename UtilMan.exe to UtilMan.Old
    3. Copy cmd.exe to UtilMan.exe
    4. Reboot computer back to the normal Windows logon screen.
    5. Click the analog clock looking icon null– you may need to press Ctrl-Alt-Del or click the screen to see the icon.
    6. At the command prompt that appears, type Net user Name 1234 where Name = the account name to reset the password and 1234 is the password you want.
    7. You can now log in using the new password.

    Configure Exchange to Use DBL Spam Blocking List BarracudaCentral.org

    With any mail server, you need to manage spam. When I moved to Exchange server, I needed to figure out how to enable DBL blocking services.
    I prefer the Barracuda Central DBL. You should register and provide them with you server IP’s before using this configuration.

    Simply create the block list provider at the Exchange Powershell prompt. This can be easily modified for Spamhaus and other DBLs.

    Add-IPBlockListProvider -Name “Barracuda IP Block List Provider” -LookupDomain b.barracudacentral.org -BitmaskMatch 127.0.0.1

    You can test the block list by using a test against an IP or your choosing.

    Test-IPBlockListProvider “Barracuda IP Block List Provider” -IPAddress 121.34.188.148

    The test should respond as such:

    Provider : Barracuda IP Block List Provider
    ProviderResult : {127.0.0.2}
    Matched : True

    If the ProviderResult = {127.0.0.2}, then it means the IP is listed in the DBL: this means it is a spam IP address.
    If the ProviderResult = {}, then the IP was not found in the DBL and is not a spam IP address.

    For more information, visit Barracuda Central – How-To-Use

    Powershell Commands to Reinstall / Re-register Windows8 and Windows10 Packages/Apps

    To re-register for all Windows Apps for the current user:

    Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

    To re-register for all Windows Apps for all users:

    Get-AppXPackage -AllUsers | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

    This command only works on Windows 10, and I have used it to repair other issues (specifically the Windows Edge Hijack)

    Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like “*SystemApps*”} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

    I really good post on this topic, with other individual App specific commands, is available here: https://www.tenforums.com/tutorials/3175-reinstall-re-register-apps-windows-8-10-a.html

    Issues Printing from DOS to LPT1

    If you use older DOS applications – Such as dBaseIV – you may have run into the situation where you need to print to network printers by mimicking local printer ports using commands like:

    Net Use LTP1 \\MyServer\Printer

    You should now be able to send data to the printer from your applications using the LPT1 port. Alternatively, you can test directly from the command line using commands such as:

    copy file.txt LPT1
    type file.txt > LPT1
    Echo “Testing 123” > LPT1

    But what if you get ‘Access Denied’?

    First, make sure you user has permissions to access the printer \\MyServer\Printer,
    Second, making sure the firewall is allowing the connection,
    Third, make sure you aren’t accidentally overriding a local LPT port. If LPT1 doesn’t work, try LPT2, LPT3, LPT4, etc.
    Fourth, change the permissions on the C:\Windows\System32\Spool folder to allow the user or user group read/write permission.

    I would have thought that the first item would have taken care of the fourth item, but on Windows2012, I can attest that was not the case.

    Edge Browser Homepage Hijack Fix

    One of my clients had their Edge Browser home page hijacked.
    I did a search through the registry for the offending domain

    DoNoGoThere.internet-security-alert.com

    but did not produce any results.

    I ended up deleting the entire ‘MicrosoftEdge’ key {below} and everything was back to normal – seems to be equivalent to doing an Internet Options ‘Reset’

    [HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge]

    The website in question maximized the Edge browser and then pops up a modal windows which restricts you from doing anything with Edge other than ‘End Task’ing it or clicking the ominous OK button. Out of morbid curiosity, clicking the OK changes to another website and pops up another modal window. ‘

    Internet Explorer is unaffected.

    UPDATE:
    To avoid this webpage hijack in the future, adding these entries to the registry will stop Edge from reloading the last open pages. There needs to be a user friendly work around for Edge’s settings – like Internet Explorer’s ‘Internet Options’ control panel applet.

    Windows Registry Editor Version 5.00

    [HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Recovery]
    “AutoRecovery”=dword:00000002

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MicrosoftEdge\Recovery]
    “AutoRecover”=dword:00000002

    UPDATE 2:
    The registry trick no longer works – at least in my experience Edge no longer loads – and I have changed tack to deleting files in the directory tree below. Some trial and error needs to be used, but the files in the Active folder seem to do the trick most of the time.

    C:\Users\[User Name]\AppData\Local\Packages\Microsoft.MicrosoftEdge_xxxx\AC\MicrosoftEdge\User\Default\Recovery\Active\

    UPDATE 3:
    If you delete the Registry Keys (original post) and delete files in the Update 2, you can restore the settings by executing this powershell script (As Administrator). You can try this step first and see if it fixes the problem before doing the other steps.

    Get-AppXPackage -AllUsers |Where-Object {$_.InstallLocation -like “*SystemApps*”} | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml”}

    SFC /Scannow leaving files unrepaired?

    If you rely on SFC to repair those corrupt system files found by CHKDSK, sometimes its response is ‘some files could not be repaired’.

    Now there is a command that seems to help restore you system to health (and funnily enough, one parameter set is /restorehealth)

    dism /online /cleanup-image /restorehealth

    If /RestoreHealth is not an option – for older OS – try the

    dism /online /cleanup-image /ScanHealth

    option instead.

    If you are stuck being unable to do a scan or other repair do to ‘pending actions’ message – and rebooting is not helping – then this may be the command for you.

    dism /image:d:\ /cleanup-image /RevertPendingActions

    To work on the current running OS, use /Online instead of the /Image parameter.

    Windows 8.1 Error 0xc00021a

    This error is due to a Device Driver that is unsigned. On a Windows 8.1 load failure, it will start up in repair mode. Select Advanced Repair, then select Change Startup Options and press Restart. The system will then provide a menu of startup options. Select Disable Device Signature Verification (Option 7). This will then allow you to boot into Windows 8.1 to remove the offending device.
    To determine which device is causing the issue, use the SigVerif.exe program.

    In my case, the program was due to an Intel Wireless/Bluetooth driver, which I promptly uninstalled and allowed Windows Update to install a new version.

    Signature Verify Result
    Signature Verify Result