VMware install / repair error "Service 'VMware Alias Manager and Ticket Service' (VGAuthService) could not be installed"

Product: VMware Tools -- Error 1920. Service 'VMware Alias Manager and Ticket Service' (VGAuthService) failed to start. Verify that you have sufficient privileges to start system services.

Product: VMware Tools -- Error 1923. Service 'VMware Alias Manager and Ticket Service' (VGAuthService) could not be installed. Verify that you have sufficient privileges to install system services.

Windows event log also had below error

Log Name:      System

Source:        Application Popup

Date:          31/08/2021 7:52:58 PM

Event ID:      26

Task Category: None

Level:         Information

Keywords:      

User:          SYSTEM

Computer:      IPTPRDTHY101.internal.qr.com.au

Description:

Application popup: vmtoolsd.exe - System Error : The code execution cannot proceed because VCRUNTIME140.dll was not found. Reinstalling the program may fix this problem. 

So it was clearly an issue with VC++

So 

1) Uninstalled two instanced of 2015-2019 VC++ from add/remove programs

2) Installed VMware tool again 

There was no error this time. Thanks! 

Remote Desktop Failed - "An internal error has occurred"

OS -: Windows 2012 R2 Standard

Recently came across a server that was throwing this error, "An internal error has occurred" ,when an RDP session was attempted.

I could get in to the server

1) First thing I did was to restart"Remote Desktop Services" service. Service was restarted, but no luck with RDP sessions yet.

 2) Checked was event logs for any errors during RDM restart
Bingo! there's one

"The RD Session Host Server has failed to create a new self signed certificate to be used for RD Session Host Server authentication on SSL connections. The relevant status code was Access is denied."

3) Lets check Certs
Start -> Run -> type MMC and Enter

in MMC
File -> Add/Remote Snap-ins
Select Certificates and
Select Computer account and next
Leave selection as Local Computer and Finish
Press OK to complete. 
Expand Certificates and under Remote Desktop there was self-signed cert and it was expired.

4) So I decided to issue a new cert and decided to go with Enterprise CA.

5) Submitted a new cert by going to

First Folder "Personal"
Right click -> All Tasks -> "Request a new certificate"
Complete this using your organization's cert template.

You can also generate a new self-signed cert and export it to Personal store. Please note it needs to be there for the next command to work,


6) Once you have the new cert (CA or Self-Signed) sitting in personal store, we need to copy it's Thumbprint.
For this double click and open the cert inside MMC
Go to details tab
Scroll all the way down and last item will be Thumbprint.
Click that and you can see the Thumbprint listed below. Select and copy the whole value to a notepad file.
After that remove the blank spaces between characters. Mine looks like below

3c7a7a78ac6699b79182dff11329834117a183b3


7) open a command prompt as administrator and run below command, by replacing the Thumbprint with your

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="3c7a7a78ac6699b79182dff11329834117a183b3"

once successfully completed, it will look like this

Should be all good once you restart "Remote Desktop" service once again. 

=========================================================================

If that was not applicable (Cert is still valid) , then try below

Enable TLS 1.2 at the system (SCHANNEL) level:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

Unlock AD user / Reset passwords from command line

Start -> Run -> type "CMD"  and Press Enter

Checking User Account Status
net user <UserName> /DOMAIN | FIND /I "Account Active"

Will return "No" or "Yes".

Unlock a Locked account
Net user <UserName> /DOMAIN /active:YES







Reset Password
Net user <UserName> <newpassword> /DOMAIN /active:Yes

RoboCopy job to copy share folder with share permissions

robocopy <source dir> <des dir> /E /ZB /DCOPY:T /COPYALL /R:1 /W:1 /V /TEE /LOG:CopyLog.log

    source :: Source Directory (drive:\path or \\server\share\path).
    destination :: Destination Dir  (drive:\path or \\server\share\path).
    /E :: copy subdirectories, including Empty ones.
    /ZB :: use restartable mode; if access denied use Backup mode.
    /DCOPY:T :: COPY Directory Timestamps.
    /COPYALL :: COPY ALL file info (equivalent to /COPY:DATSOU).  Copies the Data, Attributes, Timestamps, Ownser, Permissions and Auditing info
    /R:n :: number of Retries on failed copies: default is 1 million but I set this to only retry once.
    /W:n :: Wait time between retries: default is 30 seconds but I set this to 1 second.
    /V :: produce Verbose output, showing skipped files.
    /TEE :: output to console window, as well as the log file.
    /LOG:file :: output status to LOG file (overwrite existing log).

Thanks,
R.H

Restore trustedinstaller as default owner of a file or folder in windows

We had a server with NTFS permission messed up on C:\Windows\System32 folder.
In order to revert to its original settings, I had to keep Trusted Installer as default owner for a few folders.

1) Go to File / Folder properties
2) Navigate to Security tab
3) Click Advanced button
4) Navigate to Owner tab (for Windows 8.1 and 2012 Server, click on Change, next to owner, once you at the "Advanced Security Settings" for the file/folder)
5) Under "From This location" Select local computer
6) Type "NT SERVICE\TrustedInstaller" under object name and clock OK

Should be all set once you apply.

Thanks.
R.H