截至 2023 年 2 月左右,仅当启用我们的转发 Web 代理解决方案时,登录 Microsoft 帐户(个人/消费者)通常可以正常工作(例如,在https://login.live.com/),Microsoft Learn 除外和 Enterprise Skills Initiative (ESI) 无法识别该帐户已登录,并且尝试在该页面上登录似乎可以通过并有效但实际上没有,并且在后台某处记录了以下错误消息:
{"error":"invalid_grant","error_description":"AADSTS500021:拒绝访问“Microsoft 帐户”租户。
有了Office 365 租户限制,可以访问 Microsoft Learn Sandbox 的 Office 365 租户(由https://docs.microsoft.com/en-gb/learn/modules/azure-architecture-fundamentals/exercise-create等课程使用-网站)被阻止:
消息:AADSTS500021:对“Microsoft Learn 沙盒”租户的访问被拒绝。
微软的文档中似乎没有任何内容,谷歌搜索Access to 'Microsoft Learn Sandbox' tenant is denied.绝对没有返回任何内容,因此这篇文章。
目前,我们已经通过使用604c1504-c6a3-4080-81aa-b33091104187来自 URL 的目录 ID 授予访问权限,但这并不理想,因为它不是人类可读的。
有谁知道租户的默认 AAD FQDN ( <something>.onmicrosoft.com) 是什么?
我猜到microsoftlearnsandbox.onmicrosoft.com了,根据https://login.microsoftonline.com/microsoftlearnsandbox.onmicrosoft.com/v2.0/.well-known/openid-configuration它确实存在,但它在这里不起作用。
编辑(2022 年 3 月 16 日 15:36):在使用 Microsoft Learn 沙盒时,我遇到了一个名为 <username>@ triplecrownlabs.onmicrosoft.com的 UPN ,这与 Bobbert 所说/发现的一致。
有谁知道为什么根 CA 证书在 HTTPS 链中完全不存在(不仅存在而且不受信任),而只存在于 Internet Explorer 中?
证书作为受信任的根 CA 安装,谷歌浏览器很好,IE 和 Chrome 共享同一个证书存储。
Wireshark 数据包捕获没有发现任何异常 - 无论 HTTPS 连接是否正常工作,TLS 证书链都不包含根 CA 证书,因此这似乎是正常的,并表明由 Web 浏览器完成链。
我一直无法在网上找到任何东西,因此这篇文章。
我们有一个旧 PSA 系统的 SQL 导出,我们需要从中提取一些凭据。出于某种原因,执行内置视图查询的子集将密码字段显示为NULL(可以理解)或只是空白,但其他 144 列都没有这个问题,据我所知,数据应该是那里。
我对 SQL 知之甚少,但这似乎并没有掩盖,至少因为它显示xs 。
这是一个难以研究的场景,因为其他人都希望能够隐藏密码,而我正在尝试恢复它们。
我们使用 Microsoft Azure 恢复服务 (MARS) 代理来备份 Windows Server 2012 R2 服务器的系统状态。
这些备份开始失败并出现以下错误:
Unable to perform the operation as Windows Server Backup job failed with error message: None of the items included in backup were backed up.
Detailed error: Copy of the files failed.
HResult:80780049 DetailedHResult:8078010E
我在网上没有发现与这些特定错误相关的内容,因此这篇文章。
我有:
vssadmin list writers报告所有 VSS 编写器都是稳定的。volsnap备份时记录的事件说The oldest shadow copy of volume C: was deleted to keep disk space usage for shadow copies of volume C: below the user defined limit.
我们向 Autotask(现为 Datto)支付了 150 美元,用于备份/导出我们的 PSA 数据,他们.BAK以 SQL 数据库文件的格式提供这些数据。
我们需要从 Autotask PSA 资产的用户定义字段 (UDF) 中提取数据,因此,在一次性 VM 中,我有:
dbo.wh_installed_product_udf。select * from wh_installed_product_udf/select * from dbo.wh_installed_product_udf失败并显示以下错误消息:
Msg 4121, Level 16, State 1, Procedure wh_installed_product_udf, Line 1 [Batch Start Line 0]
Cannot find either column "dbo" or the user-defined function or aggregate "dbo.fnSafeNumericConvert", or the name is ambiguous.
Msg 4413, Level 16, State 1, Line 1
Could not use view or function 'wh_installed_product_udf' because of binding errors.
我一直无法在网上找到解决方案,因此发表了这篇文章。
如何使用 Azure AD 帐户对加入 Azure AD 的 Windows 进行远程身份验证?
我有:
The user name or password is incorrect的审核失败事件,这意味着用户不存在.
46250xC000006D0xC0000064%UPN%. [email protected]。 AzureAD\%UPN%. AzureAD\[email protected]。 AzureAD\%username%. AzureAD\username.admin。 AzureAD\%securityID%. AzureAD\UsernameAdmin。这似乎是删除了空格的显示名称。 %NetBIOSDomainName%\%securityID%. EXAMPLE\UsernameAdmin。这是 Windows 在计算机管理 → 本地用户和组 → 组 → 管理员中显示它的方式。 %UPN%(仅当用户帐户之前已登录时)。AzureAD\%UPN%(无论用户帐户之前是否已登录)。 AzureAD\%securityID%.尝试使用 Azure AD 帐户和上述登录格式进行本地身份验证,发现本地运行方式可以处理以下内容:
%UPN%.AzureAD\%UPN%. AzureAD\%securityID%.尝试使用本地管理员帐户进行远程身份验证,发现它们工作正常。
因此,Windows 似乎可以处理 Azure AD 帐户,但只能在本地而不是远程处理,这与 AD DS 帐户不同。
我在网上找到的所有东西要么不是针对这种特定情况,要么只是其他遇到同样问题的人。
这甚至可能吗?
我创建了一个配置为“分配”的 GPO,\\<AD DNS domain name>\NETLOGON\<file name>.msi并验证它适用于 Windows 10 v1809 PC,但实际安装始终失败。
RSoP 报告如下:
20 June 2019 14:10:23
Software Installation failed due to the error listed below.
Not enough memory resources are available to complete this operation.
事件查看器报告以下内容:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 20/06/2019 14:48:10
Event ID: 1085
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: <PC FQDN>
Description:
Windows failed to apply the Software Installation settings. Software Installation settings might have its own log file. Please click on the "More information" link.
Log Name: System
Source: Application Management Group Policy
Date: 20/06/2019 14:10:23
Event ID: 108
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: <PC FQDN>
Description:
Failed to apply changes to software installation settings. Software changes could not be applied. A previous log entry with details should exist. The error was: %%14
我有:
%%14似乎没有在线记录,因此我发布此内容的主要原因。Specify startup policy processing wait time设置为 60 秒并Always wait for the network at computer startup and logon设置为启用)。
更新:2019/06/26 09:29
我有:
更新:2019/06/26 14:08
我有:
%tmp%启用 Windows Installer 日志记录,但我在或中找不到任何相关内容C:\Windows\System32\config\systemprofile\AppData\Local。
在 Google Chrome 中单击指向 PY 文件的链接会根据需要下载它,但在 Microsoft Edge 和 Internet Explorer 中这样做只会查看它。
这是网络浏览器或网络服务器的问题吗?如果是后者,如何将 IIS 10 配置为始终强制下载 PY 文件?
我尝试了以下方法,但没有任何改变:
.py:application/octet-streamfile/downloadapplication/x-python-codetext/x-python web.config:
<outboundRules>
<rule name="PY_ForceDownload" preCondition="PY_Precondition">
<match serverVariable="RESPONSE_Content-Disposition" pattern=".*" />
<conditions>
<add input="{REQUEST_FILENAME}" pattern="(.*)\\([^/]+)\.py$" />
</conditions>
<action type="Rewrite" value="attachment; filename={C:2}.py" />
</rule>
<preConditions>
<preCondition name="PY_Precondition">
<add input="{REQUEST_FILENAME}" pattern="\.py$" />
</preCondition>
</preConditions>
</outboundRules>
在独立(未加入域)Windows 中,是否可以使用 PowerShell 检查给定的本地用户帐户是否设置了密码/密码为空?
根据https://gallery.technet.microsoft.com/scriptcenter/How-to-check-if-a-local-870ab031和https://blogs.technet.microsoft.com/heyscriptingguy/2005/10/06/ how-can-i-verify-that-none-of-my-local-user-accounts-have-a-blank-password/,这可以通过 VBScript 实现,但这只是因为ChangePassword需要您提供原始密码,而 PowerShell 命令似乎没有。
我在某处读到,您可以通过使用其凭据以用户身份运行进程并记下结果来验证密码,但显然,您不能使用空字符串作为凭据。
AD DS 域internal.example.co.uk由 DC 服务器EX-SRV-WIN-01和EX-SRV-WIN-02.
浏览到\\EX-SRV-WIN-01, \\EX-SRV-WIN-01.internal.example.co.uk, \\EX-SRV-WIN-02, 并\\EX-SRV-WIN-02.internal.example.co.uk成功。
浏览\\internal.example.co.uk失败并出现错误Access is denied- 此提示拒绝所有给定的凭据,包括域管理员。
Pinginternal.example.co.uk正确解析为域控制器之一的 IP 地址,因此 DNS 正常工作。
强制组策略更新成功完成。
因此,此问题似乎仅限于 SMB,但会影响所有 PC(Windows 7 和 Windows 10。
从 ~2018/07/10 开始,尝试使用任何 MFA 强制、AD 同步的 O365 帐户和任何网络上任何设备上的任何 Web 浏览器登录https://outlook.office365.com都不会提示输入TOTP,而是失败并显示以下错误消息:
:-(
Something went wrong
We can't get that information right now. Please try again later.
X-ClientId: E69D5A6642C242AC9C337AF8EC04AC95
request-id 19bf2ff2-1040-4772-b207-487b71b0adef
X-Auth-Error OpenIdConnect Microsoft.Exchange.Security.OpenIdConnect.OpenIdConnectIdpException
X-OWA-Version 15.20.973.23
X-FEServer DB6PR04CA0014
X-BEServer CWXP265MB0983
Date:27/07/2018 13:59:39
一个例外是,在 Windows PC 上,Microsoft 的 Web 浏览器(Internet Explorer 和 Microsoft Edge)提供“连接到 Windows”的登录选项,这些选项运行良好,可能是因为它们跳过了 MFA / TOTP 步骤,因为之前的成功和Windows 注册登录。
MFA 实施的云端 O365 帐户不受影响。
Office 365 管理中心的服务运行状况和 Azure AD Connect 的同步服务管理器均未报告任何问题/错误。
连接到受影响的 O365 帐户的应用程序(Microsoft Outlook、Skype for Business 等)继续工作,但尝试登录新帐户只会重新提示输入密码。
从字面上看,我设法在网上找到的唯一东西是以下这些都没有帮助,因此这篇文章:
我正在 VLAN 网络中的 Hyper-V Server 2016 (Core) 上设置Sophos XG 虚拟设备,因此需要配置 VNIC 的 VLAN 模式,以便 LAN 接口成为中继端口和 WAN 接口将被取消标记。
Get-VMNetworkAdapterVlan的默认输出建议粒度:
VMName VMNetworkAdapterName Mode VlanList
------ -------------------- ---- --------
Sophos XG Virtual Appliance LAN Trunk 1000,1000-1090
Sophos XG Virtual Appliance WAN Trunk 1000,1000-1090
但是根据https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=win10-ps和我的经验和研究,Set-VMNetworkAdapterVlan根本只能用来设置VLAN VM 中所有VNIC 的模式,而不是特定的模式。
从几周前开始,5 台 PC 中的 3 台以看似随机的时间间隔同时滞后几秒钟,以至于鼠标和键盘输入延迟,VoIP 通话中断。
在排除了一些潜在的根本原因后,我怀疑网络上的某些东西导致了它。
因此,有几次,我运行了一个持续的 Wireshark 捕获,等待问题再次出现,并发现大量(约 1,500)以下数据包在约 5 秒内传输,同时 PC 滞后:
No. Date Time Source Destination Protocol Length Info
1361246 13:11.3 16889.25912 172.16.100.29 224.0.0.251 MDNS [427 | 442 | 475] Standard query response 0x0000 PTR Chromecast-1440b1ad27c2e70400c69c7c7900ee49._googlecast._tcp.local TXT, cache flush SRV, cache flush 0 0 8009 1440b1ad-27c2-e704-00c6-9c7c7900ee49.local A, cache flush 172.16.100.29
我们确实有一个插入电视的 Chromecast,一台笔记本电脑(受影响的 PC 之一)整天都在播放 BBC 新闻,但我们已经这样做了几个月,没有任何问题。
任何人都可以建议吗?
我知道 Chromecast 目前存在降低网络速度的已知问题(https://www.theverge.com/2018/1/16/16897426/wi-fi-google-home-chromecast-archer-router,https://9to5google.com/2018/01/15/google-chromecast-home-wifi-outage/)但场景不完全匹配,如果只是因为我们的 Chromecast 在问题再次出现时正在使用中。
在 Office 365 中,约 130 个用户帐户中的 9 个分配了许可证 Office 365 Enterprise E3,根据https://technet.microsoft.com/en-GB/library/exchange-online-limits.aspx#StorageLimits应该分配为相应的用户邮箱分配了 100 GB 的存储配额,但实际上分配了 2 GB 的存储配额。
我在网上找不到任何相关的东西,因此这篇文章。
以下 AD DS 域是新设置的:
internal.example.co.uk无论如何,域和 DNS 工作正常。
但是,nslookup行为非常奇怪:
nslookup <any FQDN> <any DC server>工作不正确,附加example.co.uk(not internal.example.co.uk) 并解析为相同的未知公共 IP 地址。nslookup <any FQDN>. <any DC server>工作正常。我确定路由、文件hosts、Windows 服务DNS Server等不相关,并且未知公共 IP 地址不存在 DNS PTR RR。
我知道您应该在 FQDN 后添加 a 后缀.,但我从来没有这样做过,也从未见过它的行为如此。
我在网上找不到合适的分辨率,因此这篇文章。
以下匿名命令提示符输出证明了这一点:
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
C:\Users\username>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DC2
Primary Dns Suffix . . . . . . . : internal.example.co.uk
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : internal.example.co.uk
Ethernet adapter Ethernet 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
Physical Address. . . . . . . . . : 00-15-5D-9E-13-07
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::45fd:755c:e86d:eed3%14(Preferred)
IPv4 Address. . . . . . . . . . . : 172.16.233.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.233.254
DHCPv6 IAID . . . . . . . . . . . : 100668765
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-42-DF-91-00-15-5D-9E-13-05
DNS Servers . . . . . . . . . . . : ::1
172.16.233.1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{DEFCF64F-0919-47F6-8206-DA42E6828191}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\username>ping internal.example.co.uk
Pinging internal.example.co.uk [172.16.233.2] with 32 bytes of data:
Reply from 172.16.233.2: bytes=32 time<1ms TTL=128
Reply from 172.16.233.2: bytes=32 time<1ms TTL=128
Reply from 172.16.233.2: bytes=32 time<1ms TTL=128
Reply from 172.16.233.2: bytes=32 time<1ms TTL=128
Ping statistics for 172.16.233.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\username>nslookup internal.example.co.uk 127.0.0.1
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: internal.example.co.uk.example.co.uk
Address: <unknown public IP address>
C:\Users\username>nslookup internal.example.co.uk. 127.0.0.1
Server: localhost
Address: 127.0.0.1
Name: internal.example.co.uk
Addresses: 172.16.233.1
172.16.233.2
C:\Users\username>ping DC1
Pinging DC1.internal.example.co.uk [172.16.233.1] with 32 bytes of data:
Reply from 172.16.233.1: bytes=32 time=1ms TTL=128
Reply from 172.16.233.1: bytes=32 time<1ms TTL=128
Reply from 172.16.233.1: bytes=32 time<1ms TTL=128
Reply from 172.16.233.1: bytes=32 time<1ms TTL=128
Ping statistics for 172.16.233.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
C:\Users\username>nslookup DC1 127.0.0.1
Server: localhost
Address: 127.0.0.1
Name: DC1.internal.example.co.uk
Address: 172.16.233.1
C:\Users\username>ping google.co.uk
Pinging google.co.uk [74.125.133.94] with 32 bytes of data:
Reply from 74.125.133.94: bytes=32 time=11ms TTL=49
Reply from 74.125.133.94: bytes=32 time=11ms TTL=49
Reply from 74.125.133.94: bytes=32 time=11ms TTL=49
Reply from 74.125.133.94: bytes=32 time=15ms TTL=49
Ping statistics for 74.125.133.94:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 11ms, Maximum = 15ms, Average = 12ms
C:\Users\username>nslookup google.co.uk 127.0.0.1
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: google.co.uk.example.co.uk
Address: <unknown public IP address>
C:\Users\username>nslookup google.co.uk. 127.0.0.1
Server: localhost
Address: 127.0.0.1
Non-authoritative answer:
Name: google.co.uk
Addresses: 2a00:1450:4007:80e::2003
216.58.208.227
C:\Users\username>
一个组织正在使用 Active Directory 域服务和 Office 365,但没有同步,因此用户帐户之间存在大量差异(名称拼写不同、职位过时、UPN 错误等)。
该组织正计划迁移到新的 AD DS,保留相同的 Office 365,并通过 Azure AD Connect 使用同步(阅读:用户帐户在新 AD 域中的正确性很重要)。
我已将 AD 和 AAD / O365 用户帐户导出到 CSV 并协调了差异,所以现在我需要将 CSV 导入 AD 但分号分隔的 proxyAddresses 被证明是一个问题,因为它将数据作为一个值导入,而不是多。
我在网上找不到合适的分辨率,因此这篇文章。
在 Active Directory 域和平面网络环境中,以相同的管理用户帐户运行 Hyper-V 管理器:
RPC server unavailable. Unable to establish communication between '<Hyper-V server FQDN>' and '<client PC hostname>'.因此,根本原因似乎是受影响的客户端和服务器之间的连接。
提升的命令cscript "<path>\hvremote.wsf" /show /target:%affectedServer% /override输出以下(匿名):
Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.
Hyper-V Remote Management Configuration & Checkup Utility
John Howard, Hyper-V Team, Microsoft Corporation.
http://blogs.technet.com/jhoward
Version 1.08 9th Sept 2013
INFO: Computername is %affectedClient%
INFO: Computer is in domain %ADDNSDomainName%
INFO: Current user is %ADNetBIOSDomainName%\ben.hooper
INFO: OS is 10.0.16299 64-bit Microsoft Windows 10 Enterprise
INFO: Assuming /mode:client as the Hyper-V role is not installed
WARN: User override to assume Windows 8.1/Windows Server 2012 R2 behaviour
INFO: Hyper-V Tools are enabled
-------------------------------------------------------------------------------
DACL for COM Security Access Permissions
-------------------------------------------------------------------------------
\Everyone (S-1-1-0)
Allow: LocalLaunch RemoteLaunch (7)
NT AUTHORITY\ANONYMOUS LOGON (S-1-5-7)
Allow: LocalLaunch (3)
BUILTIN\Distributed COM Users (S-1-5-32-562)
Allow: LocalLaunch RemoteLaunch (7)
BUILTIN\Performance Log Users (S-1-5-32-559)
Allow: LocalLaunch RemoteLaunch (7)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES (S-1-15-2-1)
Allow: LocalLaunch (3)
\ (S-1-15-3-1024-2405443489-874036122-4286035555-1823921565-1746547431-2453885448-3625952902-991631256)
Allow: LocalLaunch (3)
-------------------------------------------------------------------------------
ANONYMOUS LOGON Machine DCOM Access
-------------------------------------------------------------------------------
ANONYMOUS LOGON does not have remote access
This setting should only be enabled if required as security on this
machine will be lowered. This computer is in a domain. It is not
required if the server(s) being managed are in the same or trusted
domains.
Use hvremote /mode:client /anondcom:grant to turn on if required
Both computers are in domain %ADDNSDomainName%
-------------------------------------------------------------------------------
Firewall Settings for Hyper-V Management Clients
-------------------------------------------------------------------------------
Domain Firewall Profile is active
Public Firewall Profile is active
-------------------------------------------------------------------------------
IP Configuration
-------------------------------------------------------------------------------
%IPConfig%
-------------------------------------------------------------------------------
Stored Credentials
-------------------------------------------------------------------------------
%storedCredentials%
-------------------------------------------------------------------------------
Testing connectivity to server:%affectedServer%
-------------------------------------------------------------------------------
1: - Remote computer network configuration
PASS - Found one or more network adapters
Network adapter 1 of 1
- Hyper-V Virtual Ethernet Adapter #2
- Host Name:%affectedServer%
- IP Addresses: 172.16.100.111 fe80::3cb0:1dda:7e90:c948
- IP Subnets: 255.255.255.0 64
2: - Remote computer general information
PASS - Queries succeeded
- Name: %affectedServer%
- Domain: %ADDNSDomainName%
- OS: 6.3.9600 64-bit Microsoft Hyper-V Server 2012 R2
- OS Type: Server
3: - Ping and resolve name of remote computer
PASS - Server found
- Protocol Address: 172.16.100.111
- Protocol Address resolved: 172.16.100.111
The name could not be resolved using WMI. A regular ping will be done
to see if name resolution is working. This is not a sign of an issue.
4: - Ping %affectedServer% using IPv4
A timeout is OK, but if you get an error that %affectedServer%
could not be found, you need to fix DNS or edit
\windows\system32\drivers\etc\hosts.
>
> Pinging %affectedServer%.%ADDNSDomainName% [172.16.100.111] with 32 bytes of data:
> Reply from 172.16.100.111: bytes=32 time=2ms TTL=128
>
> Ping statistics for 172.16.100.111:
> Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 2ms, Maximum = 2ms, Average = 2ms
>
5: - Ping %affectedServer% using IPv6
A timeout is OK, but if you get an error that %affectedServer%
could not be found, you need to fix DNS or edit
\windows\system32\drivers\etc\hosts.
> Ping request could not find host %affectedServer%. Please check the name and try again.
>
6: - Connect to root\cimv2 WMI namespace
PASS - Connection established
7: - Connect to root\virtualization\v2 WMI namespace
PASS - Connection established
8: - Simple query to root\cimv2 WMI namespace
PASS - Simple query succeeded
9: - Simple query to root\virtualization\v2 WMI namespace
PASS - Simple query succeeded
- 3 computer system(s) located
10: - Async notification query to root\virtualization\v2 WMI namespace
FAIL - Notification query failed The RPC server is unavailable.
There may be a DNS issue and the server cannot locate this machine.
You should check this by performing a ping test from the server to
this machine verifying that the IP address the server is trying to
reach matches the IP address of this machine shown in the output above.
Note that it does not matter if the ping succeeds or fails, just that
the IP address is correct.
Run on %affectedServer%: ping -4 %affectedClient%
Note that if you do not have DNS in your infrastructure, you can edit
the \windows\system32\drivers\etc\hosts file on the server to add an
entry for %affectedClient%
If you do have DNS in your infrastructure, you may want to try flushing
the DNS cache on the server, and re-registering against DNS on the client
Run on %affectedServer%: ipconfig /flushdns
Run on %affectedClient%: ipconfig /registerdns
If you are connected over a VPN, see %StackExchange-bannedURL% for
information about another likely cause.
If the server is in an untrusted domain to this client, you need to
enable anonymous logon access to DCOM on this machine:
Run 'hvremote.wsf /mode:client /anondcom:grant' and retry.
If this machine has IPSec policy enforced on it, and the server is in a
workgroup or untrusted domain from this computer, inbound connections
to the client may be blocked by your administrator. You may be able to
temporarily work around this by running net stop bfe on this machine,
but you may lose access to some network services while that service
is stopped. However, this may be against the policy of your administrator.
If the server is behind a router/firewall from the client, WMI/DCOM
calls may be being blocked. This will likely be the case if the server
is, for example, on a public IP directly to the Internet. In this
situation, some solutions to consider are:
- VPN to tunnel traffic
- Publish Hyper-V Manager through a TS/RD Gateway
- Access the server through RDP and perform 'local' management
- Run a management machine (physical or virtual) and RDP to that
There have been several instances of third party firewalls and/or
anti-virus software having adverse effects on remote management.
In some cases, disabling that software has not been sufficient to
resolve the issue, and it has been necessary to completely remove
the program.
INFO: Are running the latest version
-------------------------------------------------------------------------------
3 warnings or errors were found in the configuration. Review the
detailed output above to determine whether you need to take further action.
Summary is below.
1: Running on a later OS than tested on. User override given
2: Cannot perform async WMI query. See detailed resolution steps above.
3: Some tests were not run due to prior failures
-------------------------------------------------------------------------------
INFO: HVRemote complete
我已经彻底研究过这个错误,没有人有这个确切的问题/环境,但无论如何,没有推荐的修复(验证域信任关系是否健康,验证 DNS 在两端正常工作,验证本地管理权限,验证本地允许 ICMPv4 重定向等)已经奏效,因此这篇文章。
重要说明:
更新时间:2017/12/22 08:47:
更新时间:2017/12/27 14:15:
我创建了一个 GPO 来重新配置 Windows 防火墙创建规则以允许入站 WMI 连接,并通过以下方式验证它是否成功应用:
gpresult /v和检查输出。regedit并检查注册表项HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules。但是,即使在所有配置文件上完全禁用服务器的 Windows 防火墙后,问题仍然存在。
在快速或自定义模式下安装 Azure AD Connect 1.1.647.0 失败并出现以下错误:
The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements. (Exception from HRESULT: 0x800708C5)
当 AADC 安装程序尝试创建其服务帐户时会提示此错误。
设置
所有 23 个分支机构都有:
变化
3 个不同的分支机构将其互联网连接从 ADSL 升级到 FTTC,因此,他们的调制解调器从 ZyXEL P-660R-D1s 升级到 ZyXEL VMG1312-B10As(BT 批准的 VDSL 调制解调器,因为 BT 不再提供 VDSL 调制解调器) 并且 Cyberoam CR10iNGs 的 WAN 接口被重新配置为使用 PPPoE。
症状
自从: