Joining Storefront to Server Group Error “Cannot Join Server Group”

  1. Check for any GPOs that might be blocking any local security policies on server. If this is the case, please block/disable that GPO.
  2. The policy “Access this computer from the network” with location “Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesUser Rights Assignment”, needs to have at least following groups by default:

Everyone

Administrators

Users

Backup Operators

Add COMPUTERS (Storefront Servers)

NOTE: Depending on GPOs applied to environment,

The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.

Server type of GPO Default value
Default domain policy Not defined
Default domain controller policy Everyone, Administrators, Authenticated Users, Enterprise Domain Controllers, Pre-Windows 2000 Compatible Access
Stand-alone server default settings Everyone, Administrators, Users, Backup Operators
Domain controller effective default settings Everyone, Administrators, Authenticated Users, Enterprise Domain Controllers, Pre-Windows 2000 Compatible Access
Member server effective default settings Everyone, Administrators, Users, Backup Operators
Client computer effective default settings Everyone, Administrators, Users, Backup Operators

Related:

  • No Related Posts

Graceful Logoff from a Published Application Renders the Session in Active State

When publishing an application, only the main executable file is specified. However, some applications might spawn additional processes that run in the background and are not closed by the corresponding main executable file. Additional processes might also be created, from scripts that are executed, or from specific registry keys, such as the RunOnceKey:

HKEY_LOCAL_MACHINESWMicrosoftWindowsCurrentVersionRunOnce

Some processes might create a visible window for added functionality, and others might not.

Because the Explorer.exe Desktop is not running when launching an application in one of these ways, there is no default mechanism in either Presentation Server or Windows to terminate these background processes when a user has exited the main application.

Presentation Server has a hard coded list of what are considered ‘System’ type secondary processes that are checked for and terminated once all user application processes have terminated, these include:

  • atok1*.exe

  • clipsrv.exe

  • conime.exe

  • csrss.exe

  • ctfmon.exe

  • ddhelp.exe

  • eventlog.exe

  • iatokik*.exe

  • iatokqb*.exe

  • iatqb1*.exe

  • ibdbsch.exe

  • imejp98m.exe

  • imejpmgr.exe

  • imepadsv.exe

  • jsvschvw.exe

  • lmsvcs.exe

  • lsass.exe

  • msgsvc.exe

  • nddeagent.exe

  • nddeagnt.exe

  • netdde.exe

  • netstrs.exe

  • os2srv.exe

  • proquota.exe

  • screg.exe

  • smss.exe

  • spoolss.exe

  • ssonsvr.exe

  • wfshell.exe

  • win.com

  • winlogon.exe

  • wpabaln.exe

  • wuauclt.exe

Note: To specify additional processes specific to your environment, see the Solution section of this article.

Examples of Secondary Processes

CTX123073 ‑ ICA Session Remains Active for Five Minutes when Streaming to Server with the Version 5.2 Offline Plug-in

Cwbprovd.exe is a process initiated by IBM Client Access. If you have IBM Client Access on your system and observe the same behavior as stated above, complete the following tasks:

  1. Verify the sessionID, which is experiencing this issue.

  2. Before logoff, type the following command from the command prompt to manually kill Cwbprovd.exe:

    kill cwbprovd.exe session id

  3. Gracefully exit the published application.

    The Cwbprovd.exe process (among two other processes) is being launched at logon by IBM Client Access (even if you do not run it) through the following registry key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonUserinit

    Contact IBM for a utility called CWBCFWTS to remove these processes from the registry.

    Note: Servers running IBM’s Client Access Express ARE NOT known to exhibit this behavior.

Proquota.exe is a process initiated by having a Windows 2000 policy, Limit Profile Size, enabled. This might conflict with the Seamgr.exe process. Manually terminating either of these two processes temporarily fixes the problem and allows the session to reset. This issue is resolved by installing Service Pack 2 for MetaFrame 1.8 for Windows 2000.

Sxplog32.exe is a process initiated by the Software Delivery Agent by Computer Associates and can be found in the userinit value of the winlogon registry key. Manually terminating the process temporarily fixes the problem and allows the session to reset.

Etlits.exe and Entell50.exe are processes initiated by Entrust 6.1 and can be found in the userinit value of the winlogon registry key. Manually terminating the process temporarily fixes the problem and allows the session to reset.

Wisptis.exe is a process that runs as a system service that provides pen-data collection for other components of the SDK. When a component needs to interact with the pen (for example, to collect ink or to detect gestures), this executable is spawned as a service to communicate directly with the input device. On a Tablet PC, Wisptis.exe interacts with the digitizer, whereas on a desktop it interacts with the mouse as well. The executable’s name is an acronym that references an outdated internal name for the team that developed it (Windows Ink Services Platform Tablet Input Subsystem). You cannot remove wisptis.exe by renaming or deleting it: Windows File Protection would reinstall the file the next time Adobe Acrobat 6.0 started. In general, the ways in which wisptis.exe can get installed on the system are by installing Journal Viewer using the Windows Update or installing Microsoft Office 2003.

Ssonsvr.exe

If a starting program was specified under the Environment tab in the User Account Properties and if the ICA pass-through Client had pass through authentication enabled, Ssonsvr.exe was running in the ICA session of the user. When the user exited the application (specified in the Environment tab in User Account Properties), the ICA session could not be logged off; the administrator had to manually stop the Ssonsvr.exe process. The thread that caused the Ssonsvr.exe process to exit when the user logged off from the application was not being started.

Now the thread that causes the Ssonsvr.exe process to exit is started when the user logs off from the application.

From Hotfix XE103W2K030:

Ssoshell.exe,Ssobho.exe,Ssomho.exe

Related:

Naming a windows 10 computer post-image

I need a solution

Does anyone know if Symnatec might add a task specifically to name a computer with a promt for the end-user? I currently use a powershell script that prompts the end-user to name the computer. Lately, my current windows 10 image of build 1903 has been initiating the altiris agent before my admin account automatically logs into the desktop. The result here is the script will run before-hand and fail. My image job process does the following:

1. Deploy image

2. reboot to production

3. Run windows 10 application job

Step 3 should not start until the administrator account logs in automatically and the desktop is on the screen (this has been working great for years) just lately this issue began. I was thinking instead of a script, does or would Symantec have a speciifc task to prompt for a computer name? I checked out Apply System Configuration’ but the options look like the naming needs to be predefined.

SCCM for example uses a variable OSDCompterName intheir task sequence that prompts the end-user at the start of the imaging job and applies the name into the OS sometime during their imaging process.

0

Related:

SEPC Installation Package Refresh

I need a solution

Hello all,

First time poster on this forum. I have a question regarding the latest 22.17 Windows upgrade. The upgrade news article states the following:

    Action Required

    Windows device restart
    All users with Windows devices will be prompted to restart their devices after the update. Even if they delay the restart, their Windows clients remain protected.

    Windows installation package refresh
    Administrators who created a Windows installation package before April 3 should create and distribute a new one after April 3 to use for new Windows package deployments.

    As a hub with multiple sites (and multiple installation packages) does this mean we will need to recreate all the installation packages?

    0

    1554209202

    Related:

    Unidesk UniBilcLogs files are expanding to fill the disk. How do I disable this log?

    There is a way to completely disable those logs. You need to create a new registry key because it’s not by default in the system.

    [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesUniService]

    “LogLevel”=dword:00000000

    LogLevel refers to the minimum severity of messages written to the logs. “0” is “almost nothing”. (“1” is normal.) If you have a consistent problem with the UniBilcLogs files growing out of control, you can essentially eliminate them by setting this key to 0. No messages will be written to them except for the startup banner:

    [02-15-2019][16:32:07:932] Uniservice initializing, build: 2.10.3.75169

    If you experience a problem where logging is necessary, the key can be removed temporarily. It is possible to add this key through an App Layer, the OS layer, or a GPO.

    Related:

    • No Related Posts

    Monitoring Azure Stack Update Status

    Microsoft has good documentation surrounding the Azure Stack update process, so my goal is not to repeat that content but to add some color by sharing some of the commands that I use. To do this I’ll share the example script from Microsoft and then my variation of the script.

    Creating the Privileged Endpoint Session

    Purpose:

    This establishes the Privileged Endpoint session. You could accomplish this using Enter-PSSession, but doing it this way allows you to stay in the context of your workstation and gives you access to local resources like drives (for output files) and installed modules (for additional output processing). This is an important command to know and should be in the toolbelt of any Azure Stack Cloud Operator.

    Microsoft Example:

    $cred = Get-Credential

    $pepSession = New-PSSession -ComputerName <Prefix>-ercs01 -Credential $cred -ConfigurationName PrivilegedEndpoint

    Explanation:

    The Microsoft approach of storing the credential in a variable is useful if you need to use the credential again, but in this scenario it’s not necessary. The modified command below consolidates the same process into a single line and still doesn’t expose the PEP password in the script. When executing the command the login prompt will appear with the username pre-populated – simply enter the password and login.

    My Example:

    $pepSession = New-PSSession -ComputerName <ERCS Name or IP> -ConfigurationName PrivilegedEndpoint -Credential <Domain>CloudAdmin

    Getting the High-Level Status of the Current Update Process

    Purpose:

    This one is great to do a quick check of the update process, especially because it replaces the need to click through the admin portal to bring up the Update blade.

    Microsoft Example:

    $statusString = Invoke-Command -Session $pepSession -ScriptBlock { Get-AzureStackUpdateStatus -StatusOnly }

    $statusString.Value

    Explanation:

    Here we have a script that creates a variable and then uses the variable to access a property. By wrapping the first command in parentheses I can access the property on the same line. This is a useful trick in PowerShell for consolidating commands when using the console. It also allows me to see the most recent status by running the command without having to refresh the variable.

    My Example:

    (Invoke-Command -Session $pepSession -ScriptBlock {Get-AzureStackUpdateStatus -StatusOnly}).Value

    Getting the Full Update Status with Details

    Purpose:

    This is the command to use if you need more detail regarding the current steps in the update process. It uses the Get-AzureStackUpdateStatus cmdlet, which returns the full update output as XML, but filters out everything except the currently executing steps. I find this helpful for getting an understanding of the update process, but it is invaluable when you are trying to work through a failure. This information is also available in the Admin Portal through the Update Status blade, but I find this method a lot easier than downloading and scanning through an XML document.

    Microsoft Example:

    [xml]$updateStatus = Invoke-Command -Session $pepSession -ScriptBlock { Get-AzureStackUpdateStatus }

    $updateStatus.SelectNodes(“//Step[@Status=’InProgress’]”)

    Explanation:

    Similar to the previous command we are declaring a variable and then using that variable to access a method. By using the same principal as before we can wrap the first step in parentheses, but in this case it also includes the cast to XML. This is needed to access the SelectNodes() method in the second step. You can also change the “InProgress” to “Error” to see tasks that have failed.

    My Example:

    ([xml](Invoke-Command -Session $pepSession -ScriptBlock {Get-AzureStackUpdateStatus})).SelectNodes(“//Step[@Status=’InProgress’]”)

    Getting the Verbose Azure Stack Update Log

    Purpose:

    When things have gone wrong during an update and you’re trying to understand why, that’s when you break out this command. It will output the verbose log data from the latest update session to a text file for review. This will include Informational (“VerboseMessage”), Warning (“WarningMessage”), and Exception (“ErrorMessage”) records.

    Microsoft Example:

    1. None.

    Explanation:

    Since there is currently no example in the Microsoft documentation, we’ll jump straight to how I run the command. This will output the verbose update log to a text file in a specified location. It’s pretty straightforward, but I’ve added the date and time to the output file name because I want to allow for this command to be run multiple times during the course of an update cycle.

    My Example:

    Invoke-Command -Session $pepSession -ScriptBlock {Get-AzureStackUpdateVerboseLog} | Out-File -FilePath <FileName with Path>_$(Get-Date -Format “yyyyMMdd_HHmmss”).txt

    Most of the changes that are shown here boil down to one important aspect of PowerShell…the way you execute on the console is different than the way you execute in a script. When scripting I have 2 primary goals:

    • Perform a repeatable activity
    • Make the script easy to read, understand, and by extension…maintain

    When I’m executing commands from the console the goal is generally the shortest path to the result I’m looking for. I will avoid storing a value in a variable unless I need to use it more than once. I am also more likely to use aliases for cmdlets because I’m not looking to save my work, so readability is not as important.

    I hope that you find this information useful and look forward to hearing your feedback.

    Related:

    Re: Exchange database backup fails

    I see this on the exchange client event logs:

    Log Name: System

    Source: Service Control Manager

    Date: 10/09/2018 17:46:08 Z

    Event ID: 7000

    Task Category: None

    Level: Error

    Keywords: Classic

    User: N/A

    Computer: client-computer.domain.com

    Description:

    The BBB Write Interceptor Driver service failed to start due to the following error:

    Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Event Xml:

    <Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event“>

    <System>

    <Provider Name=”Service Control Manager” Guid=”{555908d1-a6d7-4695-8e1e-26931d2012f4}” EventSourceName=”Service Control Manager” />

    <EventID Qualifiers=”49152″>7000</EventID>

    <Version>0</Version>

    <Level>2</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8080000000000000</Keywords>

    <TimeCreated SystemTime=”2018-09-10T21:46:08.602490000Z” />

    <EventRecordID>30536</EventRecordID>

    <Correlation />

    <Execution ProcessID=”512″ ThreadID=”3340″ />

    <Channel>System</Channel>

    <Computer>client-computer.domain.com</Computer>

    <Security />

    </System>

    <EventData>

    <Data Name=”param1″>BBB Write Interceptor Driver</Data>

    <Data Name=”param2″>%%577</Data>

    </EventData>

    </Event>

    Related:

    Using PowerShell Script to Manage the Windows 10 Update Policy

    The main objective of this article is to provide step-by-step instructions on how to use PowerShell script to set and modify the Windows update policy using a Windows bundle. The Windows 10 update settings can be easily re-configured using this bundle. This document includes the following information…

    +read more

    The post Using PowerShell Script to Manage the Windows 10 Update Policy appeared first on Cool Solutions. igupta

    Related:

    XenMobile Mail Manager Setup Wizard ended prematurely – XMM v10.1.2.103

    There are no logs under XMM logs, the only thing you see is the error below:

    XenMobile Mail Manager Setup Wizard ended prematurely

    By default, Windows does not log Windows Installer errors, so you have to manually enable Windows Installer logging by following this article by Microsoft:

    https://support.microsoft.com/en-us/help/223300/how-to-enable-windows-installer-logging

    This will create a log file under the Windows TEMP directory.

    If you see the logs, you will find the following:

    MSI (c) (0C:04) [15:18:33:187]: Doing action: CustomAction_PrepForUpgradeMSI (c) (0C:04) [15:18:33:187]: Note: 1: 2205 2: 3: ActionText Action 15:18:33: CustomAction_PrepForUpgrade. Action start 15:18:33: CustomAction_PrepForUpgrade.MSI (c) (0C:04) [15:18:33:339]: Creating MSIHANDLE (1) of type 790542 for thread 2308MSI (c) (0C:AC) [15:18:33:341]: Invoking remote custom action. DLL: C:UsersTERMXM~1AppDataLocalTemp2MSI4466.tmp, Entrypoint: PrepForUpgradeMSI (c) (0C:60) [15:18:33:343]: Cloaking enabled.MSI (c) (0C:60) [15:18:33:343]: Attempting to enable all disabled privileges before calling Install on ServerMSI (c) (0C:60) [15:18:33:343]: Connected to service for CA interface.MSI (c) (0C!F4) [15:18:33:420]: Creating MSIHANDLE (2) of type 790531 for thread 3572SFXCA: Extracting custom action to temporary directory: C:UsersTERMXM~1AppDataLocalTemp2MSI4466.tmp-MSI (c) (0C!F4) [15:18:33:421]: Closing MSIHANDLE (2) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:544]: Creating MSIHANDLE (3) of type 790531 for thread 3572SFXCA: Binding to CLR version v4.0.30319MSI (c) (0C!F4) [15:18:33:545]: Closing MSIHANDLE (3) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:612]: Creating MSIHANDLE (4) of type 790531 for thread 3572Calling custom action InstallerCustomActions!InstallerCustomActions.CustomActions.PrepForUpgradeMSI (c) (0C!F4) [15:18:33:615]: Closing MSIHANDLE (4) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:643]: Creating MSIHANDLE (5) of type 790531 for thread 3572Exception thrown by custom action:MSI (c) (0C!F4) [15:18:33:643]: Closing MSIHANDLE (5) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:647]: Creating MSIHANDLE (6) of type 790531 for thread 3572System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'System.String System.String.Format(System.IFormatProvider, System.String, System.Object)'. at InstallerCustomActions.CustomActions.PrepForUpgrade(Session session) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)MSI (c) (0C!F4) [15:18:33:648]: Closing MSIHANDLE (6) of type 790531 for thread 3572CustomAction CustomAction_PrepForUpgrade returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)MSI (c) (0C:AC) [15:18:33:654]: Closing MSIHANDLE (1) of type 790542 for thread 2308Action ended 15:18:33: CustomAction_PrepForUpgrade. Return value 3.MSI (c) (0C:04) [15:18:33:655]: Doing action: FatalErrorMSI (c) (0C:04) [15:18:33:655]: Note: 1: 2205 2: 3: ActionText Action 15:18:33: FatalError. Action start 15:18:33: FatalError.Action 15:18:33: FatalError. Dialog createdMSI (c) (0C:08) [15:18:33:667]: Note: 1: 2731 2: 0 Action ended 15:18:34: FatalError. Return value 2.Action ended 15:18:34: INSTALL. Return value 3.MSI (c) (0C:04) [15:18:34:578]: Destroying RemoteAPI object.MSI (c) (0C:60) [15:18:34:582]: Custom Action Manager thread ending.

    This error indicates that .NET Framework is missing or is not at the minimum required version for XMM V10.2.1.103.

    Minimum required version of .NET Framework is 4.6

    Related:

    XenMobile Mail Manager Setup Wizard ended prematurely – XMM v10.2.1.103

    There are no logs under XMM logs, the only thing you see is the error below:

    XenMobile Mail Manager Setup Wizard ended prematurely

    By default, Windows does not log Windows Installer errors, so you have to manually enable Windows Installer logging by following this article by Microsoft:

    https://support.microsoft.com/en-us/help/223300/how-to-enable-windows-installer-logging

    This will create a log file under the Windows TEMP directory.

    If you see the logs, you will find the following:

    MSI (c) (0C:04) [15:18:33:187]: Doing action: CustomAction_PrepForUpgradeMSI (c) (0C:04) [15:18:33:187]: Note: 1: 2205 2: 3: ActionText Action 15:18:33: CustomAction_PrepForUpgrade. Action start 15:18:33: CustomAction_PrepForUpgrade.MSI (c) (0C:04) [15:18:33:339]: Creating MSIHANDLE (1) of type 790542 for thread 2308MSI (c) (0C:AC) [15:18:33:341]: Invoking remote custom action. DLL: C:UsersTERMXM~1AppDataLocalTemp2MSI4466.tmp, Entrypoint: PrepForUpgradeMSI (c) (0C:60) [15:18:33:343]: Cloaking enabled.MSI (c) (0C:60) [15:18:33:343]: Attempting to enable all disabled privileges before calling Install on ServerMSI (c) (0C:60) [15:18:33:343]: Connected to service for CA interface.MSI (c) (0C!F4) [15:18:33:420]: Creating MSIHANDLE (2) of type 790531 for thread 3572SFXCA: Extracting custom action to temporary directory: C:UsersTERMXM~1AppDataLocalTemp2MSI4466.tmp-MSI (c) (0C!F4) [15:18:33:421]: Closing MSIHANDLE (2) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:544]: Creating MSIHANDLE (3) of type 790531 for thread 3572SFXCA: Binding to CLR version v4.0.30319MSI (c) (0C!F4) [15:18:33:545]: Closing MSIHANDLE (3) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:612]: Creating MSIHANDLE (4) of type 790531 for thread 3572Calling custom action InstallerCustomActions!InstallerCustomActions.CustomActions.PrepForUpgradeMSI (c) (0C!F4) [15:18:33:615]: Closing MSIHANDLE (4) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:643]: Creating MSIHANDLE (5) of type 790531 for thread 3572Exception thrown by custom action:MSI (c) (0C!F4) [15:18:33:643]: Closing MSIHANDLE (5) of type 790531 for thread 3572MSI (c) (0C!F4) [15:18:33:647]: Creating MSIHANDLE (6) of type 790531 for thread 3572System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.MissingMethodException: Method not found: 'System.String System.String.Format(System.IFormatProvider, System.String, System.Object)'. at InstallerCustomActions.CustomActions.PrepForUpgrade(Session session) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr)MSI (c) (0C!F4) [15:18:33:648]: Closing MSIHANDLE (6) of type 790531 for thread 3572CustomAction CustomAction_PrepForUpgrade returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)MSI (c) (0C:AC) [15:18:33:654]: Closing MSIHANDLE (1) of type 790542 for thread 2308Action ended 15:18:33: CustomAction_PrepForUpgrade. Return value 3.MSI (c) (0C:04) [15:18:33:655]: Doing action: FatalErrorMSI (c) (0C:04) [15:18:33:655]: Note: 1: 2205 2: 3: ActionText Action 15:18:33: FatalError. Action start 15:18:33: FatalError.Action 15:18:33: FatalError. Dialog createdMSI (c) (0C:08) [15:18:33:667]: Note: 1: 2731 2: 0 Action ended 15:18:34: FatalError. Return value 2.Action ended 15:18:34: INSTALL. Return value 3.MSI (c) (0C:04) [15:18:34:578]: Destroying RemoteAPI object.MSI (c) (0C:60) [15:18:34:582]: Custom Action Manager thread ending.

    This error indicates that .NET Framework is missing or is not at the minimum required version for XMM V10.2.1.103.

    Minimum required version of .NET Framework is 4.6

    Related: