How to duplicate a Windows server that is attached to the Windows Domain

When a Windows server is attached to a Domain only one instance of it can run at a time. To be able to duplicate the server and start a second instance of it

Create an image of the server

  1. Remote into the server
  2. Make sure there is a local administrator account that you can log in with
  3. Remove it from the domain
  4. Reboot the server
  5. In the AWS console create an image of it
  6. Add the server back to the domain with the same username and password that was used to originally add it to the domain

Launch a new instance

  1. In the AWS console launch a new instance with the saved image
  2. Log into the new instance with the local administrator account
  3. Change the server name (only one server can be added to the domain with the same name)
  4. Add the server to the domain
  5. Reboot the server

Bootstrap the new instance in the Chef server

If you configured the original server with Chef, attach the new instance to the Chef server with a new Node Name

  1. Open a terminal window in the cookbooks directory (below the .kitchen directory, so the Chef kitchen command can find the Chef server configuration)
  2. Execute the bootstrap command. See Bootstrap Chef nodes to connect them to the Chef server for the details on the bootstrapping process. Don’t forget to use a double backslash (\\) in front of the username.
knife bootstrap windows winrm MY_NODE_IP -x MY_USERNAME -P MY_PASSWORD --node-name THE_NODE_NAME --environment THE_ENVIRONMENT --run-list 'recipe[MY_COOKBOOK1::default],recipe[MY_COOKBOOK2::default]' --json-attributes '{"MY_ATTRIB1":"MY_VALUE1","MY_ATTRIB2":"MY_VALUE2"}' -V

Windows application installation error codes

To enable logging of .msi packages open a command prompt as an administrator and execute

MY_APPLICATION.msi /l*vx install.log

Error Code

Explanation

2 ?
1603 Error message from the operating system

  • dll can not register
  • msi installation failed
    • required version of the .NET framework missing
1605 Nothing to uninstall ?
1618 ?
1619 The source directory does not exist?
1622 File not found or access denied
1638

The user account does not have permission to run this task

When a Scheduled task is created by another user (or SYSTEM) most of the time only that user can manually trigger the task execution.

When you try to execute the scheduled task from the user interface you can get the error message:

The user account does not have permission to run this task

This error is caused by the lack of permissions on the XML file that contains the task details. To allow all administrators to execute the scheduled task

  1. Remote into the Windows server
  2. Open the C:\Windows\System32\Tasks folder in Windows Explorer
  3. Right-click the file with the name of the scheduled task and select properties
  4. On the Security tab select Administrators and click the Edit button
  5. Check the Read & execute checkbox and click the OK button
  6. Click Yes on the Windows Security popup

Now you should be able to manually execute the scheduled task

Copy files between Windows and Linux computers

There are many tools to copy files between Windows and Linux computers, I have found this method the simplest.

It does not require any software installation on the Windows machine, and only one package installation on the Linux machine.

Share a folder on the Windows machine

Share a folder on the Windows machine and allow access to it for a user. If the Windows computer is in the Windows domain, the domain user does not have to be a member of any security group on the Windows machine.

If you copy files from Windows to Linux, make the folder read-only for the user. If you copy files to the Windows machine, allow write access to the folder for the user.

Set up the Linux machine

  1. Install the cifs-utils on the Linux machine
    1. On Red Hat, CentOS, and Amazon Linux
      sudo yum install cifs-utils
    1. On Ubuntu
      sudo apt-get install cifs-utils

Mount the shared Windows folder on the Linux machine

  1. On the Linux machine create a directory to mount the Windows folder to
    mkdir /tmp/windows
  2. Mount the Windows share
    sudo mount.cifs '\\WINDOWS_SERVER_IP\attachments' /tmp/windows -o domain=MY_DOMAIN,username=MY_USERNAME,password=MY_PASSWORD,vers=1.0

    First, you will be asked for the root password on the Linux machine.
    If you do not specify your password in the line above, you will be also asked to enter your password on the Windows machine.

Access the Windows share

  1. On the Linux machine navigate to the mount directory
    cd /tmp/windows
  2. List the files of the Windows share
    ls -al

Troubleshooting

If you get the error message when you issue the mount command

mount error(16): Device or resource busy

try to unmount (umount !) the share first and try the mount again

umount /tmp/windows

 

Edit the HKEY_CURRENT_USER Windows Registry keys of another user

The user-specific settings in the Windows registry are stored under the HKEY_CURRENT_USER key. If you open the Regedit.exe application the HKEY_CURRENT_USER key contains the settings for your user account.

To access the registry keys of another user we need to

Find the Security ID of the user

  1. In Regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist
  2. The key lists the Security IDs and usernames
  3. Save the Security ID of the user.

Another Security ID list location:

The partial list of the Security IDs is also available at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Not all user profiles are listed here.

Click the Security ID folders on the left to see the username in the ProfileImagePath.

Open the user-specific registry keys

  1. In Regedit navigate to the HKEY_USERS key
  2. Select the Security ID of the user you are looking for
  3. The user-specific values are under that key

 

Send Alt-Control-Delete to a Windows server via Remote Desktop

When you log into a Windows server via the Remote Desktop Protocol (RDP) in some cases you need to send the Alt-Control-Delete ( in other notations Alt-Ctrl-Del, Control-Alt-Delete, Ctrl-Alt-Del ) key combination to the remote server.

From a Macintosh laptop

On a Macintosh laptop press the fn+control+option+delete keys to send Alt-Control-Delete to the server.

From a Windows workstation

If the Remote Desktop window is not in full-screen mode, Alt+Control+Delete will control your own Windows workstation.

On a Windows workstation press the Alt+Control+End keys to send Alt-Control-Delete to the remote server.

 

org.apache.jasper.JasperException: java.lang.IllegalStateException: No output folder

This error can happen on Linux and Windows, and the cause could be the same.

On Windows Server 2012R2 I opened a command prompt. To be able to delete a directory from the Tomcat webapps folder, I have issued the shutdown command.

When I started the server with the startup command, and navigated to my local website, my Java Spring MVC web application displayed the error message

org.apache.jasper.JasperException: java.lang.IllegalStateException: No output folder

The problem was, that the Tomcat service runs under root on Linux, and SYSTEM on Windows.

When you issue the startup command, Tomcat will run under the user account you logged in with.

Solution:

Stop and start the TomCat Linux or Windows service instead of issuing the shutdown and startup commands from the terminal or command prompt.

 

Git Bash and Command Prompt cannot see the VirtualBox shared folder on Windows 10 guest

When you start a Windows 10 guest machine in VirtualBox on your workstation, you can set up shared folders to seamlessly copy files between your workstation and the Windows 10 guest machine.

The shared folder appears in Windows Explorer as a mapped network location.

For more on this see Configure the Windows virtual machine in VirtualBox

On a Windows 7 guest machine the Git Bash, Command Prompt, and PowerShell windows all can see the mapped E: network drive, so you can change the working directory with

cd E:

and execute commands in the shared folders.

On a Windows 10 guest machine, only the PowerShell window can see the shared folder as a mapped network drive, E:


Command prompt will display the error message

The system cannot find the drive specified

When you try to start the Git Bash window with Git Bash Here, nothing happens.

If you start Git Bash from the menu and try to change the working directory to the E: drive, you get the error message

bash: cd: /e: No such file or directory


Map the shared drive

If you need to use the Command prompt or the Bash terminal, you can temporarily map the shared folder

  1. Open the Command Prompt on the Windows 10 guest machine
  2. Execute the command
net use x: \\vboxsvr\Users

Automate the drive mapping

Mapped drives are user-specific so if you want to use a mapped drive as an Administrator, you have to map is as Administrator.

Enable the visibility of the mapped drives

  1. Start Regedit
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  3. Create a DWORD value EnableLinkedConnections with the value 1
  4. Restart the computer

Create the automated process to map the drive of the host computer

  1. Create a new batch file in your Documents folder: map_drive.bat
    net use x: \\vboxsvr\Users
  2. Create a new scheduled task: Map the Mac file system to X
    1. Set the user account to SYSTEM
    2. Run with highest privileges
    3. Configure for Windows 10
    4. Set the trigger to startup
    5. Create a new action

To use the Bash terminal

  1. Open the Bash terminal in a directory on the C: drive
  2. Change to the shared directory with
    cd /x/...

To use the command prompt

  1. Open the command prompt
  2. Change to the shared directory with
    x:
    cd ...

Refresh the environment variables in the Windows Command Prompt and PowerShell window

When the Windows Command Prompt and PowerShell windows open, they read the environment variables from the registry. If another process changes the value of an environment variable or creates a new one, the already open windows don’t reflect those changes. To reload the environment variables into open Command Prompt and PowerShell windows execute

refreshenv