GPO – Event ID 1058, Group Policy gpt.ini–Solved

"The Processing of Group Policy failed. Windows attempted to read the file \\domain\sysvol\domain\policies\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}\gpt.ini from a domain controller and was not successful."


Under \\domain\sysvol\domain\policies\{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}  – there was no ini file  so I realized that GPO is probably corrupted

In order to determine which group policy is causing this problem .I used PowerShell  to find the friendly name of that specific GPO:

Get-GPO -id 9189e970-5663-4866-92a0-0eb2a22aab0b |select DisplayName


After recreating the gpo everything worked fine.


More information about  Group Policy Cmdlets in Windows PowerShell:

Posted in GPO | Tagged , , | Leave a comment

Remote desktop connection with 2 or more multiple screens

  • Hit “Winkey + R” to open the “Run” box
  • write mstsc and hit Enter


  • Click the “Show options” button and go to Options tab, mark the “Use all my monitors” checkbox.


  • Enjoy!
Posted in Windows | Leave a comment

Force Vmware VM to boot from CD

  • Edit the machine settings:


  • Go to Options tab, select Boot Options, and then Force BIOS Setup:


  • In the BIOS go to “Boot” tab, Then stand on the “CD-ROM Drive” and hit the “+” in the keyboard to get the CD-ROM to be first, and hit F10 to save and restart


Posted in Vmware | Leave a comment

Resetting windows server 2012 R2 local administrator or any local user passwords

  • Boot the server with the original windows media (You can obtain original media directly from MS for free as a 180 days free Evaluation: )
  • Click “Next” on the first setup screenwin2012R2_setup_screen
  • Then click “Repair your computer”win2012R2_setup_screen2
  • Then click “Troubleshoot”win2012R2_Troubleshoot
  • And “Command Prompt”win2012R2_Troubleshoot_Screen
  • Then in Command Prompt enter the following commands (In most cases the drive should be C and not D like in the example):win2012R2_CMD
  • Eject the windows media and reboot the server back to the lock screen
  • From the lock screen you can either click WIN + U in the keyboard or just click the “Ease of access” button in the welcome screen, This will try to open the ease of access executable (Utilman.exe) which is actually right now cmd.exe and will run it with highest privlages:win2012R2_Welcom_Screen
  • From that cmd window you can just use: “net user administrator NEWPASSWORD”, but in case the administrator name was changed you can also do what I showed in the screenshot to first find the administrator name:win2012R2_cmd_Reset_Pass
  • Don’t forget to reinsert the media, boot into Troubleshooting again and do the following in CMD (Otherwise you will not have “Ease of access” anymore):win2012R2_CMD_renBack
  • Good Luck!
Posted in Windows, Windows servers | Leave a comment

Updating frozen ILO firmware for a blade through the enclosure using SSH

Today I had a frozen ESXi server that was physically located in a different country so manually resetting it was not an option and when I tried to connect to its ILO using https with my web browser I’ve received an error and could not even get the ILO login screen.

I’ve tried to reset the ILO using SSH which usually worked for me in the past with no sucess, by the way it’s done by:

  1. SSH (using putty for example) to the ILO IP
  2. After you enter username and password you type: cd /map1
  3. Type: reset

That short process resets the ILO and usually is enough to login and update the firmware from the web UI which is a lot simpler.

But in my case two things happend:

  1. Resetting didn’t help
  2. After a few tries i couldn’t even login to the ILO using ssh because it was frozen as well

So, first of all if you have blade servers like in my case you can do many very nice things directly from SSH directly to the enclosure.

One very important thing is to reset the specific blade ILO from the enclosure using:

And now for updating the firmware (Finding the right bin file is at the end of this post):

There are two options that I saw, one is to use http (which didn’t work for me) and the other one is with using TFTP server (very easy once you have a guide like this one).

For the first option:

  1. Connect to the ILO using putty

  2. ***Like I said this option didn’t work for me

The second option have two parts:


  1. Downloading HP Lights-Out XML Scripting Sample for Windows which can be useful for many other things as well
  2. Inside this package you will find “Update_Firmware.xml” which looks like this (Without the comments):

    You need to change only the username, password, and path to the location of the bin file

Second you need to setup the TFTP server:

  1. Download Pumpkin
  2. After the installation in “C:\Program Files\Klever\Nothings” you can just take this folder and copy it to wherever you want (in case you don’t want to install on your servers and can’t access your PC from the ILO)
  3. put the XML file in the same directory as the EXE file of Pumpkin, together with the ILO firmware bin filepumpkin_folder


Now you should open Pumpkin and than click Optionspumpkin_main_screen

And make sure that the folder location is right and also push the radio button to “Give all files” (this is not a must but will help you to do not be have to click for confirmation)pumpkin_options

Now for the actual work:

  1. SSH to the enclosure IP

And  that is it, basically what we did is pointed the enclosure to download from the TFTP server an update script that tells it to download a firmware bin from the TFTP server.

in case you don’t know where to download the right bin file:

you just need to know what is your ILO version and than you search google for:

“ILO4 firmware” for example, the first result should bring you to here:


Download the version for any windows server and when you run it you can select “Extract”, pick a folder and inside of the extracted content you will find the Bin file.

Hope I was able to help someone.

Posted in General | Leave a comment

Exchange 2010: Get-MailboxDatabase -Status for Whitespace

In exchange 2010, event id 1221 does not exist anymore, and in order for us to find the whitespace, Microsoft has provided an appropriate command shell:
Get-MailboxDatabase -Status |ft name,databasesize,availablenewmailboxspace -auto



Posted in Exchange 2010 | Tagged , , , , | Leave a comment

Azure AD Connect: In place Upgrade Windows Azure Active Directory sync (DirSync)


Azure AD Connect: In place Upgrade Windows Azure Active Directory sync (DirSync)

*"In-place upgrade" is only relevant if the DB contains less than 50000 objects

Azure AD Connect will analyze your current DirSync settings and recommend an in-place upgrade if the number of objects in your database is less than 50,000

Download Azure AD connect

In-place upgrade Wizard

1. Launch the Azure AD Connect installer (MSI), Review and agree to license terms and privacy notice.


3. Click next to begin analysis of your existing DirSync installation.


4. When the analysis completes, we will make recommendations on how to proceed.


  • If you u use SQL Server Express and have less than 50,000 objects, the following screen is shown:


  • If you use a full SQL Server for DirSync you will see this page instead

The information regarding the existing SQL Server database server being used by DirSync is displayed. Make appropriate adjustments if needed. Click Next to continue the installation

  • If you have more than 50,000 objects, you will see this screen instead:
    To proceed with an in-place upgrade, click the checkbox next to this message: Continue upgrading DirSync on this computer. To do a parallel deployment instead you will export the DirSync configuration settings and move those to the new server.



5. Provide the password for the account you currently use to connect to Azure AD. This must be the account currently used by DirSync.


If you receive an error and have problems with connectivity, please see Troubleshoot connectivity problems.

6. Provide an enterprise admin account for Active Directory.




7. You’re now ready to configure. When you click Upgrade, DirSync will be uninstalled and Azure AD Connect will be configured and begin synchronizing.




8. After the installation has completed, sign out and sign in again to Windows before you use Synchronization Service Manager, Synchronization Rule Editor, or try to make any other configuration changes.

Customize Azure AD Connect sync

After your initial installation of Azure AD Connect, you can always start the wizard again from the Azure AD Connect start page or desktop shortcut. You will notice that going through the wizard again provides some new options in the form of Additional tasks.

The following table provides a summary of these tasks and a brief description on each of them.

Join Ruleimage

Posted in Azure AD Connect, Dirsync, Office365 | Tagged , , , | Leave a comment

Exchange 2010 – SMTP address is generated in the format of

When a new user is created, in some cases an SMTP address is generated in the format of instead of although there is no such existing address on the network
Issue is possibly due to the x400 configuration on the e-mail address policy:

When the email address is stamped, x400 finds the 2nd user as duplicated as the user’s First Name and Last Name are same.
So it adds 2 in the X400.

As the X400 found it as duplicate and added 2 , SMTP also follows the same and adds 2 to address.

Solution/Accepted workaround:

Remove x400 configuration from e-mail address policy and restarted the Exchange services.

*Please note that X.400 address function is not necessarily required in pure Exchange 2007/2010 environments.

Posted in Exchange 2003, Exchange 2010, Exchange 2013 | Tagged , , | Leave a comment

Add New exchange 2010 certificate – from CA

On your Exchange Server, Open the Management Console then from Server Configuration, Click on “New Exchange Certificate”

Enter A name for your Certificate, then click Next

Leave the ” Enable Wildcard Certificate ” un-checked, then click Next

Select the services that this exchange certificate will handle.


*Add or remove names -by clicking on the green Plus sign Add Or remove by selecting the name and click on the x sign


Click Next.

Enter Organization and Location Data. 

Specify where the Certificate Request will be saved


Click Next,  Then Click New

Exchange will start creating the Certificate Request

When Completed , Click Finish


Open CA web page using an Internet Browser,   For Example   http://caserver/CertSrv     Then click on ” Request a Certificate ” Link

Then Click on Advanced Certificate Request

Then Click on ” Submit a Certificate Request ”

Open the Certificate Request file you created in Exchange With Notepad  Select all Text

Paste the text into the webpage, and select ” Web Server ” from the Certificate Template list, Then Click Submit.

Select Base 64 Encoded,  then click on Download Certificate Chain.

Save the certificate

On The Exchange Server:

From the Exchange Management Console –> Server Configuration,choose the  the certificate you requested and Click on Complete Pending Request

Select the Certificate you downloaded from the CA, then Click Complete

Right click on the Certificate, select Assign services to certificate

Posted in Exchange 2010 | Tagged , , , | Leave a comment

When adding Office 2016 product keys to KMS – The specified KMS product key is invalid, of is unsupported by this version of VAMT. An update to support additional products may be available online.


Add Office 2016 Key to KMS server:

In order to add the KMS you need to install the Microsoft Office 2016 Volume License Pack

1. Download the Microsoft Office 2016 Volume License Pack  fro here

Follow the steps: 


Click Yes


Enter the Product Key


Open VMAT to see the new office 2016 product key



Good luck! סמיילי

Posted in Office 2016, Windows, Windows servers | Tagged , , , | Leave a comment