Installing Desktop Experience on Server 2012 R2 core after patching

So it seems like if you have originally installed a Windows 2012 R2 Core Server, then added the required GUI roles, then patched the server up to date, it can become extremely hard to install particular features that will be listed as ‘Removed’ rather than just Unavailable/Not Installed.

After spending way too many hours, in obscure threads, with unhelpful error messages like:

Source files could not be found.

Update InkAndHandwritingServices of package InkAndHandwritingServices failed to be turned on.

Status: 0x800f081f.

Status: 0x800f0906.

Attempting every various DISM & Install-WindowsFeature combination in existence (such as -Source “Windows Update”), the solution boiled down to a few simple steps.

Basically, create a fully up-to-date WIM file, and then use a local group policy to specify the source path.

Instructions on how to do so:

1. Copy install.wim from the latest 2012R2 ISO (X:\sources\Install.wim) to a local folder (eg. C:\Wim\).
2. Download all 2012R2 updates with wsusoffline, for convenience I selected the ‘USB: Copy updated to directory’ folder.

3. Mounted install.wim:2 with dism

4Applied updates to install.wim:2

5. Committed changes to the wim file.

For convenience the following PowerShell script was used for steps 3-5:

$UpdatesPath = "C:\Updates\Updates\w63-x64\glb"
$MountPath = "C:\wim\mount"
$WimFile = "C:\wim\install.wim"

DISM /Mount-Wim /WimFile:$WimFile /index:2 /Mountdir:$MountPath
$UpdateArray = Get-Item $UpdatesPath
ForEach ($Updates in $UpdateArray)
DISM /image:$MountPath /Add-Package /Packagepath:$Updates
Start-Sleep –s 5
Write-Host "Updates Applied to WIM"
DISM /Unmount-Wim /Mountdir:$MountPath /commit
DISM /Cleanup-Wim

6. Edit local policy to never download updates from Windows Update

7.  Edit local policy to use wim:c:\wim\install.wim as source

Open gpedit -> Computer Configuration -> Administrative Templates -> System -> Specify settings for optional component installation and component repair

Select Enabled and Enter the alternate source path as wim:C:\wim\install.wim:2

8. Open PowerShell as an Administrator and run “Install-WindowsFeature -Name Desktop-Experience”.
9.  And with a bit of luck the Desktop Experience will be successfully installed!

Total Views: (8)

Run New-PSSession as Scheduled Task

An internal error occurred.
+ FullyQualifiedErrorId : CreateRemoteRunspaceFailed

After literally 2 hours bashing my head why a scheduled task would not run as a service account. But worked fine with normal account.

Granting the ‘Allow log on as batch job’, ‘Allow log on locally’, and even adding the account to the Local Administrators group on all servers still the same error kept coming up.

Thanks to a beautiful link from this large post:


There’s a reference to a very obscure fix:

Create the following two folders:


Total Views: (14)

Clearing the ConflictandDeleted Folder DFSR

Clearing the ConflictandDeleted Folder DFSR Windows Server 2012 R2.

List the DFS Replicated Folders:

WMIC.EXE /namespace:\\root\microsoftdfs path dfsrreplicatedfolderconfig get replicatedfolderguid,replicatedfoldername

Paste in the GUID of the folder you would like to clean up.

WMIC.EXE /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo where ‘replicatedfolderguid=”70bebd41-d5ae-4524-b7df-4eadb89e511e”‘ call cleanupconflictdirectory

Wait a few minutes! Done!


Total Views: (48)

Delete technician from drop down assign menu Manage Engine ServiceDesk Plus

How to delete a technician from the drop down assign ticket menu in Manage Engine ServiceDesk Plus.

Connect to the database.

Run this query to get the technician ID’s.

Select au.user_id"Userid",au.first_name"Name",sd.status"Status",hc.technicianid"Technician ID" from HelpDeskCrew hc left join AaaUser au on hc.TECHNICIANID=au.USER_ID left join AaaLogin al on al.USER_ID=au.USER_ID left join SDUser sd on sd.USERID=au.USER_ID

Then delete them from the helpdeskcrew table.

delete from helpdeskcrew where technicianid=’$insertTechnicianIdHere’;


We had one error come through with a purchase request & order being created by one of the staff, I had to delete this request and order before it would let me delete them from this table.


Restart the application once done, and all good!

Total Views: (63)

Remove Shutdown from Start Menu – Computer Policy

Remove Shutdown from Start Menu by Computer Policy

Prevent users from shutting down or restarting computer once again through computer policy.

The reasons for doing this, and not using the standard ‘user policy’ which removes the shutdown option from the Start Menu, is because the organisation required this for a bunch of meeting room computers. As users use their own logins to login here, a computer policy is the best option as it removes the need for a ‘loopback’ policy which can cause great annoyances with GPO’s.


The required GPO settings for this can be found here:

Once implemented, the Start Menu now looks like this:


You’ll also notice the Security Option which removes the shutdown option from the log on screen!


Total Views: (19)

Shadow RDS Session PS Script for Helpdesk Staff

I wrote this PowerShell script so that our Helpdesk staff were able to view the Remote Desktop Sessions on our 2012 RDS Hosts and shadow them.

The script queries the RDS farm with Get-RDUserSession by invoking this command on your Mangement Server (that has the RDS Tools installed), then starts mstsc with the appropriate session ID and Session Host.


The main gist of it is in these two lines….

$result = invoke-command -computer "DomainController" -scriptblock {Get-RDUserSession -ConnectionBroker "ConnectionBroker" | Select-Object -Property Username,HostServer,UnifiedSessionID} -Credential $credentials

Start-Process mstsc -Credential $credentials -ArgumentList "/shadow: $($newResult.UnifiedSessionId) /control /v: $($newResult.HostServer) /noConsentPrompt"

However I’ve wrapped up the results into a little GUI and have a nice connect button to make it as easy as possible for helpdesk staff.



Total Views: (116)

Cannot open database “SUSDB” requested by the login. The login failed.~~Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’

Unable to synchronize updates with SCCM 2012 R2 with WSUS using a Windows Internal Database.

WCM.log – SCCM\Microsoft Configuration Manager\Logs\

Cannot open database “SUSDB” requested by the login. The login failed.~~Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’

System.Data.SqlClient.SqlException — Cannot open database “SUSDB” requested by the login. The login failed. Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’.


Checking the error.log for WID – C:\Windows\WID\

Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’. Reason: Failed to open the explicitly specified database ‘SUSDB’.
Error: 18456, Severity: 14, State: 38.


The solution:

Uninstall KB3148812

More info:


Install KB3159706

Then run the post-install steps from the link above.

Total Views: (12038)

Last User Logged In To Computer with SCCM and Powershell

Recently tasked with getting a list of all users who were last logged into a computer, and then finding their department (AD department attribute) based on that user account. This is to get the department each computer is associated with so they can be cost-coded to.

Add and run the following query into SCCM under Monitoring -> Queries.

SCCM 2012 R2 Query:

SELECT SMS_R_System.LastLogonUserName, SMS_R_System.Name, SMS_R_System.LastLogonTimestamp


Press CTRL + A then CTRL + C to select the results of the report and copy it to a clipboard. Open up excel and paste the values in.

At this point I removed all the rows with blank usernames.

Insert a new  at the top and fill it in the respective rows with the headers username, computer, lastLogon, department

It should look like this:

Save the file as a csv  and name it something like SCCMExport.csv

Next, copy the following PowerShell script and modify the filename variables to be appropriate ($data and $outputFileName)

$data = Import-Csv "SCCMExport.csv"
$outputFileName = "ComputerbyDepartment.csv"

$outputCSV = New-Object System.Data.DataTable
$outputCSV.Columns.Add("username") | Out-Null
$outputCSV.Columns.Add("computer") | Out-Null
$outputCSV.Columns.Add("lastLogon") | Out-Null
$outputCSV.Columns.Add("department") | Out-Null

foreach ($user in $data){
$department = Get-ADUser -Identity $user.username -Properties Department | select -ExpandProperty department

$outputCSV | Export-CSV $outputFileName -NoTypeInformation -Append -Force

All done. Check the OutputFile to see all the Departments listed neatly next to the users and computers.

Total Views: (1953)

Citrix on Mac OS X – You have chosen not to trust ‘SSL provider’ the issuer to the server’s security certificate

Citrix ICA Client: SSL Error 61: You have not chosen to trust “VeriSign/Go Daddy/Rapid SSL etc”, the issuer to the server’s security certificate.

What you need to do is install the full SSL Certificate Chain.

You can get view which chain you need by going to the StoreFront website and clicking the view certificate button.

Then follow these instructions to install BOTH the Intermediate and the Root certs.

Pro Tip: You don’t have to SFTP/SSH the certs to the NetScaler if it’s in your DMZ and don’t have access, you can create new files using the ‘Install’ button and just copy/paste the cert contents into the ‘new file’.

If you get an error “No Certificate Found for Linking” then you are uploading the wrong chain of files.

Once you have both certificates uploaded, click on your initial SSL cert, and link it to the intermediate cert you just uploaded. Then click the intermediate cert and link it to your root cert.

With this all done the Mac will be able connect succesfully to your citrix session!



Total Views: (599)

Remote Desktop Gateway behind IIS with ARR

Unable to connect to a RDP Gateway Session Host when it is behind IIS running Application Request Routing.

IIS  -> Remote Desktop Gateway Web Access -> Remote Desktop Gateway Session Host.

Everything worked internally, connecting externally to the web server works fine and the actual rdp file that is downloaded and runs looks fine (correct server address, correct gateway address) but still just times out upon trying to connect.

Turns out to be the IIS ARR at fault.

Click on Server Farms -> -> Proxy -> Buffer Settings -> Set Response buffer threshhold (KB) to zero (0) -> Apply

Refresh your RDWeb page and it will instantly connect!

Total Views: (994)