on the admin elevated cmd:
Manually configuration of KMS host:
C:\Program Files (x86)\Microsoft office\Office15\ cscript ospp.vbs /sethst:hostname
Manually activation of Office 2013:
C:\Program Files (x86)\Microsoft office\Office15\ cscript ospp.vbs /act
Using PowerShell to control RDS in Windows Server 2012 (Part 1)
The Battle of Renaming the RDS Server – 10 Steps of Troubleshooting
Problem:
After renaming RDS server , the connection broker and SessionHost remain with old name. Collection pointing to the old server
Resolution:
For resolving the problem will use Powershell cmdlets
Get-RDServer
Get-RDSessionCollection -Connection Broker “Servername”
Remove RD Session Collection
Remove-RDSessionCollection -CollectionName “Collection Name” -ConnectionBroker “ServerName” -Force
Remove RD Server
Remove-RDServer “ServerName” -Role RDS-RD-SERVER -ConnectionBroker “ServerName
Restart the server
Reinstall RDS Broker Role
Remove-WindowsFeature -Name RDS-Connection-Broker
Add-WindowsFeature -Name RDS-Connection-Broker
Create new deployment, collection, Session Host and Connection broker:
New-SessionDeployment -ConnectionBroker SERVER.CONTOSO.COM -WebAccessServer SERVER.CONTOSO.COM -SessionHost SERVER.CONTOSO.COM
New-RDSessionCollection -CollectionName SessionCollection -SessionHost SERVER.CONTOSO.COM -CollectionDescription “Session Collection for RDS Server” -ConnectionBroker SERVER.CONTOSO.COM
Pointing the server to the new license server if needed:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.SetSpecifiedLicenseServerList(“SERVER.CONTOSO.COM”)
Check if it is connected to the new license server
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.GetSpecifiedLicenseServerList()
To change the licensing mode on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.ChangeMode(value) – Value can be 2 – per Device, 4 – Per user
Adding a new License Server in a new Deployment
Let us assume that you already have created a Remote Desktop Services Deployment. You have a Session Based Collection and a Virtual Desktop based collection as per your business requirement. Now, you have introduced a new Server in the domain that will serve as a License Server for Remote Desktop Services.
Before you configure Licensing on any Remote Desktop Server Session Host or Virtualization Host server, the RD Licensing Diagnoser looks like below. To open RD Licensing Diagnoser, Click Tools, go to Terminal Services and click RD Licensing Diagnoser.
The image below shows that the RD Session Host Server RDS1.contoso.com neither has a Licensing mode configured nor there is a License server configured for it.
In the RD Licensing Diagnoser Information section, it will throw 2 warning(s):
1. The licensing mode for the Remote Desktop Session Host server is not configured.
2. The Remote Desktop Session Host server is within its grace period, but the RD Session Host server has not been configured with any license server.
Configuring Windows Server 2012 Remote Desktop Services Licensing involves 2 step process.
Note Make sure that the new License Server is already added to the Server Pool on the RD Connection Broker Server before you add it to the deployment.
1. Configuring the Deployment Settings
a. In the Server manager RDMS console Overview page, click on 
to add a License server which is already added to the domain
b. In the ‘Add RD Licensing Servers’ applet choose the server that you want to add to the deployment from the Server Pool and click Next
c. Click on Add on the Confirmation page and click Add
d. If the Licensing Role Service is not already installed, the Wizard will install the role, reboot the system if required and add it to the Deployment.
e. Once done, the Overview page will look like this
Adding the License server to the deployment will not automatically configure the RD Session Host server or the RD Virtualization Host servers with the Licensing mode type or point them to the License server in the deployment that you just added. To configure them you need to follow below steps.
2. Configuring the Licensing Mode.
a. In deployment Overview page, select on Tasks and click ‘Edit Deployment Properties’
b. In the ‘Deployment properties’ applet, click on the ‘RD Licensing’ page. Here you will see the License server is already added i.e., License.contoso.com in our case, however, the Licensing mode is not selected. Choose the appropriate Licensing mode. Click Apply and OK to exit the wizard.
c. At this stage the License server is installed, added to the deployment and mode is configured. However, the Licenses are yet to be installed. On the Session Host server or on the RD Virtualization host server License Diagnoser will show up as below
d. Once you have installed the required Licenses and Activated the License server, the console will look something like below
e. Also make sure to check License Configuration and that there are no Warnings with respect to configuration. The License Server should be part of ‘Terminal Server License’ group in Active Directory Domain Services.
f. On the RD Session Host server if you rerun the Diagnoser, you will see that the server now recognizes the License server the CAL type.
Adding an existing License Server in a new RDS deployment
In this scenario, let us assume that you already have an existing License server with all the required licenses installed. You just deployed a RDS deployment and created a collection. You, now want to use the same License server in your environment for the new deployment.
The steps are exactly the same as “2. Configuring the Licensing Mode” above.
In the ‘Deployment properties’ applet, click on the ‘RD Licensing’ page. In the text box specify the Licensing server name with complete FQDN and then click Add. Choose the appropriate Licensing mode ‘Per device’ or ‘Per User’. Click Apply and OK to exit the wizard.
![clip_image015[1]](https://msdnshared.blob.core.windows.net/media/TNBlogsFS/prod.evol.blogs.technet.com/CommunityServer.Blogs.Components.WeblogFiles/00/00/00/54/33/metablogapi/3312.clip_image0151_7D0D7EFD.png "clip_image015[1]")
Rest of the steps are similar and should be followed as applicable.
Configuring License server manually
There might be situation when you want to configure License server on the RD Session Host or on the RD Virtualization Host manually since you do not have any RD Connection Broker in your environment. You have already configured RD Session Host server or Virtualization Host Server as required and now you want to configure the License server which is already installed and configured with licenses. All you are left to do is configure the License Server and the Licensing mode on the corresponding RD session Host or Virtualization Host servers.
Note The following commands must be ran from an Administrative PowerShell prompt.
To configure the license server on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.SetSpecifiedLicenseServerList(“License.contoso.com”)
Note “License” is the name of the License Server in the environment
To verify the license server configuration on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.GetSpecifiedLicenseServerList()
To change the licensing mode on RDSH/RDVH:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj.ChangeMode(value) – Value can be 2 – per Device, 4 – Per user
To validate the licensing mode:
$obj = gwmi -namespace “Root/CIMV2/TerminalServices” Win32_TerminalServiceSetting
$obj. LicensingType
$obj.LicensingName
Configuring license server using Group Policy
Per your design requirements you can also configure License Server using Group Policy in your environment.
The policy is located here:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing\
“Use the specified Remote Desktop license servers” – Provide the FQDN of the license servers to use
Set the Remote Desktop licensing mode – Specify the ‘per user’ or ‘per device’ licensing types.
Known issue with RD Licensing Diagnoser:
You may receive an error “Licenses are not available for this Remote Desktop Session Host server, and RD Licensing Diagnoser has identified licensing problems for the RD Session Host Server”
In the RD Licensing Diagnoser Information Section, will show the possible cause and its remediation.
To make sure that the License Diagnoser runs successfully, you need administrator privileges on the license server.
1. To Change Product Key Number in a Command Prompt Open an elevated command prompt. In the elevated command prompt, type in the command below and press enter.
NOTE: Substitute XXXXX-XXXXX-XXXXX-XXXXX-XXXXX in this command below with your actual product key number with dashes instead. slmgr.vbs /ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
2. type slui.exe 4 to access the phone activation screen and follow the steps to activate over the phone.
http://isc.sans.edu/diary.html?storyid=2244
It’s become something of a ritual around here. Whenever I’m Handler on Duty, I reinforce my ultimate goal of eliminating the Windows GUI from use by administrators and incident handlers by writing a tip or two for using the Windows command line. One of the most frequent questions I get recently whenever I teach a SANS session on the Windows command line involves searching for files with a given name. Suppose, for example, that you want to find the program wmic.exe in your directory structure. There are two approaches I use:
First, you can change into a given directory that you want to search (such as C:\windows\system32), and then run the dir command appropriately:
C:\> cd c:\windows\system32
C:\> dir /s /b wmic.exe
The /s means that we want to recurse subdirectories. The /b means that we want the bare form of output (which will omit the volume information, ., and .. from our listing). When /b is used with /s, it will print out the full path to the item for which we search (context-specific command flags that change their behavior in light of other flags can be trouble for memorization, I admit). The downside of doing this is that you have changed out of your current directory to do the search.
But, diligent readers Michael Wilson, Chris Wolf, and a reader desiring anonymity have pointed out that you can search for something without changing your current directory by running the command thusly:
C:\> dir /s /b c:\windows\system32\wmic.exe
It looks like this command would only find a wmic.exe if it is system32 itself, but it actually looks through system32 and all of its subdirectories, doing just what we want. Pretty cool! And, you don’t lose your current directory in the process.
The second approach is to use the dir command again, but to scrape through its output using the find command, as in:
C:\> dir /s /b c:\windows\system32 | find “wmic.exe”
The first approach has better performance (because we are not scraping through Standard Out).
Oh, and another frequent question I get: How can I do a line count on the output of another command? UNIX and Linux folks frequently use “wc –l” to count stuff…. How can we do this in Windows? Suppose, for example, you wanted to count the number of files and subdirectories inside of c:\temp. There is no wc command built in, but here is a method I use:
C:\> dir /b c:\temp | find /c /v “~~~”
The dir command gets a directory listing, in bare format (/b) of c:\temp. I use the find command to count (/c) lines that DO NOT contain (/v) the string ~~~. It would be very unusual to have that string, so it gives me a pretty accurate line count. If you are really concerned about having such lines, you can run it without the /v and make sure the count is 0. Also, you can recurse subdirectories using /s, as you might expect. And, this technique can also be used to count other things, like the number of running processes called svchost.exe, using the tasklist command (built into Win XP Pro and 2003):
C:\> tasklist /fi “imagename eq svchost.exe” | find /c /v “~~~”
Don’t forget to subtract the appropriate number of column headers and footer lines from your output (in the case of tasklist, you have to subtract 3, because of the Column titles, the ===== under the columns, and an extra carriage return it puts at the end). Attentive reader Chris Luhman mentioned that you can use the /nh option in tasklist to get it to omit the header (nh stands for no header). Then, you’ll only have to subtract one from the output. It is an odd but recurring thing in Windows command line tools. They often put an extra line at either the beginning or the end of their output. I see this a lot with wmic.
Oh, and there are other things you can do with the line count method I’ve described above. For example, to count the number of lines in your win.ini file, you can use the type command (the rough equivalent to the UNIX cat command):
c:\> type c:\windows\win.ini | find /c /v “~~~”
And the list goes on and on…
This is a rather contrived way of doing a line count, but it works very nicely for me. If you know of a better way, using only built-in Windows commands, please let me know.
Thanks!
–Ed Skoudis
Handler on Duty
Intelguardians
netstat -ano | find /i “ESTABLISHED” list of norm connections
netstat -ano | find /i /c “ESTABLISHED” count of norm connections
netstat -ano | find /i “SYN_RECIEVED” list half-opened connections
netstat -ano | find /i /c “SYN_RECIEVED” count half-opened connections
netstat -ano >c:\netstat.txt save log of netstat
DDos, or Distributed Denial of Service is an attack in which a multitude of
compromised systems attack a single target, thereby causing denial of service
for users of the targeted system.
How to detect DDoS in Windows:
The most common feature in a DDoS attack is the flooding of incoming packets
to the target system. You can find the current network connections using the
command “NETSTAT”
NETSTAT is a command line utility which displays protocol statistics and
current TCP/IP network connections in a system.
Step1: Click Start >> Click Run >> Type cmd >> and then Click OK.
Step 2: At the command prompt, type netstat –ano > netstat.txt, and then
press ENTER.
netstat -ano
a – Displays all connections and listening ports.
n – Displays addresses and port numbers in numerical form.
o – Displays the owning process ID associated with each
connection.
The command ” netstat -ano > netstat.txt ” creates a file “netstat.txt” which
lists all the listening ports with their corresponding IP connections.
Step 3 : Now check the total number of connection at port 80 using the command
given below:
netstat -ano | find /i /c “80”
FIND command searches the text typed at the prompt or piped from another
command.
find /i /c “80”
/i – Ignores the case of characters when searching for a string.
/c – Displays only the count of lines containing the string.
Step 4: Now check for the IPs which are having the maximum number of
connections at port “80” and output the result in another file.
Step 5: Check for the IP which is having the maximum number of connection and
block its access using IP Security Policy.
How to block the IP address using IP security:
Step 2: Now in the left side you will see “IP security policies on local computer”
Step 3: Right Click >> Create IP security policy >> Click Next in “IP security policy Wizard”
Step 4: In the Name field give your Policy name and type a description.
Step 5: Click “Next” >> Leave “activate” ticked >> Click “Next”
Step 6: Leave the “edit” properties ticked >> Click “Finish”
Step 7: You will get the properties window >> Click “ADD” >> Click “Next” to continue.
Step 8: Leave “This rule does not specify a tunnel” selected >> Click “Next”
Step 9: Leave “all network connections” selected >> Click “Next”
Step 10: You will now be on the IP filter list. You need to create a new filter, so don’t select any of the default ones. Click “ADD”
Step 11: Type a Name for your list, say “Blacklist” >>Type a description,it can be same as name >> Click “ADD” >> Click Next to continue.
Step 12: In the description box type a description. As its the first IP you are blocking say “IP Blacklist 1” >> Leave ticked the “Mirrored” >> Click “Next”
Step 13: The “Source address” should be left as “Specific IP address” >> Give the IP address having the attack >>Click “Next”
Step 14: In IP traffic destination select “A Specific IP address” or “A Specific Subnet” for the Destination address.
Type in the IP address you want to block and if blocking a subnet type in the subnet block. Click “Next”.
Step 15: Leave the protocol type as “Any” >> Click Next >> Finish
Step 16: Right click on the Policy and Click “Assign”.
Step 17: Restart Ipsec service :
http://gargmanoj.wordpress.com/2008/07/17/how-to-repair-a-sql-server-2005-suspect-database/
Sometimes when you connect to your database server, you may find it in suspect mode. Your database server won’t allow you to perform any operation on that database until the database is repaired.
A database can go in suspect mode for many reasons like improper shutdown of the database server, corruption of the database files etc.
To get the exact reason of a database going into suspect mode can be found using the following query,
DBCC CHECKDB (‘YourDBname’) WITH NO_INFOMSGS, ALL_ERRORMSGS
Output of the above query will give the errors in the database.
To repair the database, run the following queries in Query Analyzer,
EXEC sp_resetstatus ‘yourDBname’;
ALTER DATABASE yourDBname SET EMERGENCY
DBCC checkdb(‘yourDBname’)
ALTER DATABASE yourDBname SET SINGLE_USER WITH ROLLBACK IMMEDIATE
DBCC CheckDB (‘yourDBname’, REPAIR_ALLOW_DATA_LOSS)
ALTER DATABASE yourDBname SET MULTI_USER
and you are done. 
You should keep one thing in mind while using the above queries that the repair mode used here , REPAIR_ALLOW_DATA_LOSS, is a one way operation i.e. once the database is repaired all the actions performed by these queries can’t be undone. There is no way to go back to the previous state of the database. So as a precautionary step you should take backup of your database before executing above mentioned queries.
Ha-P Querying…
Sulich's Blog 