Fixing the TEMP folder Permissions

icacls %temp% /inheritance:r
icacls %temp% /grant %username%:(OI)(CI)F /T /C
icacls %temp% /grant Administrators:(OI)(CI)F /T /C
icacls %temp% /grant System:(OI)(CI)F /T /C
md %temp%\Low
icacls %temp%\Low /setintegritylevel (OI)(CI)low

Remembering Jonathan Gold’s Time in New York

He never took notes, and in those days didn’t take cellphone pictures, either. He told me something that I’ve put into practice ever since: “When it comes time to write about a meal, you’ll only remember what’s worth writing about. Nobody wants to read a list of dishes and ingredients.” And later he said, “We don’t write about food, we write about the act of eating.” He was philosophical that way, as if always examining his own assumptions about human experience and its relation to gastronomy — though never in a pretentious way.

Remove unwanted partition on Windows 10

Right-click Start, select Command Prompt or Powershell, with ELEVATED privileges (Run as Administrator)
Step 2: Diskpart
type “diskpart” this will open Windows’ partition manager
Step 3: list volume
lists volume(s) on your system and their associated drive letters
DISKPART> list volume
Step 4: Select Volume X
select the volume you want to work with, in this EXAMPLE, it is Volume 2
Step 5: remove letter=X

VPN issues after new SSL cert installed

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the same certificate.
To replace the certificate hash value of the SSTP-based Routing and Remote Access server certificate with the certificate hash value of the IIS Web server certificate, follow these steps:

  1. Obtain the Sha256 hash value for the IIS Web server certificate. You can obtain the hash value from the error message that is logged in the System event log of the VPN client. For example, the Sha256 hash value may resemble the following hash value:


  2. Open an elevated command prompt on the VPN server.
  3. At the command prompt, type the following command, and then press ENTER to configure the Sha256CertificateHash registry key value for the SSTP service:

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v SHA256CertificateHash /t REG_BINARY /d d075f96f979fd4df20f3fdf7a5335807879ca627e5f3fc0bab7a7ac067c831c6 /f

  4. At the command prompt, type the following commands one at a time, and then press ENTER to restart the Routing and Remote Access service:

    net stop sstpsvc /y
    net start remoteaccess

  5. At the command prompt, type exit, and then press ENTER to close the command prompt.

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the IIS Web server certificate.

Start-ManagedFolderAssistant with RPC error after activating Archive

In Office 365 administrators can invoke the managed folder assistant by using the start-ManagedFolderAssistance command.

PS C:\> Start-ManagedFolderAssistant

This week I had a customer present with an issue where the invocation of the managed folder assistance was failing with a generic RPC error.

“The call to Mailbox Assistance Service on server: ‘NAME’ failed.  Error from RPC is –2147220989”

When this error is encountered subsequent retries of the same command can be successful.

The error can sometimes occur as portions of mailboxes are being initialized within the service.  For example – if a secondary archive is being provisioned off a main archive.

As a potential workaround to this issue the primary mailbox GUID can be specified in the start-ManagedFolderAssistant command. 

get-mailboxLocation –user | fl mailboxGuid,mailboxLocationType

MailboxGuid         : aace1f4e-5181-4855-a0c7-466f1fe2f1d1

MailboxLocationType : Primary

MailboxGuid         : c2098d94-d55b-4a06-9b52-d485c54e9a19

MailboxLocationType : MainArchive

This command will dump the mailbox types and GUID of all mailboxes associated with a user.

From the list we can locate the primary mailbox and the mailbox GUID.  Using this mailbox GUID we can invoke the managed folder assistance.

PS C:\> Start-ManagedFolderAssistant aace1f4e-5181-4855-a0c7-466f1fe2f1d1

When utilizing the GUID we can minimize the change that any initialization process does not cause the command to fail.

Upgrade UniFi Controller as a service

Ubiquiti provides instructions here for running the UniFi Controller as a service. What they don’t tell you is that when you try to upgrade the controller, you can’t, because the service is still running. Here are the instructions for that:

1. Back up your config from Settings > Maintenance > Download Backup.  If that doesn’t work from remote access, try it from a browser on the LAN.  If _that_ doesn’t work, go to Settings > Auto Backup and download the most recent backup.

2. On the server running the controller, open an administrative Command Prompt.  Stop the UniFi Java service:

cd "%UserProfile%\Ubiquiti UniFi\"
java -jar lib\ace.jar stopsvc

3. Overinstall the new controller (run UniFi-installer.exe).  On the last page of the install wizard, check “Start UniFi Controller after installation”.

4. In the small window that opens, wait until it says “UniFi Controller (x.xx.xx) started”:


Close the window (do not launch browser).

5. Back at the administrative Command Prompt, install and start the service:

java -jar lib\ace.jar installsvc
java -jar lib\ace.jar startsvc

6. Test access from a brows

Back to Top