Windows 10 FTP Firewall Issues
netsh advfirewall firewall add rule name="FTP Inbound" dir=in action=allow program="%windir%\system32\svchost.exe" remoteip=any localip=any protocol=TCP localport=20,21,990,989 remoteport=20,21,990,989 profile=any
netsh advfirewall set global StatefulFTP disable
netsh advfirewall firewall add rule name="FTP Service" action=allow service=ftpsvc protocol=TCP dir=in profile=any

WSE add pre-existing domain PCs

reg add “HKLM\SOFTWARE\Microsoft\Windows Server\ClientDeployment” /v SkipDomainJoin /t REG_DWORD /d 1

Then setup as admin when prompted for user

Install old app requiring IE6 on Windows 10

Install app
* First close all running programs and open documents.
* Double click on the Digital Image Suite setup file from you original disk.
* If the User Account Control promptes you to give permission, just authorize it.
* Select a few options available. When it says “The Windows Update: Internet Explorer and Internet Tools cannot be installed on this computer. This product does not install on 64-bit platforms.” message, click OK button to contunie.
* You will get the second usual error “Setup has detected that Microsoft Internet Explorer 6.0 installation was not completed. The installation may have been cancelled, or you may not have enough free space on your disk.” Don’t click it.
Return to your desktop, press the Win+X from your keyboard, click on Shut down or sign out > Sign out.
* Window 10 wait for intervention and cannot carry the operation. Wait a few seconds to sign in again, click on Cancel button > OK. Now the installation runs well.

Fixing the TEMP folder Permissions

icacls %temp% /inheritance:r
icacls %temp% /grant %username%:(OI)(CI)F /T /C
icacls %temp% /grant Administrators:(OI)(CI)F /T /C
icacls %temp% /grant System:(OI)(CI)F /T /C
md %temp%\Low
icacls %temp%\Low /setintegritylevel (OI)(CI)low

Remembering Jonathan Gold’s Time in New York

He never took notes, and in those days didn’t take cellphone pictures, either. He told me something that I’ve put into practice ever since: “When it comes time to write about a meal, you’ll only remember what’s worth writing about. Nobody wants to read a list of dishes and ingredients.” And later he said, “We don’t write about food, we write about the act of eating.” He was philosophical that way, as if always examining his own assumptions about human experience and its relation to gastronomy — though never in a pretentious way.

Remove unwanted partition on Windows 10

Right-click Start, select Command Prompt or Powershell, with ELEVATED privileges (Run as Administrator)
Step 2: Diskpart
type “diskpart” this will open Windows’ partition manager
Step 3: list volume
lists volume(s) on your system and their associated drive letters
DISKPART> list volume
Step 4: Select Volume X
select the volume you want to work with, in this EXAMPLE, it is Volume 2
Step 5: remove letter=X

VPN issues after new SSL cert installed

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the same certificate.
To replace the certificate hash value of the SSTP-based Routing and Remote Access server certificate with the certificate hash value of the IIS Web server certificate, follow these steps:

  1. Obtain the Sha256 hash value for the IIS Web server certificate. You can obtain the hash value from the error message that is logged in the System event log of the VPN client. For example, the Sha256 hash value may resemble the following hash value:


  2. Open an elevated command prompt on the VPN server.
  3. At the command prompt, type the following command, and then press ENTER to configure the Sha256CertificateHash registry key value for the SSTP service:

    reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters /v SHA256CertificateHash /t REG_BINARY /d d075f96f979fd4df20f3fdf7a5335807879ca627e5f3fc0bab7a7ac067c831c6 /f

  4. At the command prompt, type the following commands one at a time, and then press ENTER to restart the Routing and Remote Access service:

    net stop sstpsvc /y
    net start remoteaccess

  5. At the command prompt, type exit, and then press ENTER to close the command prompt.

Now, VPN clients can establish VPN connections to the SSTP-based Routing and Remote Access server by using the IIS Web server certificate.

Start-ManagedFolderAssistant with RPC error after activating Archive

In Office 365 administrators can invoke the managed folder assistant by using the start-ManagedFolderAssistance command.

PS C:\> Start-ManagedFolderAssistant

This week I had a customer present with an issue where the invocation of the managed folder assistance was failing with a generic RPC error.

“The call to Mailbox Assistance Service on server: ‘NAME’ failed.  Error from RPC is –2147220989”

When this error is encountered subsequent retries of the same command can be successful.

The error can sometimes occur as portions of mailboxes are being initialized within the service.  For example – if a secondary archive is being provisioned off a main archive.

As a potential workaround to this issue the primary mailbox GUID can be specified in the start-ManagedFolderAssistant command. 

get-mailboxLocation –user | fl mailboxGuid,mailboxLocationType

MailboxGuid         : aace1f4e-5181-4855-a0c7-466f1fe2f1d1

MailboxLocationType : Primary

MailboxGuid         : c2098d94-d55b-4a06-9b52-d485c54e9a19

MailboxLocationType : MainArchive

This command will dump the mailbox types and GUID of all mailboxes associated with a user.

From the list we can locate the primary mailbox and the mailbox GUID.  Using this mailbox GUID we can invoke the managed folder assistance.

PS C:\> Start-ManagedFolderAssistant aace1f4e-5181-4855-a0c7-466f1fe2f1d1

When utilizing the GUID we can minimize the change that any initialization process does not cause the command to fail.

Back to Top