Solved! Login Failed, slow logins, winlogon notification subscriber gpclient error taking 450 seconds to boot

A client was having an issue logging into their computer.  First was a blue screen with the login failed because the unique identifier is not supported.  After fixing that issue, We faced two errors today with our roaming profile.

Error 1:

First logon fails with “The universal unique identifier (UUID) type is not supported

Error 2:

Here is the winlogin notification about the gpclient in event viewer we received after taking 10 minutes to login.

The first part was solved by taking control of the gpsvc service then applying the command from here:

cmd /c reg add “HKLM\SYSTEM\CurrentControlSet\Services\gpsvc” /v Type /t REG_DWORD /d 0x10 /f

after we ran this command in an elevated command prompt, the error for the UUID went away, but it still took ten minutes to log in.  We did a little more research and found a beautiful script below.  We copied it into a winlogin.bat file, saved it on the C Drive.  After we saved it, we opened an elevated command prompt and ran navigated to the script to run it.  I found just double clicking the script or opening it did not work properly.

@Echo off
If EXIST "c:\Wbem.txt" GOTO END
:BEGIN
 Echo.Checking following services... 
Echo IPHelper (iphlpsvc) 
Echo SMS Agent Host (CcmExec) 
Echo Security Centre (wscsvc)  
Echo Windows Management Instrumentation (winmgmt) 
Echo.  

Set Service1="ccmexec"
Set Service2="iphlpsvc"
Set Service3="wscsvc"
Set Service4="winmgmt"

:CHECK
for /F "tokens=3 delims=: " %%H in ('sc query %Service1% ^| findstr "STATE"') do ( 
Set Service1State=%%H 
if /I "%%H" NEQ "STOPPED" (
echo.%Service1% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script
net stop %Service1% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service2%  ^| findstr "STATE"') do (   Set Service2State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service2% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script net stop %Service2% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service3% ^| findstr "        STATE"') do ( Set Service3State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service3% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script    net stop %Service3% timeout 10 cls GOTO Check ) ) for /F "tokens=3 delims=: " %%H in ('sc query %Service4% ^| findstr "        STATE"') do ( Set Service4State=%%H if /I "%%H" NEQ "STOPPED" (    echo.%Service4% still STOP_PENDING. Press Any key to check again otherwise Ctrl C out of the script    net stop %Service4% timeout 10 cls GOTO Check ) )  

:STATUS CLS Echo.%Service1% is %Service1State% Echo.%Service2% is %Service2State% Echo.%Service3% is %Service3State% Echo.%Service4% is %Service4State% echo. echo.All Services Stopped... Please Wait... Repairing WBEM Repository del C:\Windows\System32\wbem\Repository\*.* /q rd C:\Windows\System32\wbem\Repository* /q timeout 5 cls echo.Fix complete. Your computer will Restart in 60 seconds. shutdown -r -t 60 echo.WBEM Script Control > c:\WBEM.txt timeout 60  :END

After running this script, the boot time went down to 30 seconds instead of 5-10 minutes.  It seems when this problem happens you have to run this manually.  I’m sure you can set this up in a shutdown sequence.

Here are two resources I used:

https://support.microsoft.com/en-us/help/2976660/first-logon-fails-with-the-universal-unique-identifier-uuid-type-is-no

https://community.spiceworks.com/topic/324801-winlogon-notification-subscriber-gpclient-error-taking-605-seconds-to-boot

Synchronize time with external NTP server on Windows Server 2008, Server 2008R2

Here’s how to synchronize time with an external NTP server on Windows Server 2008 (R2).

Posted on 16 November 2009 by Marek in MicrosoftWindows Server 2008Windows Server 2008 R2

Time synchronization is an important aspect for all computers on the network. By default, the clients’ computers get their time from a Domain Controller and the Domain Controller gets his time from the domain’s PDC Operation Master. Therefore the PDC must synchronize his time from an external source. I usually use the servers listed at the NTP Pool Project website. Before you begin, don’t forget to open the default UDP 123 port (in- and outbound) on your (corporate) firewall.

  1. First, locate your PDC Server. Open the command prompt and type: C:>netdom /query fsmo
  2. Log in to your PDC Server and open the command prompt.
  3. Stop the W32Time service: C:>net stop w32time
  4. Configure the external time sources, type: C:> w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org”
  5. Make your PDC a reliable time source for the clients. Type: C:>w32tm /config /reliable:yes
  6. Start the w32time service: C:>net start w32time
  7. The windows time service should begin synchronizing the time. You can check the external NTP servers in the time configuration by typing: C:>w32tm /query /configuration
  8. Check the Event Viewer for any errors.

How to show and hide a Windows Update or Driver Update from Windows 10

Recently I’ve had an issue with Windows Update where it wouldn’t install a particular update.  It would crash and make Windows boot screen stay in a perpetual startup or “Welcome” screen.  I was able to cancel the update by restarting which rolled the computer back to a time before the update, then it would re-download the update and crash again.  Unlike Microsoft Windows updates of old, there is no place natively to view updates and stop them from installing.  I found the following steps from the Microsoft article on how to prevent a driver update from reinstalling to be helpful.  In particular downloading the wushowhide.diagcab file did the trick for us.  We were able to hide the update and the system hasn’t been in a reboot loop since:

For Windows 10 Version 1607 (Anniversary Update)

  1. Start Device Manager. To do this, press and hold (or right-click) the lower-left corner of the desktop, and then select Device Manager.
  2. Locate and right-click the device that has the problem driver installed, and then select Properties.
  3. Select the Driver tab, and then select Roll Back Driver.

For Windows 10 Version 1511 (November update)

Important If you don’t have Version 1607 installed, we recommend that you update now. You can use Windows Update to get Version 1607 or go to https://www.microsoft.com/en-us/software-download/windows10, and then select Update Now.

  1. Start Device Manager. To do this, press and hold (or right-click) the lower-left corner of the desktop, and then select Device Manager.
  2. Locate and right-click the device that has the problem driver installed, and then select Properties.
  3. In the Confirm Device Uninstall dialog box, select the Delete the driver software for this device checkbox, if it’s available.

To temporarily prevent the driver from being reinstalled until a new driver fix is available, a troubleshooter is available that provides a user interface to hide and show Windows updates and drivers for Windows 10.

The following troubleshooter is available for download from the Microsoft Download Center (note, file will begin downloading once you click):

Download icon Download the “Show or hide updates” troubleshooter package now.

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

When you click the download link, you’re prompted to open or save wushowhide.diagcab.

open or save wushowhide.diagcab prompt

To run the troubleshooter, open wushowhide.diagcab, select Next, and then follow the instructions in the troubleshooter to hide the problematic driver or update.

Getting files to show up in Network folder

Remove the following registry keys

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRemoteRecursiveEvents
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRemoteChangeNotify
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters]

“DirectoryCacheLifetime”=dword:00000000


Restart explorer and try again!

The keys didn’t exist for me, but I added them as DWord with a value of 0 (zero) and restarted Explorer and it worked.

http://www.teamas.co.uk/2012/02/windows-2008-r2-shared-files-do-not.html

https://social.technet.microsoft.com/Forums/windows/en-US/947489ae-dc86-45f0-ad5e-463a62e1d59f/files-not-showing-up-in-networked-drive

Group Policy Settings for Personalization

Group Policy

Preventing users from changing their personalization settings

The following Group Policy settings prevent users from making changes:

  • Prevent changing theme
  • Prevent changing visual style for windows and buttons
  • Prevent changing window color and appearance
  • Prevent changing desktop background
  • Prevent changing desktop icons
  • Prevent changing mouse pointers
  • Prevent changing screen saver
  • Prevent changing sounds

Preventing users from changing personalization settings locks them to their current settings. If you want to force specific settings, you can apply a specific theme for new users by using the following Group Policy setting:

  • Load a specific theme
Note
You should carefully consider if this policy setting is appropriate. People with disabilities use several personalization options. For example, high-contrast modes are applied by using the themes and the Window Color and Appearance features in Personalization in Control Panel.

Using the screen saver to lock the system when it is not being used

It is possible to enforce a system lock after a defined interval. This requires the following two policy settings:

  • Password protect the screen saver
  • Screen saver timeout

When you change these policy settings, the system locks after the time you define, no matter what screen saver the user has selected. In Windows 7, even if the user selects the screen saver labeled None, the system locks at the specified interval. If you want to enforce a specific screen saver, you can use the following policy setting:

  • Force specific screen saver

Group Policy settings introduced in Windows 7

The following Group Policy settings to control personalization are added in Windows 7.

The full path of this node in the Group Policy Management Console is:

User Configuration\Administrative Templates\Control Panel\Personalization

Available policy settings:

Name Explanation Requirements
Prevent changing mouse pointers This policy setting allows you to prevent users from changing their mouse pointers.

If you enable this policy setting, the Change mouse pointers link in Control Panel does not function.

At least Windows 7 or Windows Server 2008 R2
Prevent changing sounds This policy setting allows you to prevent users from changing system sounds.

If you enable this policy setting, the Sounds option in Personalization in Control Panel does not function.

At least Windows 7 or Windows Server 2008 R2
Load a specific theme This policy setting allows you to apply a specific theme when the user logs on for the first time.

If you enable this policy setting, when the user logs on for the first time, the theme you selected is applied to that computer.

Note
This policy setting does not prevent the user from customizing their current theme or selecting another theme. To lock a specific theme, see Preventing users from changing their personalization settings.
At least Windows 7 or Windows Server 2008 R2

Changes to legacy Group Policy settings

In Windows 7, many legacy Group Policy settings have been removed or located so that domain administrators can find all of the relevant options in one place.

The full path of this node in the Group Policy Management Console is:

User Configuration\Administrative Templates\Control Panel\Personalization

Available policy settings:

Name Explanation Requirements
Prevent changing color scheme This policy setting is removed in Windows 7.

If you enable the Prevent changing window color and appearance policy setting, you can prevent users from changing the colors and system metrics of your windows.

Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP
Prevent changing theme This policy setting allows you to prevent users from selecting a different theme or saving any of their customized themes.

If you enable this policy setting, the theme gallery in Personalization in Control Panel does not function.

At least Windows XP Professional or Windows Server 2003 family
Password protect the screen saver This policy setting allows you to lock the system.

If you enable this policy setting, the system locks at a user-defined interval. This policy setting is effective even when no screen saver is selected.

Note
If you want to control the time interval, use the Screen saver timeout Group Policy setting.
At least Windows 2000 Service Pack 1
Screen saver timeout This policy setting allows you to specify the amount of idle time that must elapse before launching the screen saver.

If you enable this policy setting with the Enable screen saver policy setting, you ensure that the system lock will work even when no screen saver is selected.

Note
The system will lock at a user-defined interval. If you want to control the time interval, use the Screen saver timeout policy setting.
At least Windows 2000 Service Pack 1

Update group policy CMD

c:\>gpupdate /force

Java Update Fails with Error Code 1603

We have discovered a high likelihood that Java updates installing Java 8 over Java 7 will fail with error code 1603.  After running the Java updater on 5 computers, the Java updater failed with error code 1603 on 4 of those computers and completed successfully on the remaining 1 computer.  The error persists when taking the following approaches:

1. Running the Java updater on a system with a previously installed version of Java, and
2. Manually downloading and attempting to install Java 8 from the Java.com website, and
3. Manually removing all previous versions of Java and then following step 2.

Again, of the 5 computers that were tested, the Java installer failed on 4 of them and succeeded on 1 of them.

According to Java.com, the developers are aware of the issue and are still working to determine its cause.  We suspect they will have the issue fixed in an upcoming patch release.  Here is the report from Java.com:

https://www.java.com/en/download/help/error_1603.xml

According to the report, this error effects the following versions of Windows:

– Windows 7

– Windows 8

– Windows Vista

– Windows XP

and the following versions of Java:

– Java 7

– Java 8

The article states the following as the cause:

“These errors, seen during the installation process, indicate that an installation did not complete. The root causes of these errors are under investigation.”

Again, we expect a future patch release of Java to fix this issue, but it is good to be aware that this issue exists and that it is being worked on.

How to Stop Duplicate Sent E-Mail Items in Outlook with Gmail or G Suite

We had an issue today where Gmail was duplicating e-mails in the sent folder of Outlook and Gmail.
Resolution:  Check the box “Do Not Save Copies of Sent Items” in Outlook.

Found a great article on duplication of e-mails with Outlook and G Suite today at http://www.pstrepairtool.org/blog/prevent-duplicate-sent-items-gmail-outlook.html.  We were able to solve the issue with the top information.  Outlook seems to be saving the e-mail in the sent folder, then syncing the duplicate to Gmail through IMAP or G-Suite Sync.

In Microsoft Outlook 2016 and 2013 Versions

To turn off this option in MS Outlook 2013 and 2016, follow the steps below:

1. Open “Microsoft Outlook” >> Click on “File” tab >> “Info” >> “Account Settings” >> “Account Settings”

2. Select Gmail account >> Click on “Change…” >> Click on “More Settings…” >> Go to “Advanced” tab.

3. Go to “Sent Items” section >> Check “Do Not Save Copies of Sent Items” options.

For Microsoft Outlook 2010

To turn off this option in MS Outlook 2010 version, follow the below steps:

1.  Open “Microsoft Outlook” >> Click on “File” tab >> “Info” >> “Account Settings” >> “Account Settings…”

2.  Select Gmail account >> Click on “Change…” >> Click on “More Settings…” >> Go to “Advanced” tab.

3.  Click on “Sent Items” tab >> enable “Do not save copies of sent items” option.

For Microsoft Outlook 2007

To turn off this option in MS Outlook 2007 version, follow the below steps:

1.  Open Microsoft Outlook 2007 >> Go to “Tools” >> “Account Settings…”

2.  Select your Gmail account >> Click on “Change…” button >> Click on “More Settings…” >> Click on “Folders” tab

3.  Enable the option “Save sent mail in the Outlook Sent Items folder”.

hit account settings in Outlook 2016

select gmail account

Check the Option

For Microsoft Outlook 2010

To turn off this option in MS Outlook 2010 version, follow the below steps:

1.  Open “Microsoft Outlook” >> Click on “File” tab >> “Info” >> “Account Settings” >> “Account Settings…”

2.  Select Gmail account >> Click on “Change…” >> Click on “More Settings…” >> Go to “Advanced” tab.

3.  Click on “Sent Items” tab >> enable “Do not save copies of sent items” option.

click account settings in Outlook 2010

Choose Gmail account

Check the option

For Microsoft Outlook 2007

To turn off this option in MS Outlook 2007 version, follow the below steps:

  • Open Microsoft Outlook 2007 >> Go to “Tools” >> “Account Settings…”
  • Select your Gmail account >> Click on “Change…” button >> Click on “More Settings…” >> Click on “Folders”tab
  • Enable the option “Save sent mail in the Outlook Sent Items folder”.

Select option

Turn Desktop Alerts on or off

A Desktop Alert is a notification that appears on your desktop when you receive a new e-mail message, meeting request, or task request. Desktop Alerts are turned on by default. This article explains how you can customize the appearance of Desktop Alerts as well as turn them off.

In this article

Information that Desktop Alerts display

The information displayed in a Desktop Alert varies depending on the item that you receive in your Inbox.

  • E-mail message: The alert displays the name of the sender, the subject, and the first two lines of the message. A Desktop Alert does not display the contents of an encrypted or digitally signed message. To view the message, you must open it.
  • Meeting request: The alert displays the sender, subject, date, time, and location of the meeting.
  • Task request: The alert displays the sender, subject, and start date of the assigned task.

    Desktop Alert example

If several items arrive in your Inbox at the same time, you won’t necessarily receive a Desktop Alert for each item. If you receive a large number of items within a particular period of time, Microsoft Outlook displays a single Desktop Alert to indicate that you received several new items. This prevents your desktop from being crowded with alerts that could potentially interfere with your work and temporarily obscure a portion of your desktop.

You can use Desktop Alerts to process your incoming items without opening your Inbox. When a Desktop Alert appears, you can perform several actions that normally require you to open the item. For example, you can set a flag on a message, delete a message, or mark it as read — all without opening your Inbox.

If you are using a Microsoft Exchange account or a POP3 e-mail account, a Desktop Alert is displayed only when a new item arrives in your default Inbox. If you want to display a Desktop Alert when an item arrives in any other folder, or when you receive items that meet specific conditions, you must create a rule. You must also create a rule if you want to be notified when you receive a new item in an IMAP e-mail account.

TIP If you want to keep a Desktop Alert visible so that you can take more time to read it, place your pointer on the alert before it fades from view.

Turn Desktop Alerts on or off

Desktop Alerts are turned on by default. There might be times when you want to turn Desktop Alerts off and then on again. For example, if you are making a presentation to a public audience, you might not want Desktop Alerts to appear on your screen, revealing information that you prefer to keep private. Although Microsoft Outlook will not display Desktop Alerts when you are running a Microsoft Office PowerPoint presentation, the display of alerts will resume if you switch to another program or a Web site during your presentation.

Turn off alerts

  1. On the Tools menu, click Options.
  2. On the Preferences tab, click E-mail Options, and then click Advanced E-mail Options.
  3. Under When new items arrive in my Inbox, clear the Display a New Mail Desktop Alert (default Inbox only) checkbox.

    Note: To suppress other notifications such as playing sounds, changing the mouse pointer, or displaying an envelope icon in the notification area, clear the Play a sound, Briefly change the mouse cursor, or Show an envelope icon in the notification area check box, respectively.

Turn off alerts from a Desktop Alert

  1. When a Desktop Alert appears, click the down arrow on the alert.
  2. On the Desktop Alert menu, click Disable New Mail Desktop Alert.

    Desktop Alert

    1. Click to open the Desktop Alert menu.

    2. Click to turn off Desktop Alerts.

Notice also that you can do other things from the Desktop Alerts menu, such as open, flag, or delete the new message, mark the message as read, or open the Desktop Alert Settings dialog box, where you can specify how long the Desktop Alert should remain visible on the screen and how transparent it should be. See the next section for details.

Turn on alerts

  1. On the Tools menu, click Options.
  2. On the Preferences tab, click E-mail Options, and then click Advanced E-mail Options.
  3. Under When new items arrive in my Inbox, select the Display a New Mail Desktop Alert (default Inbox only) checkbox.

Change the appearance of Desktop Alerts

You can customize the appearance of your Desktop Alerts. You can have them remain visible as briefly as 3 seconds or as long as 30 seconds. You can also adjust their transparency to make them more noticeable or to keep them from blocking your view of documents and other items on your desktop. Finally, you can change where your Desktop Alerts appear by dragging one of them to a more preferable location on your desktop.

  1. On the Tools menu, click Options.
  2. On the Preferences tab, click E-mail Options, and then click Advanced E-mail Options.
  3. Click Desktop Alert Settings.
  4. Under Duration, drag the slider bar to the number of seconds for which you want new Desktop Alerts to remain visible on your desktop.

    NOTE Although Desktop Alerts eventually fade, the new e-mail notification icon remains in the Outlook status bar until you open the new item or items in your default Inbox.

  5. Under Transparency, drag the slider bar to the transparency value that you want.
  6. To check your settings, click Preview.

    NOTE These settings also apply to the Desktop Alert that can be specified as a rule action.

Move the Desktop Alert to a different location on your screen

  1. On the Tools menu, click Options.
  2. On the Preferences tab, click E-mail Options, and then click Advanced E-mail Options.
  3. Click Desktop Alert Settings.
  4. In the Desktop Alert Settings dialog box, click Preview.

    A sample Desktop Alert is displayed on your desktop.

  5. Drag the Desktop Alert to the location that you want.

TIP: You can move the Desktop Alert to a different monitor if your desktop spans more than one monitor.

Disable Reading Mode and Protected View in Word 2013

I know it’s there for a reason, but I can’t stand the Reading View and the Protected mode in Word 2013.  I don’t like the layout of Reading View, and I feel I’m smart enough to open documents I know are safe :)

image

To disable the Reading View. Go to File – Options – General.  Uncheck “Open E-Mail attachments and other uneditable files in reading view”

image

To disable Protected Mode. Go to File – Options – Trust Center – Trust Center Settings.  Select Protected View, then clear all the checkboxes.

image

There, free and clear to open and edit documents without Word telling me what to do! :)