Tech INdia Solutions

 .PS1  ---------------------------------------------------------------------------------------------------------------------------- <# Requests a certificate from a Windows CA .PARAMETER CN Specifies the common name for the subject of the certificate(s). Mostly its the FQDN of a website or service. e.g. test.jofe.ch .PARAMETER SAN Specifies a comma separated list of subject alternate names (FQDNs) for the certificate The syntax is {tag}={value}. Valid tags are: email, upn, dns, guid, url, ipaddress, oid e.g. dns=test.jofe.ch,email=jfeller@jofe.ch .PARAMETER DNSFile Specifies a comma separated file that contains a list of subject alternate names (FQDNs) for the certificate The syntax is {tag}={value}. Valid tags are: FQDN of server for the SAN. e.g. dns=test.jofe.ch,email=jfeller@jofe.ch .PARAMETER Country Specifies two letter for the optional country value in the subject of the certificate(s). e.g. CH .PARAMETER State Specifies the optional state value in the subject of the...

  Cause ============= I manually triggered this issue, and found there is an error triggered every time in System event log:   A fatal error occurred when attempting to access the  SSL server credential private key . The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.   0x8009030d The credentials supplied to the package were not recognized   This error is related to SSL certificate.   By default, RDP use self-signed certificate, but we find these machines are configured to use SSL certificate:       So we have a GPO configured to make RDP using this certificate template to generate SSL certificate for RDP connection.   Once we deleted the TemplateCertificate value in the registry, RDP works.  

  create below content on one notepad file file name start-auth.txt set KerbDebugFlags=0x7ffffff set KdcDebugFlags=0x23083 set KpsDebugFlags=0xff set NtlmDebugFlags=0x15003 set NegoExtsDebugFlags=0xFFFF set Pku2uDebugFlags=0xFFFF set SslDebugFlags=0x0000FDFF set DigestDebugFlags=0x000003FF set CredsspDebugFlags=0x0000FFFF set DpapiSrvDebugFlags=0xFF set WebAuthDebugFlags=0xFFFF set IdstoreDebugFlags=0x2FF set IdcommonDebugFlags=0x2FF set LivesspDebugFlags=0x3FF set WlidsvcDebugFlags=0x7 set IdlistenDebugFlags=0x7FFFFFFF set BaseCspDebugFlags=0xFFFFFFFF set VaultDebugFlags=0xFFF set BcryptDebugFlags=0xFFFFFFFF set NcryptDebugFlags=0xFFFFFFFF set CryptspDebugFlags=0xFFFFFFFF set WinHttpDebugFlags=0x7FFFFF set WininetDebugFlags=0x7FFFFF set CloudAPFlags=0xfff set HttpSysDebugFlags=0xFFFFFFFF mkdir .\logs del /f /q .\logs\*.* logman.exe start LsaTrace -p {D0B639E0-E650-4D1D-8F39-1580ADE72784} 0x40141F -o .\logs\LsaTrace__%computername%.etl -ets logman.exe start LsaAudit -p {DAA76F6A...

  My Assessment : No dump was collected hence RCA is slim  other details indicate the RDP to server event 2 reboots didn't work This suggest that VM may have been in no-boot state  Customer has issue VM Disk  Informed customer mount the issue Disk in rescue VM for us to check    Troubleshooting: We ran in Multiple issue while trying to create and run rescue VM  For rescue VM we were unable to RDP After login customer unable to Login  The issue machine disk is encrypted hence co and cx will try to decrypt the disk  Joined call again  The VM was in in recovery  Enabled the commmand  Bcdedit /set {default} advancedoptions on Bcdedit /set {default} recoveryenabled off The server gave an error in normal boot We got the above error This Symantec driver (which could be either corrupted or missing) We were able...