El TecnoBaúl de Kiquenet

Kiquenet boring stories

Archive for the ‘Soporte’ Category

Undo, unlock file (User’s checkout) in TFS

Posted by kiquenet en 6 octubre 2014

    Like Brett Rogers posted in StackOverflow:

    There are at least 2 different ways to do this:

    Command Line

    There is a command-line utility called Tf.exe that comes with Team Explorer. Find the documentation here. It can be accessed by launching a Visual Studio Command Prompt window.

  • Open up Visual Studio command prompt (Start -> Programs -> Microsoft Visual Studio 200X -> Visual Studio Tools -> Visual Studio 200X Command Prompt)
  • Run the following command: tf.exe

tf Command

Deleting the workspace

tf workspace /delete WorkspaceName;User

tf lock /lock:none /workspace:WorkspaceName;USERNAME /recursive $/

To get the list of workspaces for a user, just run the following command from the same prompt:

tf workspaces /owner:username

Real sample:

C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC>tf undo /workspace:TeamAdministration;mydomain\myuser $/Administration/WebUI/App_Data/Web.sitemap /recursive

No pending changes were found for $/Administration/WebUI/App_Data/Web.sitemap.

C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC>tf lock /lock:none /workspace:TeamAdministration;mydomain\myuser $/Administration/WebUI/App_Data/Web.sitemap /recursive

TF10152: The item $/Administration/WebUI/App_Data/Web.sitemapmust remain locked because its file type prevents multiple check-outs.

C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC>tf workspace /delete TeamAdministration;mydomain\myuser

A deleted workspace cannot be recovered.

Workspace ‘TeamAdministration;mydomain\myuser’ on server ‘http://myteamserver:8080/ has 0 pending change(s).

Are you sure you want to delete the workspace? (Yes/No) Y

C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC>tf undo /workspace:TeamAdministration;mydomain\myuser $/Administration/WebUI/App_Data/Web.sitemap /recursive

TF14061: The workspace TeamAdministration;mydomain\myuser does not exist.


The second is via the GUI, but does not come standard – you have to install the TFS Power Tools. See here for details on how to use this method.

Keep in mind that with either method you will need the appropriate rights. The permissions are called "Undo other users’ changes" and "Unlock other users’ changes". These permissions can be viewed by:

  1. Right-clicking the desired project, folder, or file in Source Control Explorer
  2. Select Properties
  3. Select the Security tab
  4. Select the appropriate user or group in the Users and Groups section at the top
  5. View the "Permissions for [user/group]:" section at the bottom

Another good option, use the free TFS Sidekick application






Posted in Comandos, Soporte, TFS | Etiquetado: , , , , | Leave a Comment »

Using PowerShell to Manage Network Interfaces and Windows Services

Posted by kiquenet en 28 julio 2014

PowerShell is a new scripting language that allows you to interact with applications, services and objects as objects. It is a .NET application which shells commands out on your behalf. This is very powerful, because it allows you to leverage the strengths of an object oriented model within your scripting tasks with a very terse, yet simple scripting language. Because it is written in .NET, you can access .NET types, objects and WMI objects from a command prompt.

My current workstation runs Windows Server 2008 Standard Edition with Hyper-V. I use the host/parent partition as my office, and have a number of child partitions that are integrated into a Windows Server 2008 Domain. Needless to say, this configuration gives me everything I need to develop, test and integrate multiple Server OS’, platforms and technologies, and is my environment of choice for developing production code. It still amazes me how far we’ve come in such a short period of time. Not too long ago, I remember setting up similar lab environments at home running Windows NT 4 and Windows Server 2000 on dedicated physical machines.

Anyway, I have to say that I am absolutely delighted with my environment, but it took me some time and effort to learn how to tune Server 2008, and this is all well documented in previous posts. One of the the things that I do to keep performance high is that I only have the 3 services required for Hyper-V running when I need them. In other words, if I am only working with email and writing documents or design drawings, I don’t need to have the Hyper-V services running because they are resource intensive. In addition, I only want my loopback adapter (that provides me with a virtual LAN for all of the child partitions on my domain to communicate) enabled when I need it to be. One reason for this, is that if I leave my loopback on and reboot, boot times can take up to 10 minutes because the loopback is configured to use my domain controller as the primary DNS server, which is a VM. Because the DNS Server only runs when my Domain Controller VM  is up and running, the VM will only come up when I start it. As a result, Windows tries and tries to reach the DNS server for the Loopback adapter until it finally gives up (If anyone knows how to change this timeout, please shoot me a note or post a comment).

So, I only want Hyper-V services running when I need to work in my development environment, and I don’t want my loopback enabled unless it needs to be. For a while, I was managing this as follows…

First, I set the following services to "Manual", so that they do not start automatically:

  • vmms: Hyper-V Virtual Machine Management
  • vhdsvc: Hyper-V Image Management Service
  • nvspwmi: Hyper-V Networking Management Service

The service names are a bit obscure, but the "friendly" names are pretty self explanatory. When I need to start my development environment, I would go into Server Manager, and start each service one by one.

Next, I would enable my loopback adapter so that my child partitions can communicate with each other.

All together, this resulted in a number of clicks, which was somewhat mundane to do every time. Worse, once I enabled the loopback, I often would forget to disable it before shutting down (remember, servers running Hyper-V do not support hibernation). For a while, I thought about writing myself a sticky note and posting it to my forehead so that I would not forget to disable the loopback, and finally, I decided to create an easy button for starting and stopping my development environment.

This is where Powershell comes in.

Using PowerShell to Query and Manage Network Adapters

The first thing I did was figure out how to talk to my network adapters so that I could enable and disable my loopback as needed. It turns out that Microsoft provides a WMI object called Win32_NetworkAdapter. The object exposes a bunch of properties for working with an instance of a Win32_NetworkAdapter:


In addition, there are 4 public methods that are exposed, and well documented as shown below:


To enumerate all network adapters on my host/parent partition, I issued the following command:

   1: Get-wmiobject win32_NetworkAdapter | format-table 

PowerShell lists each adapter and certain properties in a tabular format because I added a pipe and format-table parameter:


To identify the instance that corresponds to my loopback, I simply need to find the "Internal VLAN" instance above, which has a DeviceID of 17:


Next, I want to retrieve an instance of the adapter with a DeviceId of 17, so I issue the following statement:

   1: Get-WmiObject win32_networkadapter | where {$_.DeviceId -eq 17}

The where keyword uses a bracketed expression to evaluate the condition. The "$" is a temporary variable, which is similar to the "this" keyword in C#, which provides context for the current instance. The "-eq" operator is the equality operator in PowerShell. So, we are querying all adapters for the adapter with a DeviceID equal to 17. The above command returns the following:


Notice that each property is an actual documented property of the WIN32_NetworkAdapter object. If we have access to properties, it would be helpful to determine if the adapter is enabled or disabled. To do this, I assign the adapter to a variable called $adapter as shown below, and then I get the value of the Availability property:


The value of the Availability property is 3. Referring to the WIN32_NetworkAdapter documentation, I can see that a status of 3 indicates that adapter is on, and running on full power.


Are you getting the hang of it yet? Hopefully, the interaction with PowerShell should feel object-oriented because it is! We are getting a reference to the WMI shell of the adapter and then using it’s get accessors to get the value of the public properties. So, if we can get a reference to the adapter, get properties, we should be able to call methods on it, right?

To disable the adapter, I simply call the Disable() method on my $adapter variable:


Now, to confirm that the adapter is disabled, you can look at Network Connections and you will see that the Status is in fact Disabled. To do this programmatically via PowerShell, you can use the ConfigManagerErrorCode property which is also documented. Get a new instance of the adapter, and call the ConfigManagerErrorCode property on it as shown below:


A return code of 22 can be matched to the table in the MSDN documentation:


Now, enable the adapter by calling the Enable() method:


A return code of 0 indicates that the adapter is enabled, and working properly:


As you can see, PowerShell is a very easy to use, yet powerful tool for managing system objects in an object-oriented manner. You don’t need to worry about writing VBScript or C# to accomplish simple administrative tasks such as enabling and disabling a network adapter. As you might imagine, the real power comes in being able to run a series of PowerShell commands in a batch, perhaps at the click of the button. This is exactly what I’ll cover next.

Using PowerShell to Query and Manage Windows Services

You’ll recall that I only want the 3 Hyper-V services to run when I need them, so what I want to do is create an "easy button" to toeggle my development environment on and off.

The "On" should:

  • Enable my Internal VLAN Adapter
  • Start the Hyper-V Virtual Machine Management
  • Start the Hyper-V Image Management Service
  • Start the Hyper-V Networking Management Service
  • Get me a cup of Starbucks coffee

The "Off" Button should:

  • Disable my Internal VLAN Adapter
  • Disable the Hyper-V Virtual Machine Management
  • Disable the Hyper-V Image Management Service
  • Disable the Hyper-V Networking Management Service

    I’ve already covered how to manage network adapters using PowerShell as a primer, so I’ll jump right into working with Windows Services. As with any program, sometimes it is helpful to group commands into a subroutine. In PowerShell, these functions are referred to as cmdlets (prounounced "commandlets"). You may not realize this, but you’ve already been working with cmdlets if you’ve tried the commands I covered above on your own machine. The get-wmiobject command is actually a cmdlet that provides a reference to the WMI object specified as the parameter. You could accomplish this without the cmdlet, but why would you want to?

  • Fortunately, a cmdlet is also available for working with Windows Services: get-service.

    To get information about a particular service, simply call get-service with the service name. The actual service name of the Hyper-V Virtual Machine Management service is "vmms", so issuing the get-service vmms command returns a few properties including the Name, DisplayName and Status of the service.


    Starting and stopping the Hyper-V Virtual Machine Management service is as simple as calling the appropriate method: Stop() to stop the service and Start() to start it. While you could use a variable called $service to store the reference to the service object, an abbreviated way to accomplish this is shown below:

       1: (get-service vmms).Stop()

    Now, when you issue the get-service vmms command, you can see that the Status property is "Stopped":


    Starting the service back up is as simple as calling Start() on the cmdlet expression:


    Building the "Easy Buttons"

    There may very well be a more sophisticated way to do this, but I created two batch files, one called "Start.bat" and the other called "Stop.bat" and placed them in my documents folder. Each file contains the appropriate PowerShell syntax as shown below:


    Note, to re-use variables across PowerShell sessions, you must first configure a PowerShell profile: http://msdn.microsoft.com/en-us/library/bb613488(VS.85).aspx

    Next I created two desktop shortcuts, appropriately named "Start" and "Stop" and set the target to each corresponding file.

    Now, I have two "Easy Buttons" for toggling my development environment on and off. While I can’t guarantee that I won’t forget to press the "off  button" before shutting down, it is a heck of a lot easier than going through the contortions manually.

  • References:


    Posted in PowerShell, Scripts, Soporte | Etiquetado: , , | Leave a Comment »

    Powershell Remoting TroubleShooting

    Posted by kiquenet en 25 julio 2014

    To make sure Windows PowerShell is running with Admin rights, right-click the Windows PowerShell icon, and select Run as Administrator,

    Use the Enable-PSRemoting Windows PowerShell cmdlet to automatically configure WinRM, the firewall, and the WinRM service to enable Windows PowerShell remoting to work. If you want to be prompted before each change, do not use any switches when you run the Windows PowerShell cmdlet. If you do not want to be prompted use the force parameter as seen here.

    Enable-PSRemoting -Force

    psexec \\server -s powershell Enable-PSRemoting -Force

    Use Ping to make sure that my computer can resolve the remote host

    Invoke-Command -computername [COMPUTER} -ScriptBlock { COMMAND }

    I use the Get-Credential Windows PowerShell cmdlet to retrieve my alternative credentials

    If you are working in a networked setting and you want to enable Windows PowerShell remoting on all computers in a forest, domain, or organizational unit, you can use Group Policy to make the configuration changes. Unfortunately, there is no Enable-PSRemoting Group Policy object. The WinRM service is configurable through Group Policy and is well documented on MSDN. The Group Policy settings are seen in the following figure, Windows PowerShell remoting relies on more than just WinRM.

    One way to get the advantage of Group Policy and the advantage of using the Enable-PSRemoting cmdlet is to use Group Policy to specify a startup script. This is seen in the following figure.

    The script is a single line, saved in a .ps1 file.

    Enable-PSRemoting -Force

    Another useful commands:

    PS C:\> Enable-PSRemoting -SkipNetworkProfileCheck -Force

    PS C:\>Set-NetFirewallRule –Name "WINRM-HTTP-In-TCP-PUBLIC" –RemoteAddress Any

    About WinRM (Windows Remote Management) Troubleshooting

    WinRM uses HTTP (TCP 80) or HTTPS (TCP 443).


    Trusted Host

    On the local machine, allow connection to the remote machine without authentication:

    Set-Item WSMan:\localhost\Client\TrustedHosts -Value $remoteMachine -Force

    Solution about Error number: -2147024894 0x80070002

    D:\>winRm quickConfig

    WinRM service is already running on this machine.





                         Message = Unable to check the status of the firewall.

    Error number: -2147024894 0x80070002

    The system cannot find the file specified.

    Disabled SmartScreen and Firewall and UAC, and stop MPSSVC service (Windows Firewall Service). Maybe disabled Antivirus (like Symantec Endpoint Protection u others)

    Disabled UAC




    Manual Configuration

    Enable PowerShell Remoting Manually

    Enabling PowerShell 2.0 Remoting is simple, just run the following command from an elevated PowerShell session:

    Enable-PSRemoting -Force

    Once that’s done, you can start using it to execute PowerShell commands from a remote host:

    Invoke-Command -ComputerName $remotehost -Command { Write-Host "Hello, world!" }

    Or, you can open an interactive session on the remote computer:

    Enter-PSSession -ComputerName $remotehost

    Enable CredSSP Manually

    CredSSP is a Security Support Provider introduced with Windows Vista that enables credential delegation. In other words, it allows the remote host to access the credentials that were used to authenticate the user, and pass them on to a third host. For example, when using either basic or Kerberos authentication (the default) when connecting to a remote PowerShell session, the user would not have access to a separate file server. When using CredSSP, however, the session credentials can be passed through to the file server.

    To enable CredSSP, both the client and the server must be configured to allow CredSSP. To enable CredSSP on the client side, run the following PowerShell command from an elevated session:

    Enable-WSManCredSSP -Role Client -DelegateComputer $remotehost

    Note: The DelegateComputer parameter specifies a list of remote hosts to which the client should be allowed to connect. It can accept wildcards, such as * for all hosts, or*.mydomain.local for any host on the mydomain.local DNS domain. If you specify a domain, however, you must always use the server’s FQDN when connecting to it.

    To enable CredSSP on the server side, run the following PowerShell 2.0 command from an elevated session:

    Enable-WSManCredSSP -Role Server

    To connect to a remote host with PowerShell Remoting using CredSSP authentication, you need to specify the Credential and Authentication parameters:

    Enter-PSSession -ComputerName $remotehost -Credential (Get-Credential) -Authentication CredSSP

    Note: You must specify a fully-qualified username (such as username@domain.tld or DOMAIN\username) when prompted for credentials.

    The unfortunate drawback of using CredSSP is that the current implementation of the CredSSP provider for WinRM does not support delegating default credentials (i.e. the current user’s credentials). Go vote for Microsoft Connect Suggestion #498377 if this bothers you; hopefully Microsoft will fix it in a future release. As such, it is best to get a PSCredential object once and store it in a variable for reuse:

    $cred = Get-Credential $env:USERNAME@$env:USERDNSDOMAIN

    Group Policy Configuration

    Enabling PowerShell Remoting and CredSSP manually is fine for only one or two hosts, but what if it needs to be done for every machine on a network? Luckily, Group Policy is able to make all the same configuration changes the Enable-PSRemoting and Enable-WSManCredSSP cmdlets do.

    There are several configuration pieces that must be set in order for everything to work correctly:

    • The Windows Remote Management service
    • Windows Firewall exceptions
    • Credential delegation
    • WinRM Client parameters
    • WinRM Service parameters

    In addition, some Active Directory objects may need to have permissions changed.

    It is probably best to group these settings into one or two separate GPOs, one for servers and one for clients, to keep them separate from the rest of the Group Policy settings that may already exist on the network.

    Server Settings

    To enable PowerShell Remoting on the server side, create a new GPO and link it an organizational unit containing the computer objects for the server machines. Open the GPO with the Group Policy editor and set the following options:

    Windows Remote Management Service
    1. Navigate to Computer Configuration > Windows Settings > Security Settings > System Services
    2. Locate the Windows Remote Management (WS-Management) service and double-click it
    3. Tick the check box nexte to Define this policy setting and select Automatic. Click “OK”
    Windows Firewall Exceptions
    1. Navigate to Computer Configuration > Windows Settings > Security Settings> Windows Firewall with Advanced Security > Windows Firewall with Advanced Security – LDAP://{GPO-DistinguishedName} > Inbound Rules
    2. Right-click the pane at the right and choose New Rule…
    3. Select Predefined and choose Windows Remote Management from the drop-down list. Click “Next”
    4. Remove the tick next to Windows Remote Management - Compatibility Mode (HTTP-In), but leave the one for Windows Remote Management (HTTP-In). The “Compatibility Mode” rule provides an upgrade path for systems using WinRM prior to version 2.0 and should not be enabled unless there is a specific need for it. Click “Next”
    5. Select Allow the connection and click “Finish”
    WinRM Service Parameters
    1. Navigate to Computer Settings > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service
    2. Double-click Allow automatic configuration of listeners
    3. Select Enabled
    4. In the box labeled IPv4 filter, enter a comma-separated list of IP address ranges to specify to which IP addresses the WinRM service should bind on the server. For example, would allow the WinRM service to bind to network adapters with an IP address in that range, but no other adapter.
    5. Do the same for IPv6 filter, using IPv6 addresses instead, or leave it blank to disable WinRM over IPv6
    6. Click “OK”
    7. Double-click Allow CredSSP authentication
    8. Select Enabled
    9. Click “OK”

    Client Settings

    To enable PowerShell remoting on the client side, create a new GPO and link it to an organizational unit containing the computer objects for the client machines. Open the GPO with the Group Policy editor and set the following options:

    Credential Delegation
    1. Navigate to Computer Settings > Administrative Templates > System > Credentials Delegation
    2. Double-click Allow Delegating Fresh Credentials
    3. Select Enabled
    4. Click “Show…”
    5. Enter a list of service principal names representing hosts to which clients should be allowed to delegate credentials. Wildcards are allowed in the host name portion of the SPN. For example:
      • WSMAN/Server01 — Allows delegation only to the server named Server01, and only using its single-label name
      • WSMAN/Server01.mydomain.local — Allows delegation only to the server namedServer01, and only using its fully-qualified domain name
      • WSMAN/*.mydomain.local — Allows delegation to any host on themydomain.local DNS domain, using their fully-qualified domain names only
      • WSMAN/* — Allows delegation to any host by any name
    6. Click “OK”
    7. Click “OK”
    WinRM Client Parameters
    1. Navigate to Computer Settings > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Client
    2. Double-click Allow CredSSP authentication
    3. Select Enabled
    4. Click “OK”
    5. Double-click Trusted Hosts
    6. Select Enabled
    7. In the box labeled TrustedHostList, enter a comma-separated list of hosts the client should trust. Wildcards are allowed, and there is a special <local> value meaning trust all single-label names. For example:
      • Server01 — Trust only the server named Server01, and only using its single-label name
      • server01.mydomain.local — Trust only the server named Server01, and only using its fully-qualified domain name
      • *.mydomain.local — Trust any host on the mydomain.local DNS domain, using their fully-qualified domain names only
      • <local> — Trust any host by single-label name
      • * — Trust any host by any name
    8. Click “OK”


    Here are some common error messages and some troubleshooting tips for each:

    Operation timed out

    Enter-PSSession : Connecting to remote server failed with the following error me
    ssage : The WinRM client cannot complete the operation within the time specified
    . Check if the machine name is valid and is reachable over the network and firew
    all exception for Windows Remote Management service is enabled. For more informa
    tion, see the about_Remote_Troubleshooting Help topic.
    • Can you ping the machine using the same name you used for the ComputerNameparameter?
    • If the settings are defined in Group Policy, has the machine performed a policy refresh? Force one by running gpupdate /target:computer with elevated privileges
    • Does the machine have the Windows Remote Management (HTTP-In) rules enabled in Windows Firewall?
    • Is the Windows Remote Management (WS-Management) service running on the machine?

    Policy does not allow delegation of user credentials

    Enter-PSSession : Connecting to remote server failed with the following error me
    ssage : The WinRM client cannot process the request. A computer policy does not 
    allow the delegation of the user credentials to the target computer. Use gpedit.
    msc and look at the following policy: Computer Configuration -> Administrative T
    emplates -> System -> Credentials Delegation -> Allow Delegating Fresh Credentia
    ls.  Verify that it is enabled and configured with an SPN appropriate for the ta
    rget computer. For example, for a target computer name "myserver.domain.com", th
    e SPN can be one of the following: WSMAN/myserver.domain.com or WSMAN/*.domain.c
    om. For more information, see the about_Remote_Troubleshooting Help topic.
    • Make sure the name specified in the ComputerName parameter matches the SPN specified in the GPO. If the policy specifies a wildcard with a domain name, for example, make sure the ComputerName parameter is the fully-qualified domain name of the remote host, not just its single-label name

    The target computer is not trusted

    Enter-PSSession : Connecting to remote server failed with the following error me
    ssage : The WinRM client cannot process the request. A computer policy does not 
    allow the delegation of the user credentials to the target computer because the 
    computer is not trusted. The identity of the target computer can be verified if 
    you configure the WSMAN service to use a valid certificate using the following co
    mmand: winrm set winrm/config/service '@{CertificateThumbprint="<thumbprint>"}' 
     Or you can check the Event Viewer for an event that specifies that the followin
    g SPN could not be created: WSMAN/<computerFQDN>. If you find this event, you ca
    n manually create the SPN using setspn.exe .  If the SPN exists, but CredSSP can
    not use Kerberos to validate the identity of the target computer and you still w
    ant to allow the delegation of the user credentials to the target computer, use 
    gpedit.msc and look at the following policy: Computer Configuration -> Administr
    ative Templates -> System -> Credentials Delegation -> Allow Fresh Credentials w
    ith NTLM-only Server Authentication.  Verify that it is enabled and configured w
    ith an SPN appropriate for the target computer. For example, for a target comput
    er name "myserver.domain.com", the SPN can be one of the following: WSMAN/myserv
    er.domain.com or WSMAN/*.domain.com. Try the request again after these changes. 
    For more information, see the about_Remote_Troubleshooting Help topic.
    • Make sure the remote host has a Service Principal Name starting with WSMAN and matching the value specified in the ComputerName parameter. To list a host’s service principal names, run setspn -l <computername> with elevated privileges on a domain controller. If a proper SPN does not exist, try restarting the Windows Remote Management (WS-Management) service, and check the System event log for event ID 10154. If that event exists, you will need to modify permissions in Active Directory in order for hosts to be able to register their SPNs correctly (see below)
    • Make sure you are specifying a fully-qualified user name in the PSCredential object passed to the Credential parameter (i.e. DOMAIN\username orusername@domain.local)

    Modifying Active Directory Permissions

    Note: Perform these steps ONLY if you receive the “target computer is not trusted” error, Windows Remote Managment logs event ID 10154 in the System event log, and setspn -l does not list anyWSMAN/... SPNs for the remote host!

    1. Open ADSI Edit
    2. Click Action > Connect to…
    3. Under Connection Point, select Select a well known Naming Context and choose Default naming context
    4. Under Computer, select Default (Domain or server that you logged in to)
    5. If your domain controllers support it (i.e. you are running Active Directory Certificate Services), tick Use SSL-based Encryption
    6. Expand the objects in the tree at the left until you find the container containing the computer object for the server exhibiting the issue, such as CN=Computers
    7. Right-click on the container object and choose Properties
    8. Click the Security tab
    9. Click “Advanced”
    10. Click “Add…”
    11. In the box labeled Enter the name of the object to select, enter NETWORK SERVICE
    12. In the drop-down list labeled Apply to, select Descendant Computer objects
    13. Scroll all the way to the bottom of the Permissions list and tick the box in the Allow column for Validated write to service principal name
    14. Tick Apply these permissions to objects and/or containers within this container only
    15. Click “OK”
    16. Click “OK”
    17. Click “OK”
    18. Repeat steps 6-17 for any container with computer objects for hosts on which PowerShell Remoting is enabled
    19. Restart the Windows Remote Management (WS-Management) service on the affected hosts
    20. Run setspn -l <computername> with elevated privileges on a domain controller to verify that the SPN was correctly created

    winrm quickconfig 0x80070002 -2147024894

    1) We understand that you don’t have a firewall running.  Considering this, please be sure that the Windows Firewall service is started.  The Windows Firewall doesn’t need to actually be on but the service should be started.  Issues may be presented if this service can’t be checked.

    2) Enable the Analytic log for WinRM in Event Viewer.  Repro the error when running “winrm quickconfig” and look for clues in the log.

    Operational channel is enabled by default. Analytic needs to be enabled

    Use the following to show and enable Analytic log:

    •         Menu>View>Show Analytic and Debug Logs

    •         Rightclick on Analytic log and Enable Log

    3) If no clues are found in the Analytic or Operational logs, collect a WPP trace.  This trace will need to be submitted to CSS for analysis.

    WinRM WPP Traces:

    Launch a PowerShell console with the elevated admin credentials and run the following commands:

    •         Import-Module psdiagnostics

    (if you get an error that the script cant be run because of a restriction, run “set-executionpolicy unrestricted” in powershell and try again.  When finished, consider running “set-executionpolicy restricted” to restore the default setting.

    •         Enable-WSManTrace

    •         Now reproduce the problem by sending the subscription packets from the client. Continue with the next step after the problem stops.

    •         Disable-wsmantrace

    •         Send us the file %windir%\system32\wsmtraces.log

    sc config "WinRM" start= auto

    net start WinRM

    winrm create winrm/config/listener?Address=*+Transport=HTTP

    netsh firewall add portopening TCP 80 "Windows Remote Management

    Configuration Management: Powershell and XML









    Posted in PowerShell, Scripts, Soporte | Etiquetado: , , | Leave a Comment »

    TroubleShooting Visual Studio

    Posted by kiquenet en 22 julio 2014

    For Version 10.0, 11.0, 12.0.

    Open cmd and navigate to

    C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE


    C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE

    and try to type the following commands:

    1. devenv.exe /log

    2. devenv.exe /safemode

    3. devenv.exe /resetskippkgs

    4. devenv.exe /installvstemplates

    5. devenv.exe /resetsettings

    6. devenv.exe /resetuserdata

    Source : MSDN

    Posted in Soporte, VisualStudio | Etiquetado: , , | Leave a Comment »

    Sharepoint Projects and Crash VS 2012

    Posted by kiquenet en 22 julio 2014

    I get this error in my Sharepoint 2013 Project when I try Publish it (for generate WSP file)

    Problem signature:
      Problem Event Name:   CLR20r3
      Problem Signature 01: devenv.exe
      Problem Signature 02: 11.0.50727.1
      Problem Signature 03: 5011ecaa
      Problem Signature 04: Microsoft.VisualStudio.SharePoint.Project
      Problem Signature 05: 11.0.60226.0
      Problem Signature 06: 512c2dba
      Problem Signature 07: 18a8
      Problem Signature 08: 1d
      Problem Signature 09: System.NullReferenceException
      OS Version:   6.1.7601.
      Locale ID:    2057
      Additional Information 1: 0a9e
      Additional Information 2: 0a9e372d3b4ad19135b953a78882e789
      Additional Information 3: 0a9e
      Additional Information 4: 0a9e372d3b4ad19135b953a78882e789
    1. Exe File Name
    2. Exe File assembly version number
    3. Exe File Stamp
    4. Exe file full assembly name
    5. Faulting assembly version
    6. Faulting assembly timestamp
    7. Faulting assembly method def
    8. Faulting method IL Offset within the faulting method
    9. Exception type

    And also here is a MSDN article on the same.

    Finally, I get a solution. In my csproj file, it was dissapeared Package Folder.

    Only I do this steps:

    • Edit csproj file
    • Add this nodes (for include Package folder and files)
    • Reload csproj Project
    • Publish again
    <None Include="Package\Package.package">
    <None Include="Package\Package.Template.xml">


    Basically you need to make sure that the "site url" is not blank.


    Posted in .NET, Sharepoint, Soporte | Etiquetado: , , , , , | Leave a Comment »

    Failed to decrypt using provider ‘RsaProtectedConfigurationProvider’

    Posted by kiquenet en 19 mayo 2014

    The error using ConfigurationManager and RsaProtectedConfigurationProvider section:

    System.Configuration.ConfigurationErrorsException: Failed to decrypt using provider ‘RsaProtectedConfigurationProvider’. Error message from the provider: The RSA key container could not be opened.

    The app.config file will have been encrypted using a certificate on your local machine. This certificate will not be present on the other machine. You will therefore not be able to decrypt the app.config file.

    For this to work, you need to export the encryption key on your machine, then import it on the other machine. The following article demonstrates how to do that: Walkthrough: Creating and Exporting an RSA Key Container

    This is the location where all of the keys are being put:

    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys


    Using this command **aspnet_regiis -pa**

    Open cmd Console -execute as Administrator-

        C:\Windows\system32>aspnet_regiis -pa "NetFrameworkConfigurationKey" "myDomain\myUser"
        Microsoft (R) ASP.NET RegIIS versión 4.0.30319.33440
        Utilidad de administración que instala y desinstala ASP.NET en el equipo local.
        Copyright (C) Microsoft Corporation. Todos los derechos reservados.
        Agregando ACL para el acceso al contenedor de claves RSA…
        Con éxito




    More references:




    Posted in .NET, Configuracion, Errores, Soporte | Etiquetado: , | Leave a Comment »

    Visual Studio 2013–Install Error

    Posted by kiquenet en 19 mayo 2014

    During installation I am getting an error

    “Microsoft visual studio 2013 VsGraphic Helper Dependencies RC Incorrect Function”


    Windows 8.1

    ISO VS 2013 ultimate

    I try copy contents in local, and I get the same error.


    – verify checksum of ISO. Get file again, copy to local.

    – Uninstall the failed version of 2013 from control panel -> Uninstall programs

    – Restart the computer

    – Clean %temp%

    – Mount ISO, execute as Administrator setup.exe

    – Re-run the setup again.



    Posted in Soporte, VisualStudio | Etiquetado: , , | Leave a Comment »

    “Consistency validation for SQL Server registry keys” failed. – SQL Server installation Error

    Posted by kiquenet en 18 marzo 2014

    The below error occurs when we install SQL Server 2012.

    Rule “Consistency validation for SQL Server registry keys” failed. The SQL Server registry keys from a prior installation cannot be modified. To continue, see SQL Server Setup documentation about how to fix registry keys.


    The issue occur when the installer unable to update the registry entries due to lack of permission. Please follow the below steps to resolved the issue.

    1. Go to RUN –> Type regedit.

    2. Locate HKEY_LOCAL_MACHINE -> SOFTWARE -> MICROSOFT -> Microsoft SQL Server in the registry

    3. Right click and select Permissions…

    4. Click on Advanced

    5. Under Permission TAB, select “Replace permission entries on all child objects with entries shown here that apply to child objects”.

    6. Click OK.

    7. Now Re-run the SQL Server installer.


    Posted in Soporte, SQL | Etiquetado: , , , | Leave a Comment »

    Unable to build custom action named ‘Primary output from MyProject (Release .NET)’ because it references an object that has been removed from the project.

    Posted by kiquenet en 6 mayo 2010

    Alguna vez con Visual Studio 2008 SP1 aparece este error trabajando con proyectos de Instalación (Setup Projects).

    Unable to build custom action named ‘Primary output from MyProject (Release .NET)’ because it references an object that has been removed from the project.

    En la referencia indicada se describen las posibles soluciones.

    La clave es: “the project had the Primary Output listed as a custom action for all four custom action types–Install, Commit, Rollback, and Uninstall.”

    ”Open the property of the item which is underlined with red curvy line. Look at the file path for this item. Most likely there’s no physical file matching this path.”

    ”Delete and add again failing custom action items. It will help.”

    Básicamente, en Custom Action Editor del proyecto Setup se eliminan los Primary Output que no tengan el SourcePath establecido, y se vuelven a agregar.


    Posted in .NET, Soporte | Etiquetado: , | Leave a Comment »