Author Archives: Marius Ene

The credentials supplied to the package were not recognized(0x8009030D)

 The error:

The certificate specified in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Operations Manager\3.0\Machine Settings cannot be used for authentication.  The error is The credentials supplied to the package were not recognized(0x8009030D).

The operating system that was experiencing the above error is Windows Server 2008 R2 SP1 (Version 6.1.7601).


By directly installing the certificates, although no error is shown the process does not complete properly.


Import the certificate by opening the MMC snap-in for the Certificates management and open the Local Computer store. Right click the Personal container and import the certificate manually. After that run again the MomCertImport.exe tool with administrator priviledges.



Missing key in the discovery data item

The Error:


The cause:
The cause for this error is that the Discovery data that is returned for the class instance needs to reference any primary key that is defined in the parent class.

Make sure the discovered class contains all the primary keys required.
Some things you need to check for:
• Make sure the PS script creates the correct number of instances, and they should be unique.
• Make sure that you are discovering key properties of hosting classes.

Details (example):
Consider that you have classes A, B and C. Class A is based on the Microsoft.Windows.ComputerRole and classes B and C are based on System.Entity. We have hosting relationships between the classes (A hosts B which hosts C) including the inherited relationship that Windows.Computer hosts Windows.ComputerRole which is the base class for Class A.
We use a Discovery script that discovers three different class instances:


  1.  We create the ‘MOM.ScriptAPI’ object and create the Discovery bag to store the discovery data. We do a foreach loop on the items we need to check.
  2.  We create a new class instance of objects of type Class A and then we add the required properties. The first two properties we add are key properties from the classes that Class A is based on. As Windows Computer Role is based on Windows Computer class, the Windows Computer class has a Key Property that uniquely identifies the object. Also the System.Entity class is the root class which also has defined a key property called display name. All child instances inherit this property. The last line adds the instance data along with the properties to the Discovery bag data.
  3.  We create a new class instance of type Class B which inherits the key properties from System Entity and Windows Computer and also from Class A.
  4.  Again same thing new instance of class C with key properties from Class A, Class B and Windows Computer and System Entity.

Key properties are not always mandatory. If you create only one instance for a particular class you don’t need to specify one. Of course is you creating more than one then you need it in order to uniquely identify the instance and to which parent it belongs to. Here is a good example:
For the Windows operating system class you do not need a key property because you cannot have more than one operating system at a time (at a logical level). You might have more Logical Disks to that Operating System in which case you need a key to uniquely identify the disks.


Windows Logical Disk is based in Windows Logical Device and inherits the key property from that class.


Going back to the error, the conclusion is that if your discovery is missing a key property, like for example in step 4 you miss to specify the ClassA key property you will get this error.

The Health Service cannot verify the future validity of the RunAs account

The Health Service cannot verify the future validity of the RunAs account DOMAIN\account for management group MG due to an error retrieving information from Active Directory (for Domain Accounts) or the local security authority (for Local Accounts). The error is The network path was not found.(0x80070035).

How many times we’ve see this error?


Sometimes with multiple domains you will see something like the RPC server is unavailable and you will probably try to find if there is any active directory communication issue.

Don’t waste your time. All you need to do is make sure that you have configured the correct DNS Suffixes on the virtual network card.


Either one of the highlighted options work fine. Just have to make sure that you append the correct DNS suffix on that Health Service.

After doing the change, restart the Microsoft Monitoring Agent and check the Operations Manager log for the following event:


Putting SCOM instances in maintenance mode via PowerShell

Sometimes you don’t want to put the whole server object in maintenance mode and you just need the child component that you are working on.

There are a couple of ways to do this from the SCOM console.

You can open a view that is targeting that specific class, for example the SQL DB class, and simply right click and set the maintenance mode.


After doing so, if you navigate back to the Database Engine view, you will see those components put into maintenance mode while the DB Engine itself is being monitored as usual.


If you to put in maintenance mode a class that is not exposed through any built in views you can use the Discovery Inventory to search for objects of a specific class.

For demonstration purposes in the following screenshot we look for the SQL database class.


There is also another way to configure maintenance mode via scripting. Here is how you can do this via PowerShell:

Import-Module OperationsManager

$SCOMCredentials = Get-Credential -Message  “Input your SCOM credentials”

New-SCOMManagementGroupConnection -ComputerName -Verbose

$DBclass = Get-SCOMClass | Out-GridView -PassThru -Title “Select the SCOM class”

$DBInstances = Get-SCOMClassInstance -Class $DBclass | Out-GridView -PassThru -Title “Select the instances to enable Maintenance Mode”

Start-SCOMMaintenanceMode -Instance $DBInstances -EndTime (Get-Date).AddDays(1) -Comment “Maintenance mode set by PowerShell script” -Reason PlannedOther -Verbose


In the above code, be sure to replace with your SCOM management server. After running the above code, you will be prompted for credentials. After that you will see a window that shows all classes.

Use the Filter to look for the correct class and click OK.


Next, we select the instances by multi-select then clicking OK.


After selecting OK, you will see that the Objects have been put in Maintenance Mode.



Now in order to remove from maintenance mode via PowerShell you can use something similar:

$MMInstances = Get-SCOMMaintenanceMode  | select * | Out-GridView -PassThru

$MMInstances | % { Get-SCOMMaintenanceMode | ? {$_.MonitoringObjectId -eq $_.MonitoringObjectId} | Set-SCOMMaintenanceMode -EndTime (Get-Date) -Verbose  }

After running the code, you will see a window with the instances that are in maintenance mode. Select the ones that you want to remove from maintenance mode.


The output will be like this:


A Few Words on Keeping your Passwords Safe

How do you store your system password—as a sticker on your monitor? Or do you have the habit of keeping your Google or Facebook password as a sticky note on your desktop? If yes, and your password is still safe, you are very lucky.

When you keep your passwords on desktops or at easily accessible places, there are chances that somebody use them to access your work computer, email, social networking, or even internet banking accounts. Hackers are on run everywhere. They operate from close range or form remote, and steal your passwords to access your personal or even more valuable information. It is the time to be more careful about passwords—the secure keys to your digital worlds.


How hackers steal your passwords?

Nobody can predict how minds with criminal intentions operate. But the general ways of stealing passwords are:

  • Trying dictionary-based attacks. Do you open your dictionary to find a password? Beware! There are software programs that can enter all the dictionary words in to the password field one after the other to find the actual one. The program performs so quickly that all the dictionary words will be tried in a few seconds.
  • Brute-force cracking. Many people use random keyword combinations with no meaning as passwords. But what if a program can try all the possible keyword combinations in the password field? Such attacks have been found to be very successful in cracking small passwords.
  • Trying dictionary words with substituted characters. Do you think it is safer to use ‘Pa$$w0rd’ or ‘p@ssw0rd’ as your password? Can a password be safer just because of replacing ‘l’ with ‘1’, ‘e’ with ‘3’, and ‘o’ with ‘0’? In no way, it is safer. Password cracker tools are intelligent enough to try the most commonly used character replacements.
  • Phishing. In phishing, hackers try to fool users through emails that appear to be from an original source. These emails urge users for immediate action and lead them to fake websites that appear like the original ones. Information entered on these sites are captured by the hackers.
  • Spying from behind. It is nothing but stealing your passwords by spying on your computer activities. People lurking around you can note your passwords as you enter them on your laptops, mobiles, etc.
  • Intelligent guessing based on personal information. People as well as some programs can guess passwords from personal information that is available to them. Mainly they get information from online profiles on various sites. They try to guess passwords based on this information and succeed in many occasions.

How web services protect your passwords?

Web services are very cautious about password stealing attempts. Some of the precautionary measures taken by them to avoid password cracking are:

  • Minimum complexity requirements for passwords. Email services and other services mandates passwords to meet minimum complexity requirements. They make it mandatory to have a minimum length, and a minimum number of special characters and numbers in it. Also, many of them rate the strength of the password and inform the user of it.
  • Multi-factor authentication. In this, for successful login you need to have at least two devices. After providing your regular password, you will have to authenticate through a second device, usually a mobile phone. A commonly used method is to send a one-time password (OTP) to the mobile phone. This OTP provides additional security to your login. However, more advanced options for this step are available now. Also, some services allow you the flexibility of creating your own list of one-time-passwords in advance.
  • Security questions. Web services provide an additional layer of security through security questions. When the user configures the web service account for the first time, he will be choosing a few questions and providing answers for them. Later, when authentication is required, he has to provide the same answers for these questions.
  • Account locking after repeated unsuccessful attempts. Most of the web services lock the account temporarily after you try to login three or more times unsuccessfully. It ensures that no one can use the trial and error method for finding the password. One can succeed only if he is damn sure about the password.

How to protect your passwords

In order to protect your passwords, you should create strong passwords. Also, you have to use them very carefully.

  1. Create strong passwords
  2. Use passwords carefully

Creating strong passwords

Weak passwords are vulnerable. You need to create strong passwords. Here are the Dos and Don’ts of creating strong passwords:


  • Keep it long
  • Long passwords are difficult to crack. So make them have at least eight characters.
  • Make it complex
  • Make passwords complex so that it is difficult to guess them or find them by trial. Mix alphabets and numerals, use small letters and capital letters, and use one or more special characters in them.
  • Make it easy to remember.
  • When passwords are easy-to-remember, they need not be saved or written somewhere. So they are safer.
  • Make it from a phrase or sentence


    • ‘You are Welcome to New York’ is an easy sentence to remember. By taking the first letters of each word you will get ‘YaWtNY’. Now you can make it long and complex by adding numbers, special characters, small letters etc. You can try similar methods yourself.
    • Don’t take a word out of dictionary
    • Don’t use dictionary words or a common word as password as they are prone to dictionary-based attacks.
    • Don’t follow common patterns
    • When you follow commonly used patterns, one can guess it easily. So never try common patterns for your passwords.
    • Don’t use words related to you
    • If you use some personal information like name, DOB etc., somebody will be able to guess it. So never use personal information as password.
    • Don’t use commonly used passwords or easy keyword combinations
    • Words like password, qwerty, 123456 are widely used as passwords. Almost all easy character combinations possible on a computer keyboard can be tried using software programs. So don’t try ‘aaaaaaa,’ ‘aaaaaab’ etc. as passwords.

How to be careful while using passwords?

Here are some tips for using passwords safely:

  • Use different passwords for different sites. Don’t use the same password for all your accounts. Make it different for Facebook, Twitter, LinkedIn, Google, and so on.
  • Don’t save passwords on browsers/websites. Don’t use the password saving feature of browsers or ‘remember password’ option provided by websites. Configure web browser settings according and uncheck password remember option on provided by web services. To be on the safer side, always clear the history after using the internet (especially if you are using public computers).
  • Don’t store passwords on easily accessible places. Don’t place your passwords on monitors, desktops, or on places near your computer table. If you write them, keep them away from computers. Make passwords easy to remember so that it is not necessary to write them down.
  • Change default passwords. Don’t use default or system generated passwords. Change them in the first login itself.
  • Don’t share passwords with anybody. The best advice is not to share your passwords with anybody. Even if you share, change it immediately after the requirement is over.
  • Provide fictional answers to security questions. If you provide real answers to security questions, somebody can find them and use them. But when you give fictional answers, only you know them. But be sure that you remember them.
  • Don’t respond to suspicious emails and messages. Don’t respond to suspicious emails and messages; don’t follow links on them.
  • Try to minimize the information you provide online. Don’t provide all your personal information on social networking sites and other online services. Provide personal information only on trusted and reliable websites.
  • Don’t give the access of physical devices to strangers. It is elementary –don’t let strangers and unreliable people use your systems and mobiles.


Password safety is a matter of concern for all computer users. Experts suggest various methods to make your passwords stronger and to use them securely. These methods are formulated after studying various strategies followed by password crackers. You can keep your passwords safer simply by following these simple guidelines.

Author Bio:

Satyendra Tiwari is associated with Lepide Software as a Manager – Product Marketing Operations.



LepideAuditor Suite

The Enterprise IT “Swiss army knife”

I’ve recently had the chance to work with the newest version for LepideAuditor Suite which is a comprehensive tool that does more than the name states (auditing). Of course out of all the targeted products I chose to focus on Active Directory, Group Policy and Exchange 2013.


I am not going to go over the installation part because it’s pretty straight forward and Lepide already covers well all the installation steps involved.

Active Directory Auditing

The LepideAuditor for Active Directory comes with a built in Active Directory Health Monitor Dashboard view and integrated Backup and Restore solution. So this is something I really like; having not only audit information but also a view of the overall health and performance history of the AD environment and also the possibility to quickly restore from backup anything related to Active Directory. That is nice!

The first dashboard that opens up shows an overview of the changes in your environment at a glance.


In order to audit logon/logoff events in your environments there are some preliminary steps to configure. For this you can follow the steps described in this article which covers everything very well:

Once you have logon auditing enabled you can see for example when a User has logged on, from where and the type of logon that was performed. See below an example:


Another useful audit report is the Failed Logon report. Here you can see not only the number of failed logon attempts but also the reason why it failed. For Auditors this is the kind of information they are interested in. Below you can see an example:


You can check the uses that were created during a specified period of time. You can see an example below.


One of my favorites when tracking down a “resource access” issue or a “did not receive some email” issue is to see when Group membership was modified. For me this is very useful and I am sure that for some of you as well.


You can even monitor DNS changes and track down what happened to each individual DNS record.


Above you can see the typical STS record created for ADFS. And that is not all;


You can even see tombstoned DNS records! I remember having to remove some lingering objects related to tombstoned DNS records. This tool would have been really useful back then.

GPO Auditing

Looking into the GPO monitoring capabilities and available reports I must say I was impressed with the amount of built in Audit Reports. In a large environment with hundreds of Group Policy Objects where multiple Domain Admins (or delegated GPO admins) manage the settings, it can get hard to keep track of who changed what and when. So a good GPO auditing tool is more than welcomed in this case.

The Lepide GPO Auditor comes with the built in backup feature which can be extremely useful for restoring previous working GPOs to their initial state. By default the backup interval for GPOs is every 1 hour. If your environment doesn’t have a large number of GPOs or a lot of ‘hands’ working with them you can set this interval to something like every 8 hours.


In the restore tab you will be able to restore for example a deleted GPO which is pretty cool and fast.





This will restore the previously backed-up GPO with all settings as expected.


Above is a screenshot with all the available built in audit reports that make auditing GPOs really easy even for someone without a lot of Group Policy management experience.

You can easily setup alerts or scheduled reports whenever an event is recorded.


I like the Set Alert option as it allows to keep track of important GPO changes like the Default Domain Controllers Policy or the Default Domain Policy.

I did a lot of tests with the GPO monitoring part and I have to say that you cannot get any more detailed in terms of Auditing GPOs. I replicated a simple but common issue related to GPOs, when for example someone deletes a GPO link. By doing this, the GPO is not removed but the settings will no longer apply. If you use a complex OU structure and don’t link GPOs to the Domain Root and filter using groups, it can be hard to detect when this has happened.

LepideAuditor-Marius-Ene-16 Sure enough, the change is picked up quite quickly.


Another common one, when the GPO link is disabled (not removed).


Again the change is picked up fast.


I’ve also scheduled a report that sends periodically related to GPO Link changes. This works great as you can see below:


I am not sure about you but for me this is really helpful. Along with the integrated backup/restore feature for the GPOs I believe this is an invaluable tool to have.

Exchange Auditing

Exchange server is the typical enterprise email solution for many companies and sometimes evaluating the health or monitoring the changes can be a difficult task without a specialized software. LepideAuditor for Exchange Server covers all these tasks and more.

When looking at the built in available audit reports you can instantly appreciate the usefulness of this tool.


Keep in mind that these are only the built in ones, you can easily create custom reports and alerts that meet your needs.

You can see for example when a send or receive connector was modified,


You can see when mailbox permissions were modified, database changes were performed, as you can see below



I did a simple test; we get mailbox and grant Full Access permissions to another user. Below are the default permissions.


And we see the change being picked up by Lepide. That is nice!


You can easily schedule an Alert based on this object change which would allow you to be informed in almost real time of the change.

I am not going to continue with all the options and possibilities that this tool can bring to the table, if I had to do that we would need a series of blog posts to show everything.

The conclusion

The LepideAuditor Suite is an invaluable toolset for any System Admin that wants full visibility into his environment in terms of auditing, server health monitoring, alerting, and backup history with fast restore capabilities. LepideAuditor Suite manages to put all these features under a single pane of glass.


You can download your trial version here:

More information about LepideAuditor Suite here:


Editarea grupurilor SCOM in XML


Cateodata avem nevoie sa cream anumite view-uri care sa contina informatiile necesare pentru clienti. Se pare ca cei de la Microsoft s-au grabit putin cand au scos management pack-ul pentru Hyper-V 2012. Acest MP nu contine un grup cu obiectele de tip Windows Computers asa cum au majoritatea MP-urilor.

Din acest motiv va trebui sa cream un grup nou editand direct XML-ul fiindca editorul din GUI nu ne este util in acest caz.

Primul lucru pe care trebuie sa il facem este sa cream un grup nou si sa il salvam intr-un management pack.

Hyper-V Computers Group

Exportam MP-ul fie din Consola fie din powershell.

Cautam grupul creat dupa Display Name. Vom gasi numele in tagul de DisplayStrings.

Verificam ca avem referintele necesare pentru Windows Computer si Hyper-V Role, daca nu, le copiem din alt MP.


Luam ID-ul pentru Discovery si cautam din nou. Asa va arata un Grup gol in XML.

Default XML

Vom face cateva modificari acestui grup pentru a contine instantele care ne intereseaza. Inlocuim clasa default: <MonitoringClass>$MPElement[Name=”SystemCenter!Microsoft.SystemCenter.AllComputersGroup”]$</MonitoringClass>

Cu urmatoarea: <MonitoringClass>$MPElement[Name=”Windows!Microsoft.Windows.Computer”]$</MonitoringClass>

Stergem continutul tagurilor <Expression>. Stergem si commentul din dreptul tagului de deschidere din <MembershipRule>.

Clean Expression

Adaugam operatorul Contains si clasa respectiva, in acest caz Hyper-V.

Relatia dintre clasele Windows.Computer si HyperV.ServerRole este una parent-child. Practic spunem in expresia noastra ca vrem un grup cu toate obiectele de tip Windows Computer ce gazduiesc si clasa de HyperV.Role.

La sfarsit va arata asa.


Importam management pack-ul inapoi. Inainte de a se importa se va face validarea MP-ului asa ca daca sunt gresezi de sintaxa nu se va importa.

Asteptam ca procesul de group calculation sa se termine, apoi putem folosi grupul pentru view-uri, overrides, etc.