Jul 13

DNS Resource Record Types

Download PDF

DNS resource records can be used to provide DNS-based data about computers on a TCP/IP network. Well I don’t know if there is a network other than TCP/IP network, other than the internal isolated lab network for engineering purposes. Anyway, the following are some primary resource records currently we work with:

  • SOA: Start of Authority locates the zone.
  • NS: NS records specify the authoritative name server for a domain.
  • A: Address records direct a hostname to a numerical IP address.
  • PTR: Pointer Records are used for reverse lookups, IP to domain or hostname.
  • CNAME: Canonical Name allows a machine to be known by one or more hostnames
  • MX: Mail Exchanger records are used to help route email according the domain owners preference
  • SRV: Service resource records enable you to specify the location of the servers for a specific service, protocol, and DNS domain (copy & paste from TechNet article, see below link for the whole description)

For further understanding of record composition, checkout the following links:



Sharing a typical Example where the Office 365 cloud service records are required and those are as follows:

MX records

Priority Host name Points to address or value TTL
0 @ link3-net.mail.protection.outlook.com 3600

CNAME records

Host name Points to address or value TTL
autodiscover autodiscover.outlook.com 3600
sip sipdir.online.lync.com 3600
lyncdiscover webdir.online.lync.com 3600
msoid clientconfig.microsoftonline-p.net 3600
enterpriseregistration enterpriseregistration.windows.net 3600
enterpriseenrollment enterpriseenrollment.manage.microsoft.com 3600

TXT records

TXT name TXT value TTL
@ v=spf1 include:spf.protection.outlook.com -all 3600

SRV records

Service Protocol Port Weight Priority Name Target TTL
_sip _tls 443 1 100 @ sipdir.online.lync.com 3600
_sipfederationtls _tcp 5061 1 100 @ sipfed.online.lync.com 3600
comments: Closed tags: ,
Apr 15

Use System File Checker (SFC) to Scan and Repair System Files & use DISM to fix files where SFC fails

Download PDF

System File Checker (SFC) is a command-line tool that scans all protected system files and replaces incorrect versions with correct versions. This tool originally built for Windows 2000!, and all GA editions were shipped with it. In other words, SFC scans to check for any file corruption and repairs them accordingly. If you have modified your system files (including Windows DLL files) running SFC will revert the system files back to the default state.

Below table (SFC Switches) is a cut & paste from TechNet (Link provided below):

Switch Description
/scannow Scans all protected system files immediately.
/scanonce Scans all protected system files once at the next boot.
/scanboot Scans all protected system files at every restart.
/cancel Cancels all pending scans of protected system files.
/quiet Replaces all incorrect file versions without prompting the user.
/enable Enables WFP for normal operation.
/purgecache Purges the file cache and scans all protected system files immediately.
/cachesize= x Sets the file cache size in bytes. This change does not take effect

until you restart the computer.

/? Displays this list.

Follow the below steps:

  • Windows key + X, click “Command Prompt (Admin).”
  • On the Command Prompt, type the following command, and then press ENTER (assuming you are an Administrator & using a privileged account):
C:\WINDOWS\system32>sfc /SCANNOW

Please be mindful that it could take significant amount of time to complete this operation. Screenshot follows during its operation on a Windows 10 Pro computer:


When the SFC have finished running it will say either one of the following three notifications:

  • Windows did not find any integrity violations (this is very good)
  • Windows Resource Protection found corrupt files and repaired them (good news)
  • Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (sad news, not bad)

Screenshot follows with errors:

sfc-completedBut do check the log and remedy statements almost always available in Microsoft TechNet site. Now, export the log by issuing the following command:

findstr /c:”[SR]” %windir%\Logs\CBS\CBS.log >”%userprofile%\Desktop\sfcdetails.txt”

This command will export the log to readable format onto your desktop, in a file named “sfcdetails.txt”. Open the file and it should look like the following screenshot:

sfc-log-export-txtNow the repair part begins….with DISM

DISM (Deployment Image Servicing and Management)

If you are on win 8 (or higher build of 8.1 or 10 even) you  should also run DISM whether SFC found errors or not!! To check the health (You sould use /CheckHealth to only check whether the image has been flagged as corrupted). From the same administrative command prompt run the following command:

DISM /Online /Cleanup-Image /CheckHealth

To scan the health, use the /ScanHealth switch to scan the image for component store corruption. Please remember that this option does not fix any corruption.

DISM /Online /Cleanup-Image /ScanHealth

To restore health use the /RestoreHealth switch to scan the image for component store corruption, perform repair operations automatically, and records that corruption to the log file.  This generally takes 5-20 minutes depending on the corruption and size of the partition. You can run scanhealth & restorehealth at the same time by issuing both switches at the same time. Command follows:

DISM /Online /Cleanup-image /Scanhealth && DISM.exe /Online 
/Cleanup-image /Restorehealth


After this, it’s a good idea to run the SFC again to check if the command produces any errors or not. If you get the error message “cannot find source files” you need to have an ISO file mounted and need to specify where it is located with the below command

DISM /Online /Cleanup-Image /RestoreHealth 
/source:WIM:X:\Sources\Install.wim:1 /LimitAccess

The ISO must be exactly the same version as the running OS.  An ISO of 10532.0 will not repair a running system of 10533.0. simply put, the file version mismatch and some additional files are also introduced. If you do not have an ISO, download it from Microsoft site: https://www.microsoft.com/en-us/software-download/windows10

Further Reading:


comments: Closed tags: ,
Sep 3

Command line to get your Service Tag in Windows

Posted in Microsoft, Windows 8
Download PDF

I was actually looking up for the Service Tag of my DELL E 6410 machine. At the back of the laptop panel the sticker has already worn out, and I started browsing the TechNet. Now, I found the WMIC (Windows Management Instrumentation Command-line) and should work to get the serial number or the service tag number from the BIOS for any laptop & desktop computer. I was so lazy to get into the BIOs and grab the service tag; that’s didn’t happen. Instead, I opened up the command prompt (Windows Key + R), then type cmd and press enter, command prompt fires up, type in the following command:

wmic bios get serialnumber

screenshot follows:

servicetagNow if you want to fiddle a bit with the command, try issuing the following command:

wmic bios get /format:list


servicetag1I’ve used this on my DELL laptops, and got results on each of them, you should try yours. You will get some more information regarding your laptops BIOS information as well.

CON’S: Does not work in virtualized environment, as your host isn’t really in a real hardware.

  1. Useful WMIC Queries and the list of commands: http://blogs.technet.com/b/askperf/archive/2012/02/17/useful-wmic-queries.aspx
  2. WMIC (Windows Management Instrumentation Command-Line) http://msdn.microsoft.com/en-us/library/aa394531(VS.85).aspx
Aug 23

Install GUI on Windows Server 2016

Download PDF

I really got amazed or even startled that the first boot Windows Server presented a command line, along with the server manager. I closed the server manager console; and got stuck 🙂 with the command line only. Laughed for couple of minutes of my ignorance of the new technology. Then I recall the command “servermanager”, and it popped up again. Kinda felt idiotic too at that time.

Now coming back to the original topic. My apologies, this post is an orchestration, as I couldn’t load mspaint to work, nothing was there to save the print screen snapshot….. LOL

Now I have chosen the first option to be installed which led me to a command prompt only screen. The following picture is taken from TechNet.


After Windows Server 2016 CTP2/3 completes it’s installation, restarts for the final time, login into the server and issue the following command in the command prompt:


Screenshot would look like the following, as you can see the feature is already installed.


I typed all lowercase, when the Server Manager actually pops up, then follow the screenshot location to install the “Server Graphical Shell” along with the “Desktop Experience”, well if you need it. I also installed the Ink services for the server to support sound/recording services. Please do read the right side description of the feature getting installed. Now after finishing the installation you will get the look just like the following screenshot:

Windows2016 Desktop

Essentially, the Windows Server is getting lighter and lighter with each release comes out. Can’t wait to test the server out with my new DELL Latitude E7240 Ultrabook, and the video recordings will be released to my YouTube channel. Furthermore, use the following command to add more features:


  • Add-WindowsFeature
  • Get-WindowsFeature
  • Remove-WindowsFeature

By the way, you can run the following powershell command to checkout if the GUI feature is installed or not:

Get-WindowsFeature *gui*
And the screenshot follows:
comments: Closed tags: ,
Aug 20

Enable BitLocker, and to Prompt for PIN During Startup

Download PDF

First you need to check if the following items are there in your laptop/server

  • TPM Chip
  • Windows 7 Enterprise or Higher (Ultimate with or without N)
  • Windows Server 2008 R2 Enterprise or Higher

You can achieve BitLocker encryption introduced into any number of drives, and you can do this in two ways:

  • BitLocker Encryption tied to the TPM chip
  • Password protected BitLocker without the integration with TPM

Enable BitLocker: This exercise is done using Windows 8.1 Enterprise N Edition. Now, you can do it in a short step. On your keyboard, press “Windows Key+E”, Select your boot drive, right click on it and click enable BitLocker on this drive. It will prompt you to save the recovery key elsewhere, other than the fixed drive, perhaps a memory stick is a good choice. Save or Print the recovery key and let the wizard start the encryption. A screenshot:
















As you can see there are three options available to manage. Suspend the protection, backup again the recovery key & completely turning off BitLocker.

Now Lets run the following command:











Go to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives. One the right pane/panel, double-click on the “Require additional authentication at startup”. Screenshot follows:













First, Enable the policy, and set the fields as shown in the picture 🙂 Press OK afterwards and close the local policy editor. DO NOT RESTART YET.

Nope, we are not done yet…haha. Now we are going to set the TPM PIN for the encrypted drive; type in the following command:

manage-bde -protectors -add c: -TPMAndPIN










Provide the PIN two times. Now run the following command:

manage-bde -status

You should get the following summary result:


























As you can see key protectors are initiated with TPM And PIN. Wala you are done, restart and get ready to provide the PIN, otherwise, you are doomed. Word of advice, do keep your BitLocker keys in safe place(s)

BitLocker PIN Login

BitLocker drive encryption was originally an integral security feature in Windows SBS 2008. You can back up a source volume that is encrypted with BitLocker. However, if you restore the backup to your server, it is restored without BitLocker encryption. You must manually enable BitLocker on the restored volume. Afterwards BitLocker ported to Vista and so on

You can do this after BitLocker has encrypted the entire drive. First you have to enable the local policy to require a PIN during startup. You could also do that centrally enterprise wide through Group Policy (GPO).

Checkout the following links as well:

comments: Closed