If you see “BitLocker waiting for activation”, this is a situation needing careful action: the machine is in an unstable state, and is likely to bluescreen and/or misbehave in other ways unless handled well.
What has happened, is Microsoft’s BitLocker, embedded into Windows, has done at least some encryption of the hard drive, but has lost whatever tool it was that controlled the encryption, so it is not “activated” even though the encryption is in place at least to some extent. One of the tools known to do this, is McAfee Security, it is not unlikely that there are many others.
If you see this situation, don’t try to install or remove anything yet, don’t try diagnostics, just run this from administrative CMD:
manage-bde C: -off
Then, in Control Panel, in the Small Icons, you’ll notice BitLocker Drive Encryption. Please be aware that status reporting in this Control Panel area is not reliably informative. To know what is happening, run this:
Discovered by the excellent Yvonne Wynkoop.
Test if UDP ports are open to the Internet.
works very well indeed. It knows about drivers which aren’t covered by any of the several other good ones I keep up with. One driver install at a time is free of charge, $30 per machine for automatic.
Often we replace Outlook profiles or just OSTs, but there is a much different step. After making sure there are no Outlook.exe processes running, go to the user’s Windows AppData folder:
Roaming\Microsoft\Outlook under there, and rename it to Outlook.OLD. Do the same for
Local\Microsoft\Outlook if that’s there.
The results are likely to be different :-) You may possibly, also, not have to create a new Outlook profile after doing this. It seems to cause Outlook to replace files which are being corrupted relatively often. This also fixed some mystery IMAP behavior where sync was reported complete but did not bring in new email.
I don’t know when this began, but I just happened to see Task Manager on a server running QuickBooks, and it is very clearly running “SQL Anywhere Network Server (32 bit)”, which is some version of Sybase SQL Anywhere:
The last time I checked this, which was a while ago, it looked like a much more hidden version of Pervasive SQL. This may be a major change at the heart of QuickBooks, hopefully for the better. One does wonder if we could use those command-line options to advantage…
Sometimes, when software won’t install, especially something like ShadowProtect SPX which includes a driver, it is because of corruption of one or more internal Windows certificates. A method recommended to some extent in a few Microsoft resources:
certutil.exe -generateSSTFromWU roots.sst
Import-Certificate -FilePath .\roots.sst -CertStoreLocation 'Cert:\LocalMachine\Root' -Verbose
This does not always work. The only thorough method currently known to this writer, is to download this:
which contains a binary called “rootsupd.exe”. It will unpack itself if one runs it in administrative CMD, with syntax like this:
rootsupd.exe /c /t:C:\rootsupd
It will create the folder C:\rootsupd. Then go into C:\rootsupd, and do these (administrative CMD, not Powershell for some reason!):
updroots.exe -d delroots.sst
rootsupd.exe was, according to Google, available by download from Microsoft, but is not at this writing.
One does not have to reboot the system after doing the above, so far it just works.
In administrative Powershell:
In Active Directory Users and Computers, remove the user object from OU being AD-synched. Then complete an Azure/AD sync cycle. Then:
Restore-MsolUser -UserPrincipalName users_login_probably_email
Set-MsolUser -UserPrincipalName users_login_probably_email -ImmutableId "$null"
Do the last step before the next automatic AD sync!