Minion did not return. [No response]

There are multiple reasons why your minion did not return.
Hereby a couple checks you can do for troubleshooting your Salt – minion configuration.

First, check if your minion is running.

On unix:
systemctl status salt-minion
On Windows:
Check it with services.msc

Second, check if you can resolve your minion.

If not, add to dns or hostfile

Tirth, check your firewall.

On both master and minion.

Fourth, check if you can ping your minion.

salt VM01 test.ping

If not..
Then mostly increasing the timeout value of salt master fix it
Sudo nano /etc/salt/master
Search for timeout

Increase it to for example 60

Restart your salt-master.
sudo pkill salt-master
sudo salt-master -d

Fifth, reinstall your minion.

If you have other options then this, be free to comment 😊

Create Windows user using SALTstack

The first thing i did using salt stack was creating a local windows user. Creating users on different OS builds are fully supported by using the built-in salt functions.

First create a mapping in your top.sls config which point to your Windows state directory.

Sample config in top.sls Defining 2 hostnames, one with a wildcard for matching a server group.

Content of the win_generic.sls

In this example I use pillar for securing passwords. If you don’t use pillar, just use a plain text password in the password field.
Ill write a blog article how to use Pillar in SALT.

Remove SCOM Management packs with PowerShell

After importing a newer version of SQL Management pack, in our case (7.0.15.0). The older SQL Management packs are no longer needed, because the new one is version-agnostic.

As described in the release notes:
This management pack is version-agnostic, which means that you need only it to monitor SQL Server from 2012 to 2017 and higher. The previous management packs for SQL Server 20082012, 2014, and 2016 have reached the end of support. After importing, this management pack behaves differently depending on whether there are already the previous management packs installed or not. If those are not installed, the management pack will discover and monitor SQL Server 2012, 2014, 2016, 2017 and higher right out of the box, as the previous management packs do that. In the case when there is one or several of the previous management pack for SQL Server 2012, 2014, and 2016, the version-agnostic management pack will disable the discovery and monitoring for those versions of SQL Server that are already monitored by the previous management packs. It is to avoid double monitoring.

Now, it’s time to delete all older SQL Management packs.
Open your Operations Manager PowerShell window. If you cannot find the shortcut on your management server, you can also do a “import-module operationsmanager”

The trust relationship between this workstation and the primary domain failed

There are multiple reasons for getting this event. It mostly happen when you restore a domain joined server or workstation.
Event details:

EventID: 5719
Source: NETLOGON

This computer was not able to set up a secure session with a domain controller in domain “” due to the following:
There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

There are multiple ways to fix this.
Just log in with your LOCAL (not domain) credentials.

1.The PowerShell way (yeah):

2. With netdom.exe using your Windows Command Prompt:

3. With the GUI:
Change your domain membership to WORKGROUP, reboot. And join again, reboot.

Kill a stopping service in Windows

Sometimes if you restart or stop a Windows service it wont stop. The Windows Service is stuck in the “stopping” state. If you cannot reboot your server or workstation for whatever reason you can kill the task using taskkill.exe.
First, open CMD (command prompt) as Administrator.
Then query the process ID (pid) using:

Look for the PID.
Then

Or using PowerShell with a force command:

How to move MSSQL Database to another drive

– Check which database is using the old drive. This can be done with the following query.

– Write down the output and check which DBs are placed on the old drive.
– Set your database offline with the following query:

– Move your physical DB files to your new location. Which given in the query above.
– Modify the following query to your database variables, and run it.

– Set your database online with the following query.

– Check with the first query if the replacement is successful.

Install git with PowerShell on Windows

With the following PowerShell function you can download and install git using PowerShell.

It downloads the latest “stable” git release to the given temp directory and installs it with default parameters.

Another and more easy way is using the package manager Chocolatey.
The Script:

Invoke-VMScript: An error occurred while sending the request

After upgrading the PowerShell module to the latest version now available (11.3.0.13964823), my invoke-vmscript goes wrong. The following exception occurs:

Finally after a couple hours of troubleshooting, parameter checking and reinstalls we found the issue. The issue is caused by a untrusted certificate of the VMWare VCenter server.

To solve this the “recommended” way: Check and fix your certificates on your system and VCenter server.
The dirty “not recommended” way: Add the following code to your script.

How to check the SFP state on a Physical Windows Host

In the past we have had an issue with a bad batch of  SFP’s in our Windows servers. The issue occurs randomly after a couple months in production.

The answer from HP about the bad SFP’s:
“The problem is due to the Manufacturing anomaly which has been corrected now .This issue causes early life degradation of Transmit (Tx) Power, causing the affected device to fail between 6-months and 1-year from first operation, depending on operational use. Affected SFP+ Short Wave Transceivers that begin to fail, first exhibit symptoms typical to Tx power degradation followed within weeks by symptoms typical to Tx power failure.”

They could not provide us more information about the affected serial / product numbers. Only way to check those SFPs is reading the operational status with a small tool.

Tool name: qaucli.exe
Which can downloaded from: Click here
Run the .exe to get the tool installed.

Check the Status. If the status not match “normal”, replace the SFP.

I automated the checks with a little not so fancy (I know) script.

NOTE: Only tested with QLOGIC adapters. Don’t know if this also work for the Emulex ones.
For Emulex refer this: For Emulex adapters use the Emulex® OneCommand® Manager Application to view the transceivers, their status and TX power level on the PortAttribute screen.

How to use credentials in a PowerShell script?

A nightmare for many security auditors are the plain tekst Passwords in PowerShell scripts. Offcourse this is not nessecary, we can encrypt this in local files.

But there is a difference how to encrypt passwords. Tou can encrypt it with your “user account key” or system wide with a “MachineKeyStore”.
The second one (machine key) is handy when you need to run scheduled PowerShell scripts under different user accounts.

Save plain text password with Machine Key encryption using PowerShell.

Save plain text password with User Key encryption using PowerShell.