Skip to main content

Cannot Launch Patch Installer on Windows Server 2016

I was trying to update one Windows Server 2016 by standalone patch file. Somehow nothing happened after I double click the installer file. That's because Windows Server 2016 prevent execute the  file due to it's download from internet.

The quick fix is right click the file - Properties - Check Unblock - Click OK button.

Further more. The file has ADS (alternate data streams) attached. The ADS marked the file as download from internet.

You can run following two PowerShell commands to figure out object and value of the ADS.
PS C:> Get-Item test file.msu -Stream *
PSPath : Microsoft.PowerShell.CoreFileSystem::C:Userswzheng110917aDow
PSParentPath : Microsoft.PowerShell.CoreFileSystem::C:Userswzheng110917aDow
PSChildName : 20171011_KB4038801_Updates.msu::$DATA
PSDrive : C
PSProvider : Microsoft.PowerShell.CoreFileSystem
PSIsContainer : False
FileName : C:Userswzheng110917aDownloads20171011_KB4038801_Updates.msu
Stream : :$DATA
Length : 1241376269

PSPath : Microsoft.PowerShell.CoreFileSystem::C:Userswzheng110917aDow
PSParentPath : Microsoft.PowerShell.CoreFileSystem::C:Userswzheng110917aDow
PSChildName : 20171011_KB4038801_Updates.msu:Zone.Identifier
PSDrive : C
PSProvider : Microsoft.PowerShell.CoreFileSystem
PSIsContainer : False
FileName : C:Userswzheng110917aDownloads20171011_KB4038801_Updates.msu
Stream : Zone.Identifier
Length : 26

PS C:> Get-Content testfile.msu -Stream Zone.Identifier

You can  see the ZoneId is 3. Following is a table to show which type of file it is.
0     My Computer 
1     Local Intranet Zone
2     Trusted sites Zone
3     Internet Zone
4     Restricted Sites Zone

For more reference please read Microsoft blog "Alternate Data Streams in NTFS".

You can use Unblock-File if you want to unblock multiple files.


Popular posts from this blog

Connect-NsxtServer shows "Unable to connect to the remote server"

When you run Connect-NsxtServer in the PowerCLI, it may show "Unable to connect to the remote server".  Because the error message is a little bit confusing with other login issues. It's not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically. The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command: Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Setup Terraform and Ansible for Windows provisionon CentOS

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it's a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system. Install required repos for yum. yum -y install yum -y install yum -y install yum -y install epel-release yum -y install yum-utils yum-config-manager --add-repo Install  Terraform . sudo yum -y install terraform Install  Ansible . sudo yum -y install ansible Install  Kerberos . yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

How to List All Users in Terraform Cloud

Terraform has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command  Invoke-RestMethod  to get a user list. 1. Create an organization token in Terraform Cloud. 2. Create the token variable ( $Token ) in PowerShell. $Token = "abcde" 3. Create the API parameters variable in PowerShell. $params = @{ Uri = "" Authentication = "Bearer" Token = $Token ContentType = "application/vnd.api+json" } Note: You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.  4. Retrieve the API return and list the user's email address. $Test = Invoke-RestMethod @params $