secure connection failed

How to fix the “Secure Connection Failed” Error in Mozilla Firefox

Have you ever seen the “Secure Connection Failed” screen in Mozilla Firefox and been clueless about what to do? Here’s how you can fix the error.

Why does the “secure connection failed” screen show up?

To keep your device safe, there is a built-in SSL Filtering SSL Scanning feature. This feature protects you from entering malicious websites. The “secure connection failed” error that you see is because your SSL filtering is enabled.

  1. Here’s what the screen looks like
  • In spite of this, users can access the websites they want. How? Read further?

How to fix the “Secure Connection Failed” error in Mozilla Firefox

First, type about: config in the URL box

  • A screen like the one shown below will show up. Click Accept the Risk and Continue and after that, you must type OCSP below highlighted.
  • Once OCSP pops up, select the security.ssl.enable_ocsp_must_staple and toggle that value to false. Or you can double-click on it to toggle to false.

  • Now refresh/ reload the secure website error page

As you can see below, it should be working now.

Note: Firefox uses a live certificate and that is a very secure channel but after disabling this configuration, your channel does not remain secure. This is because Firefox’s live certificate is disabled after this toggle.

Upcoming

We upload a new blog on our website, every Thursday. You can explore our website to know more about us.

SQL Injection Attack

SQL Injection Attack and how you can prevent it

Hola… today we would be learning some basics about data privacy of our web application database, SQL injection attacks – potential foes to web Application Database & how you can prevent yourself from SQL attacks.

Let us quickly understand what SQL is and why it is used.

Technically, SQL (Structured Query Language) is a standard language for storing, manipulating and retrieving data in databases and it allows us to interact with it. Modern web applications use databases to manage data and display dynamic content to its readers.

Let us understand what an SQL injection attack is.

SQL Injection

SQL injection or SQLi is one of the most used and most common web-based attacks. So, for an SQLi attack to work, we need a web application that uses a database. SQLi is the placement of malicious code in SQL statements, via web page input.

Consider an example where there is a web application using a database. This web application might be taking input from the user & storing the information in the database or it might be fetching data from the database and displaying out to the user. In either case, what happens is, that there is an SQL query or a database query that is generated on a Web application which is sent to the database. This query is executed on the database and relevant information is returned to the web application. Now, this is how the normal scenario is!

SQLi attack is something that can take over our database servers.

How SQL injection attack works?

Let us understand this with an example- There is a web application that takes USERNAME and PASSWORD to log in.

Now, the point to be kept in mind is that SQLi works only on those web application that uses a database.

The details of all the User IDs and their passwords are stored in a database in the form of a table. When you hit ENTER after typing the correct username and password, that input is sent to the database and is crosschecked with this table that is storing our credentials.

USER IDPASSWORD
Abc@123.com012345
Xyz@456.com987654
user@infrassist.compass@123

For a successful login, in this example, the simplest SQL query that will be generated is as follows-

Note:

“*” – means fetch any number of rows from the database that matches some condition

“from users” – fetch the rows from the database named “users”

“where” – a condition that this user-id should have this password only.

The procedure of an SQL Injection Attack:

To perform an SQLi attack, we are interested only in the input part of the SQL query that is generated.

Here, we are now manipulating this SQL query such that it will always return TRUE (incorrect combination of credentials or complete incorrect credentials will give successful results).

For this, we will use the OR-logic gate:

Input AInput BOutput
FALSEFALSEFALSE
FALSETRUETRUE
TRUEFALSETRUE
TRUETRUETRUE

According to this logic gate, if any one of the input credentials is TRUE, irrespective of what the other credential is, the output will always be TRUE. Using this logic, the original SQL query can be now manipulated as follows:

SQL Injection Attack

We have set the condition here as “OR 1=1” which means- if the credentials are matched the results will be successful and even if they do not, the results will always be TRUE.

This is one such example of a malicious SQL string that can be injected to bypass the login for SQL vulnerable web applications.

More such malicious strings can be found at SQL Injection (w3schools.com)

How to Prevent SQL Injections

1.      Use Prepared Statements- Alternately, you can use prepared statements to avoid SQL injections. A prepared statement is a template of an SQL query, where you specify parameters at a later stage to execute it.

  • Enforcing least privilege to limit access to the database to only what is necessary.
  • Performing static and dynamic testing- is a set of processes involving the verification and followed by validation of the found vulnerability.
  • Using parameterized queries- A parameterized query is a type of SQL query that requires at least one parameter for execution.
  • Enabling web application firewalls for extremely sensitive data.

References:

  1. SQL Injection (w3schools.com)
  2. What is SQL Injection | SQLI Attack Example & Prevention Methods | Imperva
  3. What is SQL Injection & How to Prevent SQL Injection (simplilearn.com)

Frequently Asked Questions

What is MySQL?

A relational database management system developed by MySQL.
It stores all inputs in the form of tables and assigns key to that data.

What is Azure SQL? How does it work?

Azure is a full-featured cloud-based platform, as is common knowledge. Similar to Oracle, Azure SQL is a database server that runs entirely in the cloud and can be scaled up or down by customers based on their needs. Since it is a PaaS, most database maintenance tasks including updating, patching, backups, and monitoring are handled automatically.

What is Azure SQL Managed Instance and why use it?

An instance which combines the SQL Database with PaaS. It is one of the best options for most migrations to the cloud. It is a collection of systems and user databases. It also has a shared set of resources that is lift-and-shift ready. It helps migrate server features to the cloud with minimal hindrances.

What is the difference between Azure SQL and managed instances?

Azure SQL supports most on-premise database-level capabilities. Whereas, Managed Instance supports almost all on-premises instance-level and database-level capabilities.

How to export Azure SQL database?

There are numerous ways in which you can export Azure SQL Databases. You can export via Azure Portal to Storage Account, You can export using REST API, export via PowerShell. This blog will give you in-depth information on each.

Upcoming

We upload a new blog on our website, every Thursday. You can explore our website to know more about us.

Password Attacks

5 Types of Password Attacks and how you can prevent them

If you think about why password attacks and breaches are so common, the answer to that is simple – people use passwords that are not strong enough or those that can be easily hacked through trial and error. During times like these, the best thing to do is keep our passwords strong. Cybercriminals are clever enough to realize that if they have hacked one of your passwords, they can try the same cracked password in the other accounts that you may or may not have.

The important thing here is to improve your password security so that it puts up additional barriers for the potential hacker to overcome.

 

Here are 5 types of Password Attacks and how you can prevent them:

Man-in-the-middle Attacks, Brute force Attack, Dictionary Attack, Credential Stuffing, Phishing and Keyloggers. Now let’s dive into each of these in detail.

 

Man-in-the-Middle Attacks

Imagine you are at a restaurant with someone (probably on a date or on a business meeting). The conversation is going great, the ambience is amazing; everything is just fine except this one thing. The waiter keeps interrupting you every now and then. Probably eavesdropping or maybe just there to ruin your time. That waiter is a “Man-in-the-Middle”. Someone who is uncalled for and not needed.

Or just imagine, you are there at the restaurant to meet Person A and you meet and have a proper conversation only to realize somewhere in between that the person you are talking to is faking it. It is not Person A but rather Person B. Terrifying scenario, right?

Man-in-the-Middle Password Attacks are just the same.

Three people are involved in this type of attack. The cyberattacker, the initiator (sender) and the receiver (recipient).

In this type of password attack, you’d find the cyberattacker impersonating either the sender or the receiver, most probably through an email. The look and feel of the email would be authentic and there’ll be some minor differences that will be hard to catch.

 

Here’s how you can steer safe from or prevent Man-in-the-middle attacks:

VPN: A private network/tunnel, where confidential information is passed through the encrypted tunnel and man-in-the-middle attacks are very rare in this case. However, the VPN that you subscribed to should be a trusted entity. Don’t just go for any VPN provider.

Encryption: If your router is not encrypted and locked, anyone who connects to your network can have access to the data that is passing through the users connected to the network. Use a strong password on your router/modem.

Extra Security: Enable 2FA or MFA on your home Wi-Fi or router.

 

Brute-force Attack

As the name suggests – a hit-and-miss, trial-and-error of passwords. Usually, an automated approach where a permutation and combination of various passwords is tried one after the other on a system.

At least some accounts could be hacked through this method if not all.

 

Types of Brute Force Attacks

Apart from the general type of Brute Force Attack (which is random guesswork), there are other advanced types such as:

  • Dictionary Attacks:
    A type of brute force attack where every word in a dictionary is typed out as a possible password. It is also used to decrypt encrypted information.
  • Hybrid Brute-force:
    An analysis on which combinations would work
  • Rainbow Table Attacks:
    Passwords typed are stored in hash – this attack targets those. The table is used to guess functions up to a certain length.

 

All these brute-force password attacks use automation and bots to crack passwords since multiple attempts are made.

 

Credential Stuffing

These often have a logic behind them. How credential stuffing works is:

  • Automation methods or bots are set up and it starts cracking into systems faking its IP address by trying different password combinations. There may or may not be multiple bots at work at once.
  • Once this is done the password that has been cracked is tried across multiple websites to see if it has been used somewhere else or not.
  • Once cracked, the password is then saved to be used for future use.

Since the method is quite intelligent, you need to have better preventive measures to tackle this:

  • Using Captcha:
    Remember how you try to access a certain part of a website or somewhere that requires form filling, you are prompted to solve a simple puzzle, or type the alphanumeric that is displayed on the screen. Bots are not always that intelligent hence it becomes difficult for them to crack this stage.
  • Block IPs:
    If you see someone trying to access using the same few IP Addresses, you can prevent that by blocking the IPs. But there is no guarantee to this as the cyber attacker may have multiple such IPs in hand or even if a few are blocked, it may be easy for him to fake his IP address again and try.
  • MFA:
    Enabling multi-factor authentication leads to one more layer of added security. Most probably you will get a code on your email ID or a notification on your mobile device.

 

Phishing

A Social Engineering attack. This type of attack is meant to steal user data such as credit or debit card details. Quite similar to a man-in-the-middle attack, the cyber attacker impersonates themselves as a trusted entity and fools the target into opening an email or a link in a message which is meant to steal data.

Here is how you can prevent phishing attacks:

  • If something sounds too good to be true or if the sender is unknown, you have to do a thorough verification of their email ID.
  • Look for spelling mistakes in the domain name within the email ID.

There are different types of Phishing password attacks such as:

 

  • Smishing:
    The name is coined from 2 words: SMS + Phishing= Smishing. Nasty attack and a type of phishing where the attacker masks himself to be a prestigious, trustworthy institution like a bank with the aim of asking for confidential information. Usually, through that one SMS, the user is asked to reply back with details on that number or by asking to click a link within the SMS.

 

  • Spear Phishing:
    When an email seeks unauthorized access to sensitive information. This type of attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These also appear to come from a trusted source.

 

  • Whaling:
    Whale = The Giant fish. You receive an email from someone who seems like your boss, with very minor spelling errors and you send them sensitive information that they have asked for

 

Keyloggers

Now this one’s is mean. Keylogger is nothing but one of those password attacks where a spyware keeps track of the user’s activity. Cyberattackers use this type of attack to steal sensitive data. Keyloggers can steal the data either by connecting the targeted PC or mobile it to a hardware device or through software.

The attack through software occurs when people fall trapped by clicking a malicious link or attachment. Malware gets installed in their device and it automatically fetches sensitive data.

 

Password Best Practices

  • Your email should have a mix of uppercase, lowercase and numbers and special characters in them.
  • It should be lengthy. The longer the better. Might as well take a few extra seconds to type a long password rather than face the risk of losing data.
  • Once you do all this, make sure you rest your passwords in a timely fashion.

 

Frequently Asked Questions

What is Password Spraying?

You must have noticed that if you mistakenly type incorrect passwords at a stretch, your account could get blocked for some time. So, Password Spraying- a type of Brute Force Attack but a unique one, is wherein if the attacker has set a constant password for eg: abc123, and instead of trying a new password every time, the attacker keeps changing the username. In this way, the account will not get blocked as well.

 

What is Spear Phishing?

When an email seeks unauthorized access to sensitive information. This type of an attack is not usually sent by a mere hacker but somebody who could be known and just wants to retrieve some financial or confidential information. These types of password attacks also appear to come from a trusted source.

 

What helps protect from Spear Phishing?

  • Never click links or open or download attachments from unknown sources
  • You can block email addresses that look fishy
  • Update your system software to the latest build
  • Enable 2FA

 

What is a common indicator of a Phishing Attempt?

  • A logo that looks very similar to any popular brand out there
  • A name or an email address which sounds similar to a reputed organization
  • Malicious link or attachment
  • Shorter Content
  • Spelling Errors

 

How long does it take to crack an 8 digit password?

Less than 8 letter Passwords that have only numbers or only letters can be instantly cracked. But a password that has more than 8 characters takes longer (years if not less) to crack, if it is a mix of alphanumerics, different cases and special characters.

Upcoming

Do keep an eye on our blog section since we keep uploading a new blog every week.

 

 

Update esmc

Here’s how you can quickly update ESMC using the ESET Web console

What is ESMC?

ESMC stands for ESET Security Management Centre – it enables you to centrally manage all ESET products on servers, workstations and mobiles. Using the web console you can manage tasks, deploy ESET Solutions, enforce security policies and respond to issues arising through the remote computers.

 

To manage remote devices and to update ESMC-

  1. Login to the ERA (ESET Remote Administrator) Portal using a web browser (Google Chrome preferred).
  2. To check if an update is available, or to update the product, go to the help button (question mark) > Update Productupdate section
  3. Once you click on it, you will get an update popup. The popup will suggest and prompt you to take backup of all ESET Certification authorities (CA), Peer certificates and ESMC database.certificates
  4. To take backup of the above certificates, click on the open certification authorities (ca)or click on peer certificates  It will take you to certificate locations respectively where you can export them one by one.

 

Why take a backup of these certificates on ESMC?

As part of the installation/update process, ESMC needs a peer certificate for agents and a peer certificate authority and a certificate authority (CA). All these certificates are used to authenticate all the ESET Products that have been distributed under your license. For example, you can create a server certificate which will be required for distribution of ESET Server products.

  1. To export the certificate, click on one of the certificates and select “Export Public Key” It will download the certificate automatically. Follow the same steps for all certificates.

For database backup, click this link, which is suggested by ESET support. Or you can click on the OPEN DOCUMENTATION option to direct yourself to this link

 

Steps to take backup of the database



After taking backup we can go for an update. For that, Click the UPDATE button. An update of your ESMC Server is scheduled – in Client Tasks you can find a new client task that upgrades ESMC components on the computer where ESMC Server is installed. To update other ESMC components on the devices connected to ESMC Server to the latest version, you can trigger the Security Management Center Components Upgrade task directly from the update popup window.

 

Note: 

  1. After triggering the task you will lose connectivity of ESMC Console for some time until the ESMC upgrade process is done.
  2. Verify the updated version by going to appwiz.cpl or by login into the ESMC portal again and going to Help> About.
  3. Verify the connectivity after upgrading the ESMC by login into its Portal.
  4. Make sure that ESET Protect Server and Web console version (8.0) must be the same after update (refer given below SS) otherwise, it throws an error.

 

Some frequently asked questions:

What is ESMC console?

The traditional ERA Console has now been replaced by the ESMC (ESET Security Management Center) Web Console. It is the primary online interface that allows you to virtually administer and manage your clients and network from anywhere.

How do I access ESET management console?

If you are on a local ESMC Server: Open an ESMC-compatible web browser and type https://localhost/era in the address bar and you’ll be able to access the ESMC Web Console.

If your ESMC Server is accessible to outside connections: Open your web browser and type https://%yourservername%/era   Here you need to replace %yourservername% with your actual IP address or name of your web server

 

Which are the core components in Esmc 7 that must be installed?

For a perfect deployment, we recommend the following core components to be installed:

ESMC Web Console

ESET Management Agent

ESMC Server 

 

Is ESET Free?

ESET isn’t free but you can get a 30 day full-featured, free trial across all its 3 categories: Essential Protection, Advanced Protection and Ultimate Protection

Can you protect multiple devices using the free trial?

No. You can cover only 1 device during the trial but once you purchase the product, multiple devices can be secured via the ESET product of your choice.

Will ESET work if there is another pre-installed cybersecurity software?

It is best to uninstall any other software in the same category for this to work optimally.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Sophos SSL VPN – Save Password

Sophos SSL VPN is a VPN software that establishes a highly encrypted and secure tunnel for remote workers to connect to. The end-to-end encrypted tunnel requires both an SSL Certificate and a username and password combination for authentication and to create a secure connection.

 

Sophos SSL VPN Client does not allow to save the username and password credentials by default. However, there is a workaround to save the username and password.

 

 

How to Save Password in a Sophos SSL VPN Client

  1. Create a text file with username in one line and password in the next line
  2. Save the file name as Password.txt
  3. Save it to the path location “C:\Program Files (x86)\Sophos\Sophos SSL VPN Client\config”save credentials sophos ssl vpn 
  4. Run Notepad with Administrative Privileges
  5. Open the configuration file in the above location. Scroll down to the line “auth-user-pass” and update that to:
    auth-user-pass password.txt

 

That’s it! You should now be able to just double click the Sophos SSL VPN Client icon and it will log in automatically without you having to enter the credentials.

 

Disclaimer:

However, we would like to bring to your notice that we do not endorse this. because if your systems’ security gets compromised for eg: A hack, then it could fall into the wrong hands.

Upcoming:

We keep uploading new blogs every week on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Linux Server- Backup Directories & Files

Linux Servers are one of the most flexible and safe servers providing high-end security. Many admins and developers use Linux Servers to keep backups of their data and files. This blog explains how you can back up the individual files and directories in a Linux Server. 

For demonstration purposes, we’ll be working on Ubuntu, one of the most popular Linux Servers. Folders in Linux are addressed as Directories.

Step 1: 

Creating Directories- If you do not have any directories created yet, create a directory as per the below screenshot. 

The mkdir function helps create new directories. We have created a directory named FileforBackup

linux server- mkdir

 

The ls function will show you the created directories and files. 

linux server- ls

 

Step 2: 

Create files-  create multiple files inside the directory by using the cat command. 

linux server- cd

 

 

Step 3: 

Create one more directory to store the backed-up files so we can store the entire directory or file in the specified location. We have named the directory as “Storage Location”

linux server- directory for backup

 

If you want to take backup your files to any external disk or external storage by using the mnt command mount the external device and you can specify the external device path. 

Step 4: 

In this step, we can find the path of directories by using PWD command. 

  

mnt function

Step 5: 

By using rsync command, you can easily can take backup. 

Use the -a (archive) option to preserve attributes of files.

The -v (verbose) option forces rsync to list the files as they are being copied.

The syntax should be as follows: rsync specifiedpath destinationpath 

 the syntax

  

Step 6: 

You can find the backed-up file in your destination path. 

rsync function

Lastly, complete the backup process by using the rsync command. 

In the same way, we can back up the entire machine to any specified location as well.

Note: If you use any external hard disk or any external storage device to make a backup you should mount that device in any specified location.  

 

How we can help:

Our server team can help with the installation, configuration, deployment and monitoring of Windows/UNIX/Linux based servers. Want to migrate or do an audit of your server? We help you with all your server needs along with proactive support for the server and IT infrastructure.

Lets-encrypt-winacme

Let’s Encrypt- Upgrade Win-Acme Version 1 to Version 2 

Win-Acme has reached end-of-life (EOL) for Version 1. Any renewals running on v1 will not work and it’ll have to be upgraded to win-acme v2. Followed by, the certificates being imported from v1 to v2. This blog will walk you through how you can upgrade win-acme version 1 to version 2.

Let’s Encrypt is a non-profit Certificate Authority that provides TLS certificates. These are free certificates to protect the traffic between your website (domain) and visitors. TLS stands for Transport Layer Security and SSL (Secure Socket Layer) is its predecessor. 

TLS Certificates are digital or private key certificates and files that are used to certify the ownership of a public key. 

The Certificate Authority (CA) signs and certifies indicating that they have indeed verified it and that it indeed belongs to the owners of the said domain. 

 

https

What information is carried by a TLS or SSL certificate? 

TLS or SSL Certificates contain: 

  • Domain Name 
  • Sub-domain Name 
  • Organization Name 
  • Name of the CA
  • Date of Issuance and expiry 
  • Digital Signature 

 

Port 80- Indicates HTTP- connects users to an unencrypted network 

Port 443- a default port for a secure encrypted protocol- Indicates HTTPS- connects users to a secure network. The port enables encrypted communication to pass between the server and the browser. 

 

What is Win-Acme? 

Win-Acme (Automated Certificate Management Environment) is an ACME client for Windows, hence win-acme. It is used with Let’s Encrypt, which was formerly known as letsencrypt-win-simple (LEWS). 

If you are considering using Let’s encrypt, win-acme will provide you with an automated and reliable way to renew the certificate. 

Ultimately, the most important aspect of any ACME client is the automatic renewal of the certificate. Win-acme creates a single scheduled task to renew all certificates on a server. This task does all the work to renew the certificate as soon as the first certificate is created.

 

This article will walk you through how you can perform the update: 

    1. Download win-acme v2.1.18
    2. Extract the contents of the zip file to a folder in the C drive
    3. Open the destination folder and run the file named “wacs.exe” (shown below) with administrative privilegesupgrade win-acme setup file

      win acme 2

    4. Select Option “O” followed by Option “I”. O will help manage renewals and I will import scheduled renewals from the previous version of win-acme. This will give you a list of options. You can go with the default options unless there are any settings that you need to modifyupgrade win-acme option O

      wacs3

    5. Now that you have imported the renewal tasks to the new client version, you can view and manage the renewals using option “A”.  Or you can directly select Option “R” which shows the number of renewals that are currently due.

Final step- upgrade to winacme version 2

Post-renewal and upgrade of Win-acme 

Post the renewal initiation, it will ask for the email address that you would like to receive your notification on, for any reminders and notifications.  

As with the previous version, make sure that port forwarding for port 80 and port 443 has been set up to the server.  on the IP address being resolved on the hostname for certificate SAN (Subject Alternative Name). Otherwise, the verification by Let’s Encrypt will fail and the certificate renewal will have an error. 

 

Upcoming

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

Fetch Office 365 group details

Here’s how you can fetch all Office 365 group details

An O365 Administrator has the right and the duty of managing all the users in the portal. By running this script, a Global Admin can set parameters and at once fetch any data they need from all the groups present in O365. 

The script will connect to Azure AD (Active Directory) first and extract details of each group present in the directory.

The admin can change the parameters as per need and decide on what the output will be. The output will be exported in a .CSV file and will be stored in C Drive. You can also change the storage location path and the file name too. 

 

How to Run the “Fetch Office 365 Group Details” script : 

Step 1 

Open PowerShell as an Administrator 

 

Step 2 

Write command Connect-AzureAD. Press Enter 

 

Step 3 

Post this step, a login window will pop up in which you need to enter the credentials of the organization for whom you need to pull out the data or report

Script- O365 login

Step 4 

Once you successfully log in or connect to AzureAD for your respective user or Organization you can get the information about the Account in which you are logged in, environment, Tenant ID etc… 

Script- O365 Step 4

 

 

Step 5 

After that, you need to copy and paste the script into PowerShell and press enter. 

NOTE:  This is when you can choose the location path for the .CSV file. Mentioned below in ScreenShot. 

Step 5

 

 

Step 6 

Once the script runs successfully, the .CSV file storage path will automatically show up in PowerShell. Once you hit enter, your chosen file name will be exported to the chosen storage path accordingly. 

In this case, we have set C: Drive for file storage and set DATAforBLOG as a file name.

Step 6

 

Script Hub -Explore a library of free Powershell Scripts

To find more such useful PowerShell Scripts, head over to Script Hub in our Resources Section.

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries. 

 

Disconnected Domain Controllers

Disconnected Domain Controllers- Here’s the Solution

Windows Server 2016 standard with Server Essential role installed as PDC displayed a critical alert saying “Disconnected Domain Controllers” 

 

An introduction – Domain Controllers

The role of a Domain Controller (DC) is to authenticate and validate users and their level of access on a network. Whenever a user in the network logs in to the domain, the DC validates their credentials based on which they are either denied or allowed access. 

Often there are 2 Domain Controllers in a network, a Primary Domain Controller (PDC) and a Secondary/Backup Domain Controller (BDC). Both of them should be in sync. The PDC maintains the main directory database to validate the users on their network. Whereas the BDC contains a copy of the same. If ever there is a problem in the PDC or the database in it gets compromised, the BDC can be used. 

 

The issue – Disconnected Domain Controllers in Windows Server Essential 2016

After a recent password change, the server running the Windows Server Essential was not receiving any signal/heartbeat from the domain controller. Here’s a screenshot of the Windows Server Essential Dashboard which displays the Critical Error of disconnected domain controllers.

The error message

Possible Causes 

  • Lack of network connectivity 
  • Missing DNS entries 
  • Root hits missing or resolution issue 
  • PCNS issue 
  • PCNS target missing 
  • Time synchronization issue 
  • Integration break between an on-premise server with O365 in Server Essential 

 

If the PCNS (Password Change Notification Service) Target is missing: 

  • Go to the Start Menu and launch the ADSI. Edit MMC and connect to the Default naming context [DC01.domainname.local], DC=domainname, DC=local => CN=System => CN=Password Change Notification Service

    ADSI
    adsi next step
  • The attribute field would be empty (If it exits take back up & delete it)connection settings

  • Navigate to the path:
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\SchCache and rename the *.sch files

    rename .sch files
  • Navigate to the path %LOCALAPPDATA%\Microsoft\Windows\SchCache and rename the *.sch files


  • Restart the Password Change Notification Service

PCNS

 

 

Now, 

Go to path C:\Program Files\Microsoft Password Change Notification

Then, open Command Prompt,

command prompt


 

Add PCNS target manually by running the below command:

“C:\Program Files\Microsoft Password Change Notification>pcnscfg.exe ADDTARGET /N:ESSENTIALS_PWD_SYNC_DC01 /A:PDC01.domain_name /S:ESSENTIALS_PWD_SYNC/ PDC01.domain_name /FI:”Domain Users” /F:3 /I:60 /D:False /WI:30”

 

  • Now PCNS Target should be added successfully
  • Check the target list by running the “pcnscfg.exe list” command. There must be a target that was added as per the above command


    Now the disconnected domain controller alert should be resolved.
     

 

Upcoming: 

We keep uploading new blogs quite frequently on our website- keep an eye out for those.

Lastly, if you need help with more such IT Solutions, feel free to reach out to us. We’ll be happy to resolve your queries.