Contact Info

How-To

Category Archives

Resolving Time Synchronization issues on Virtualized Active Directory Servers

We’ve run into the issue of virtualized Primary Domain Controllers (PDCs) on Windows Server 2016/2019/2022 that fail to properly sync their clocks with global NTP time servers. In the following, we’ll outline the problem and show you how we’ve resolved this IT service issue for our partners.

In a normal functioning domain, properly configured time services are critical to the stability of the network – all domain-joined Windows computers by default will sync their clocks with the PDC.

Without valid time settings, all clocks on your network can be off as much as 8-15 minutes, or more – at best making your users late for meetings – or at worst, teleporting your entire office into an alternate dimension. 0_0;;


To verify Windows Time settings, log on to your domain controller as an administrator, and open an elevated CMD prompt. Once in, the following commands are useful for diagnosing.

Force synchronizing the time ASAP : w32tm /resync /nowait

Check NTP configuration : w32tm /query /configuration

Display time source : w32tm /query /source

Display list of all configured NTP servers and their status : w32tm /query /peers

Display service status (EG : Is time being synced from a CMOS clock, or external NTP server?) : w32tm /query /status


To check your current clock’s offset from a global time server, you can run : w32tm /stripchart /computer:time.windows.com /dataonly which may display something like the following, showing a 39 second offset.

Once you’ve discovered you have a problem, you can force your PDC to grab its time from an external source using :
w32tm.exe /config /manualpeerlist: “us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org,0x8” /syncfromflags:manual /update and run the above stripchart command once again.

However, on a virtual machine, after running the w32tm /query /source command you may see that your server is still using the VM IC Time Synchronization Provider as the source.

To resolve this and set the time service manually on a Hyper-V VM you have to change the VMICTimeProvider registry value from 1 to 0 by using the following command, allowing you to set a manual time source : reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0 – and restart your time service with net stop w32time then net start w32time.

After doing the above, check your strip chart again to validate your time settings. Much better!

Finally, re-verify you’ve set your PDC’s clock as authoritative for clients with : w32tm /config /reliable:yes – and you’re done! Client machines should sync in the next several minutes, or on next login.


PS – If you bork your configuration, you can always reset it to the default with net stop w32time, w32tm /unregister, w32tm /register, net start w32time – registering and unregistering may require a reboot.

If this helped you, please share, and comment below!


Windows 10 End-of-Life & Windows 11 Preview : What this means for your business

Microsoft announced recently that Windows 10’s End-of-Life date is set for October 14th, 2025. As a business owner, the practical impacts of this announcement can be difficult to sort out – but not to worry – Euclid Networks is here to help you sort it out!

October 14th, 2025 will will mark just over 10 years since Microsoft’s Windows 10 operating system was first introduced – we know, we know – we can’t believe it has been that long either. With the recent announcement of Windows 11 however, it’s important to get ahead of the game when planning your long term IT budget, and equipment upgrade paths.

Windows 11 promises to be a meaningful upgrade from 10, more tightly integrating with MS’s cloud service offerings.

The majority of our clients have moved on to Windows 10 for their OS, and are covered by our proactive patching and updating service – but for those who still haven’t, now is the time to make the switch. As Windows 10 and Windows 11 share the same “DNA”, upgrading from 10 to 11 promises to be much simpler than an upgrade from – for example, Windows 7, or Win XP.

Win 10 End-of-Life : What it means for your business

Once Windows 10 reaches its end-of-life, the operating system will no longer receive important security updates, or new features via patches. As it will have reached the end of its cycle, 3rd party software vendors will also begin phasing out their support for the operating system, meaning new versions of those programs will default to Windows 11 as their recommended platform.

As an IT support provider, we can’t stress enough how important keeping current on security updates is, for the protection of your business’ data, and overall network. The #1 avenue for malware and ransomware attacks is through outdated software. Outdated software can potentially cost your business tens, or hundreds of thousands of dollars in remediation and lost revenue.

Ransomware in 2020 : At a glance (source : Nationwide)

» The average enterprise ransom payment is $111,605.

» 205,280 organizations were affected by ransomware attacks in 2019.

» The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.

Windows 11 : What’s New?

Start Menu : Windows 11 has a new, simplified Start menu. Live tiles are gone, replaced with a list of app icons and recent files. Documents you edit in Office apps on other devices—even devices that aren’t running Windows—will appear as recent files here, too, thanks to Microsoft 365. Don’t have Microsoft 365 yet? We can help – contact us today!

Multi-App & Multi-Monitor Support : Windows 11 also features “Snap Groups”, which helps organize your windows, as you multi-task. Selecting a single taskbar icon will now pull up a group of snapped apps. Also, when using Windows 11 on a tablet, windows that are side-by-side will automatically stack on top of each other when you change the device’s orientation.

Multiple monitors support is improving also, with a “new docking and undocking experience.” When you unplug a monitor, the windows on the monitor will minimize themselves rather than getting in the way. When you reconnect the monitor, Windows will automatically restore the windows to their original positions on that monitor.

Widgets and MS Teams on the Taskbar

Tighter integration with Microsoft 365 and Redmond’s cloud offerings, means integrations with its services like Microsoft Teams and Onedrive will be built directly into the Windows 11 task-bar. We’ve seen iterations of this pop up in the latest Windows 10 updates, but as MS moves forward, expect the benefits of using Microsoft’s cloud offerings for your business to increase!

& More!

Details are forthcoming, but stay tuned – Microsoft has planned to begin rolling out Windows 11 as soon as this fall – expect to begin seeing it on new devices soon.

About Euclid Networks

Euclid Networks is an IT support provider that brings a fresh, proactive approach to your business computing needs. We serve a wide variety of Atlanta area businesses, including Legal Firms, Healthcare Providers, Non-Profits, and Professional Services Providers.

Our experience in the technology industry and dedication to personalized service sets us apart. We’re real people, who care about tech support.


World Backup Day – Protecting Valuable Data with the 3-2-1 Rule

Atlanta – did you know, World Backup Day is March 31st?

Nerdy, we know – but according to a leading backup company, only 15% of organizations back up data multiple times a day. Depending on your organization’s data security requirements, this could be a problem. How much is losing 4 hours of company-wide productivity worth to your business?  4 days? 4 weeks? What is more, most businesses don’t have a documented disaster recovery process in place, which can lead to catastrophic results in the event of a system crash or failure.

Why back up?

For companies that rely on their digital work product – such as attorneys, marketing professionals, and other service providers – keeping your organization’s data safeguarded is essential. If you have a storage issue, backing up information can be the difference between staying in business and closing for many, such as those in regulated industries, or where information is essential to business operations.

Cyberthreats are another big reason to keep your data backed up – with malware and ransomware threats on the rise in 2021 and beyond. If your organization is hit with an attack, it can relieve some of the burden if an additional copy is available of your stolen information.

Backup 101 – What is “good” backup practice?

It is important to discuss the pros and cons of different backup frequencies and retention policies – including the total cost, how often you will need access to the backup of your data (restores), and how frequent your backups should be. For some data-reliant companies, backing up multiple times a day makes sense, as you are harboring highly sensitive information that would cause major problems for your business and clients if you lost access. Other organizations with less sensitive information may only need to backup once a day or week, especially if they do not have compliance regulations they need to follow like those in legal, healthcare, and financial markets.

Euclid’s recommendation? Follow the 3-2-1 rule.

For our IT and Tech Support partners, we always recommend following the 3-2-1 rule for essential data protection, a best practices or guideline for safeguarding data.

  • 3 copies of data maintained (one copy “in production” – or active use, one local backup, and one “cold” backup stored elsewhere, ie the cloud)
  • 2 store data on 2 types of media (if you have an issue with one kind of media, you have another kind available to access your data)
  • 1 offsite copy (of your data, so that if a fire or on-site issue occurs a backup is available).

The idea of the 3-2-1 rule of data protection is to eliminate single points of failure – it is not a failproof policy or complete guarantee – but helps mitigate a large swath of potential data pitfalls.

How Euclid can help!

Contact us today for a cost-effective review of your current backup practices, and for our expertise with cloud and offsite backup. The “1” of the 3-2-1 rule can be difficult to implement, especially for small and medium sized businesses, but we’re here to help. And for larger organizations, our solutions cover both workstations and servers – including more complex SQL database and state-aware backups!


Microsoft Outlook crashes with 0xc0000005 errors due to Office 365 Patch, how to resolve

We’ve seen on over a dozen machines today, Microsoft Outlook (Office 365 continual update version) crashes, with 0xc0000005 errors logged in the event log.

The full text of this error is below.

Faulting application name: OUTLOOK.EXE, version: 16.0.13001.20266, time stamp: 0x5ef262ee
Faulting module name: mso98win32client.dll, version: 0.0.0.0, time stamp: 0x5ef2aa2d
Exception code: 0xc0000005
Fault offset: 0x000474b2
Faulting process id: 0x4cf0
Faulting application start time: 0x01d65ac9b0e13874
Faulting application path: C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office16\mso98win32client.dll
Report Id: 908e152f-636f-4f5a-9717-48a5576b3ccd
Faulting package full name: 
Faulting package-relative application ID: 

Microsoft had acknowledged this crash and documented a resulting fix on Twitter, and on the Office 365 Support portal :

Title: Users experiencing Outlook connection issues and crashes

User Impact: Users may experience crashes or may be unable to access Exchange Online via Outlook.

More info: Our analysis indicates that Outlook on the web and mobile clients are unaffected. Users may be able to leverage those protocols as an alternative means to access email and service features while we remediate this problem.

Current status: Our initial review of the available data indicates that recently deployed updates are the likely source of the problem. We're performing an analysis of all recent service updates to isolate the underlying cause of the problem and to determine the most expedient means to restore service.

Scope of impact: This issue may potentially affect any of your users attempting to use Outlook.

The immediate fix for this is to roll back Microsoft Office versions, which can be done by opening a command line as Administrator and typing : cd "\Program Files\Common Files\microsoft shared\ClickToRun"

officec2rclient.exe /update user updatetoversion=16.0.12527.20880

After rolling back versions, Outlook should open and function as normal!

If you’re in need of a proactive, IT Support company in the Atlanta area, don’t hesitate to contact us today!


Using a Synology NAS as a Backup DNS Server for Active Directory

As we onboard any new IT support partner, one of our security and network assessment tasks is to validate a client’s server and disaster recovery environment.

As part of this assessment, we often find a customer will have a single point of failure with their active directory environment – most small businesses don’t have the resources to afford multiple servers, and often times previous systems administrators will have not had the foresight to follow best practices regarding building server resiliency.

One example of a point of failure with a single-server environment that we see all too often is DNS. In many cases, the Primary Domain Controller (PDC) will serve as the sole internal DNS provider. Meaning, if a power outage occurs, or if a PDC goes down for any reason, the entire office will “lose” internet connectivity – often a costly outage until technical help can arrive!

Many of these clients do, however, have secondary “server”-like devices – NAS units, Linux machines, et cetera. While using these as a “backup” DNS provider is not a best practice, we aim to provide the best tech support we can while utilizing resources a client already has in place – thus saving them money!

In the following, we outline steps to convert a Synology NAS device into a backup DNS server for an Active Directory (Windows Server 2019) environment.

1. Install DNS Package on Synology NAS – straightforward, by opening Package Manager.

2. Set up a “Slave Zone” – Within Synology’s DNS manager, create a slave zone, set domain type to Forward Lookup Zone, and enter your PDC’s DNS information.

3. Set up DNS Resolution and forwarding on the NAS – In the below, we have enabled the resolution service, and also forwarders. In our lab, we actually do have a backup local DNS server (192.168.1.8 here), but also forward on DNS requests to Google (8.8.8.8/8.8.6.6) to allow for internet connectivity during PDC downtime.

4. Configure DNS Forwarding on PDC – On your server, open DNS, select your AD’s forward lookup zone, open properties.

4.1 Under Zone Transfers, ensure Allow Zone Transfers is enabled, to servers listed in the DNS Tab.
4.2 Under Notify – Ensure the same setting is enabled.
4.3 Add your Slave Name Server to the list of configured name servers. Important – ensure your server validates, with a green check once its FQDN is added.

5. Verify DNS records and Zone Transfer has completed On the Synology DNS Manager, under ‘Zones’, select ‘Edit’ and open ‘Resource Record’ you should find propagated records.

Optional but recommended – repeat steps 2-5 for the Reverse Lookup Zone (EG, 1.168.192.in-addr.arpa) and _msdcs.yourlocal.domain. You *do* have a reverse lookup zone configured, don’t you? =)

6. Add your New DNS Server to DHCP – Don’t forget to configure your DHCP leases to include your new backup DNS server!

7. Test out DNS resolution – Finally, test your new server to ensure it’s resolving external domain names correctly, and test a failure of your PDC by taking it offline. Success!

If this writeup has been helpful to you, please share your comments below. And as always, if you’re looking for proactive managed IT service in Atlanta, Euclid is here to help!


Subdomain and Domain forwarding not working properly with GoDaddy and Sonicwall Firewall

Godaddy ​Domain and Subdomain Forwarding times out without forwarding, unexpectedly, when using a Sonicwall Firewall.

Domain Forwarding is typically used to redirect a user to a different website when they type in a URL in a browser. In this case, the forwarding will time out – with either a browser 404 error – or a CONNECTION_TIMED_OUT message. DNS resolution will work properly – subdomain.domain.com for example will return the correct A record, pointing to Godaddy’s IP addresses.

The domain redirect may work sporadically on some phones or computers where traffic is not directly passing through a Sonicwall firewall.

The reason for the failed domain forwarding is that by default the Sonicwall enables TCP Packet Sequence Randomization which causes Godaddy’s Domain Forwarding service to break. When doing packet analysis in Wireshark, we saw TCP ACK connections out of sequence and dropped connections.

To fix this issue:

  1. Login into the IP address of the Sonicwall firewall.
  2. Go to http://{firewall.ip.address}/diag.html – You will get a warning about Advanced Settings
  3. Click on Internal Settings.
  4. Untick the box: “Enable TCP sequence number randomization”
  5. Scroll up and click Accept.
  6. Click Close.
  7. Reboot the firewall.

Verify you can now access a Domain forwarded address.  Note that servers behind the firewall will be slightly more vulnerable to host identification by disabling this TCP Sequence Randomization. But in this case, it would be a fairly targetted attack, so the overall risk is low.


How to keep your children safe online?

Summer is here and your kids are home for long stretches of time. Here are our tips on keeping your home and children safe online.

Our number 1 tip is talk to your children! Communication is essential in maintaining a safe environment.
  1. Have a conversation with your kids: warn them about malware, dangerous websites, and sex offenders. Let your kids know you’re looking out for them, speak honestly with them, and listen. After all, if it’s just you talking, it’s not a conversation. It’s a lecture. And no one likes a lecture.
  2. Keep your computer in a common area of the house: it’s more difficult for sex offenders and online bullies to harass your child when you can see what your child is up to. So make sure your kids aren’t going to bed with their laptops and phones. Keep internet time in the common areas.
  3. Know which other computers your children are using: your children most likely have access to computers at school or their friends’ houses. Ask them where they go online, and talk to their friends’ parents about how they supervise their own kids’ internet use.
  4. Remind your children, “Don’t talk to strangers — or meet them”: Remind your children that people often lie about their age, and online predators often pretend to be children. Emphasize that your children should never reveal personal information like their name, address, phone number, school name, or even their friends’ names. Knowing any of this could help an online predator find your kid in real life. And under no circumstances should your child ever meet up with someone they met online without your permission. If you do agree to a meeting, go with your child and meet in a public place.
  5. Make internet time family time: You watch movies together. Why not browse the web together? Making it a family event can be fun. You’ll learn more about your kids’ interests, and can guide them to websites that are more appropriate to their age.
  6. Know your children’s passwords: If you’ve got a younger kid, create an account for them in your own name to avoid exposing your kid’s name — and so you’ll have the password. But please respect the age limitations on accounts. If a site says you should be 18 to sign up, then maybe your child should wait. Whatever your choice, though, make sure you get their passwords and warn them that you’ll be checking their accounts from time to time to make sure everything’s kosher. (Spying on your kids’ accounts without their knowledge could weaken their trust in you.)
  7. Watch for changes in your children’s behavior: Being secretive about what they do online, withdrawing from the family, and other personality changes could be signs that an online sex offender is preying on your kid. So keep an eye out for any behavioral changes.
  8. Pay attention to any gifts anyone gives your children: Sexual predators may send physical letters, photos, or gifts to children to seduce them. Stay alert, and ask your kids about any new toys they bring home.
  9. Check your children’s browsing history: Open your child’s web browser and look for “History” to see a list of websites they’ve been to. Also check the recycle bin to see if any files have been deleted. You may be surprised.
  10. Set rules — and stick to them: As a parent, it’s your job to limit your kids’ screen time, set boundaries for inappropriate content, and make sure your children stick to them. Talk to your internet service provider about filters you can use to block pornographic or violent websites, or invest in a Wi-Fi router with parental controls.
Searching and using the internet together is a great way to teach your children about navigating the multilayered online world.

How to : Quickly open a command prompt at a location using the Windows Explorer address bar

Ever needed to quickly open a command prompt at a particular location on your hard drive? In the regular course of providing tech support for our Atlanta business partners, we use this quick trick on an almost daily basis.

Simply type ‘cmd’ into your address bar, and voilà – a command prompt at your computer’s current location – in this case c:\Windows.

2014-03-07 tech support command prompt

 

Ridiculously simple, but something many folks don’t know! You can also open any number of other programs in the same manner – the address bar functions in basically the same way as the search dialog in the Windows 7 start menu.

If we’ve helped you out, we’d love to hear from you in the comments below.


How to : Fix duplicate pinned taskbar icons in Windows 7

A common and annoying problem with Windows 7’s “Pin to Taskbar” feature, is when an application accidentally gets pinned multiple times. You might have run into this issue, resulting in a taskbar that looks something like this :

duplicate taskbar icons

In this screenshot, there are two yellow VMWare icons. The program was launched using the icon on the left, but when it opens, it creates a second duplicate icon on the taskbar. Annoying!

How to remove duplicated pinned taskbar icons :

Taskbar icons get duplicated when a shortcut is pinned to the taskbar, rather than the program itself. The solution is to find and remove the extra shortcut. The most straightforward way to do this is simply to right click and “Unpin” all the icons for the program in question, launch the program via the Start Menu, and then right click the running program on the taskbar to re-pin it.

Sometimes we’ve run into situations where this doesn’t resolve the problem. There’s usually a hidden shortcut that is being referenced by the running program. In this case, the solution is to “Show Hidden Files” in Windows Explorer, and navigate to the system path for taskbar shortcuts. This path is : C:\Users\%username%\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar – there you can attempt deleting the shortcut manually, and re-adding it once again.

Helped you out? Have questions? Let us know in the comments below!


How To : Remove passwords / editing restrictions on MS Word and Excel Files

Have you ever come across a word or excel document that was ‘password protected’ – where certain parts of the document you were unable to edit?

Frequently these are used in business settings, and with good reason – to protect formulas, proprietary information, sections of contracts, et cetera.

But, sometimes you need to edit a restricted document, and your colleague is not at their computer or out to lunch, on vacation, or otherwise missing in action. Not to worry, we’ll show you how to remove the password from a restricted Word or Excel document. All you’ll need is MS Office 2007/2010/2013, the free software 7-Zip (which we recommend everyone use for archive management!), and a bit of technical support know-how from your local IT pro.

tech-tip-remove-word-password-protection-1
1. Ensure your file is in the latest .docX or .xlsX format. If your file is in an earlier office format, do a ‘Save As’, select ‘docx’ as the format type, and make sure you leave the ‘maintain compatibilty’ box empty. We want the latest file format.

tech-tip-remove-word-password-protection-2

2. Open windows explorer and find your file. Make a copy of the file, and change the file extension from .docx to .zip.

tech-tip-remove-word-password-protection-3

3. Right click the .zip file, and using the 7zip context menu, ‘Open Archive’ using the 7zip archive manager. This will allow you to edit the .docx archive without extracting the XML files inside.

tech-tip-remove-word-password-protection-4
4. Navigate to /word, and find the settings.xml file. Right click the file, and select ‘edit’. – This is important, do not choose ‘open’ or any other option – only ‘edit’ will work.

atlanta-it-support-remove-word-password-protection-5
5. Find the XML element beginning with w:documentprotection, highlighted in the screenshot above. Remove the entire element, including < and > brackets.

6. Save, close, and update the archive when prompted.

7. Rename your file, changing the .zip extension back to .docx

8. Enjoy!

Hopefully this has assisted someone out there in Atlanta, and let us know if this solved your IT support needs in the comments!

Thanks to this post on Spiceworks, and this helpful blog : http://itintheory.blogspot.com/2012/06/remove-editing-restrictions-in-word.html for the inspiration.

 


Page 1 of 212