SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed

Many times setting up servers you’ll get the following.

SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The operating system error code indicates the cause of failure. The logon attempt failed

A few things to keep in mind.

#1 – Is the SPN set properly on SQL. (Done in AD).

#2 – Is Delegation configured on the application? (Done in AD).

Simply put this error can indicate a kerberos error (remember NTLM cannot do delegation).

Network Commands in PowerShell

Need something similar to Ipconfig in PowerShell, try these commands.

Get Network Adapter Details in PowerShell.

Get-NetAdapter | ft ifname,ifdesc,ifIndex,MacAddress,status,LinkSpeed,LinkSpeed -AutoSize

Use Get-NetAdapter |FL * for all Details.

Get IP Address Details in PowerShell

Get-NetIPConfiguration| Sort InterfaceIndex | ft InterfaceAlias,InterfaceIndex,InterfaceDescription,AllIPAddresses -AutoSize

OR

Get-NetIPAddress | Sort InterfaceIndex | FT InterfaceIndex, InterfaceAlias, AddressFamily, IPAddress, PrefixLength -Autosize

Use Get-NetIPConfiguration | fl * for all details.

Get Client DNS Settings in PowerShell.

Get-DnsClient | sort interfaceIndex | ft interfaceIndex,InterfaceAlias,ConnectionSpecificSuffix,SuffixSearchList,RegisterThisConnectionsAddress -AutoSize

Get-DnsClientServerAddress |sort interfaceindex | ft InterfaceIndex,InterfaceAlias,ServerAddresses,EnabledState

How to take my Events (EVT or EVTX format) and copy them to SQL for merged/further evaluation.

While PowerShell can be used, for very large datasets I commonly use SQL to parse and merge my events. Below is a simple example of how to convert your event files from the Windows Event format to SQL Server.

Download the Log Parser toolset from Microsoft:

https://www.microsoft.com/en-ca/download/details.aspx?id=24659

Run the following Command (from a command line):

cd “c:\Program Files (x86)\Log Parser 2.2”

logparser “select * into MyTable from c:\MyEventFile\MyEventFile.evtx” -i:evt -o:SQL -createTable:ON -server:MYsqlServer -database:MyDB -username:MyUser -password:MyPassword! -driver:”SQL Server”

The Basics of PowerShell

Step #1 – Modules

Modules are a set of related Windows PowerShell functions, many roles/functions have specific modules which get installed when the remote administrative tools are installed for a product such as Active Directory, Group Policy, Hyper-V, Failover Clustering… other products have Powershell modules included in their installation such as SQL, Exchange while others are downloadable such as Azure.

Before Windows 8/2012+ you needed to perform “import-module” to add modules to the current session.

To get the “Available Modules” which are essentially the PowerShell modules installed on the machine, the following can be run.

Get-Module -ListAvailable

To import all available modules you can Right Click PowerShell from explorer.

Import-Modules

or run the following from within PowerShell.

Get-Module -ListAvailible | Import-Module

 Step #2 – What to run

PowerShell uses a verb-noun pair for the names of cmdlets and for their derived Microsoft .NET Framework classes. The verb part of the name identifies the action that the cmdlet performs. The noun part of the name identifies the entity on which the action is performed.

Microsoft has an Approved Verbs for Windows PowerShell Commands list available.

Use “get-command” to display the available Cmdlets, Functions and Aliases available to be run. You can use a wildcard search parameters to find the appropriate verb/noun of the cmdlet you will want to run.

For a starting point the following would show various cmdlets that could be run to gather information on the computers network settings.

get-command get-net*

Notice the “GET” command was used for getting information.

As an alternative to the get-command cmdlet, “show-command” in Windows 8/2012+ can be used, or the “ISE” Integrated Scripting Environment.

Step #3 – Find the appropriate properties to output

Using the “Get-Member” or “GM” cmdlet you can easily find the output properties of a cmdlet. Select the appropriate properties to output.

get-member

Using a cmdlet such as get-help can aide in finding examples of what to run and more details about the cmdlet.

Note: Check out the “update help” Article for details about keeping your help files up-to-date (ensure you are running update-help from an elevated Powershell Window.)

Get-Help Get-NetAdapter

get-help

Using a simple command such as the following would export my chosen network adapter settings to the screen –>

 Get-NetAdapter

Notice by default it selected only a few of the available properties.

get-netadapter

Step #4 – Formatting the output

In PowerShell you can easily change how you can view it on the screen using the “format-table” or “format list” cmdlets.

Notice the “aliases” used — FT for Format-Table and FL for Format-List.

The following could be used to change the view of the data into a list format or table format.

Get-NetAdapter | FL name,status,linkspeed

Format Table

For simplicity to find all the properties available for output the following could also be used.

Get-NetAdapter | FL *

format-list

Step #5 (coming coon) filtering the output