How to Migrate DHCP Scopes from Windows 2008/Windows 2012 to Windows 2019 Server using PowerShell

This is tricky and sometime GUI backup and restore may give you errors like function not supported or cannot import the DataBase.

Using this powershell method, there is no error and using verbose logging you can also see the logs at the same time.

Use below PowrShell to export the scopes from old server to new server.

Export-DhcpServer -File C:\temp\DHCPDB.xml -Leases -Force -ComputerName fra-winapp01.prg.ori.local –Verbose

then move the XML file exported at the c:\temp to new dhcp server.

Then run the below command to import the dhcp scopes to new server.

Import-DhcpServer -File C:\temp\DHCPDB.xml -BackupPath C:\temp\ -Leases -ScopeOverwrite -Force -ComputerName dhcpprg1.prg.ori.local –Verbose

[Solved] Error: The Windows Module Installer must be updated before you can install this package. Please update the Windows Modules installer on your computer, then retry setup

 While installing patches manually on 2008 R2 servers Getting message as

The Windows Modules Installer must be updated before you can install this package.
Please update the windows modules installer on your computer, then retry setup.

We have downloaded MSU installer from below MS link and try to install the KB2533552 on the server but not installing Getting message as " The update is not applicable to your computer&amp

Solution:-

These patches need to be installed in order below.

2020 – 07 : Service Pack Stack Update (KB4565354), then

2020 – 07 : Rollup (KB4565524) or 2020 – 07 Security only (KB4565539)

An authentication error occurred. The function requested is not supported. This could be due to CredSSP encryption oracle remediation.

1. INTRODUCTION

A remote code execution vulnerability exists in the Credential Security Support Provider protocol (CredSSP). An attacker who successfully exploited this vulnerability could relay user credentials and use them to execute code on the target system.

CredSSP is an authentication provider that processes authentication requests for other applications; any application which depends on CredSSP for authentication may be vulnerable to this type of attack.

As an example of how an attacker could exploit this vulnerability against the Remote Desktop Protocol, the attacker would need to run a specially crafted application and perform a man-in-the-middle attack against a Remote Desktop Protocol session. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The security update addresses the vulnerability by correcting how Credential Security Support Provider protocol (CredSSP) validates requests during the authentication process.

2. RDP SESSION

An update released by Microsoft (KB 4093492)on May 8, 2018, for Windows 10 Operation System was targeted to change the default settings CredSSP from Vulnerable to Mitigated.

However, post patching this caused an issue where the patched clients were blocked from communicating with unpatched servers over RDP protocols.

This has been reported to cause an error thrown by Windows RDP as below:

3. WORKAROUND

Use the group policy settings changes described below to rollback the changes to ‘Vulnerable’ state to allow RDP access.

1. Open Group Policy Editor, by executing gpedit.msc

2. Policy path: Computer Configuration -> Administrative Templates -> System -> Credentials DelegationRun gpedit.msc and expand Administrative Templates

Expand System

Expand Credential Delegation

Edit Encryption Oracle Remediation

Select Enabled and change Production Level to Vulnerable

3. Run the command gpupdate /force to apply group policy settings.

4. Your remote desktop connection will be working fine now.

CONCLUSION

This is just a workaround and defeats the purpose of the patching. However, we need to ensure that future updates are installed as and when released by Microsoft so that the vulnerability is not exposed.