Component-Based Servicing (cbs.log) causes all drive space to be consumed

Because I’ve seen this question asked in many places and not answered, I thought I’d post my issue and resolution here.  I regard this as a Bug, but I’m not invested enough to deal with the support incident process.

I’ve had repeated instances where a Windows 7 x64 client runs out of hard drive space, and found that C:\Windows\TEMP is being consumed with hundreds of files with names following the pattern “cab_XXXX_X”, generally 100 MB each, and these files are constantly generated until the system runs out of space.  Upon removing the files & rebooting, the files start being generated again.

I’ve found that this is caused by large Component-Based Servicing logs.  These are stored at C:\Windows\Logs\CBS.  The current log file is named “cbs.log”.  When “cbs.log” reaches a certain size, a cleanup process renames the log to “CbsPersist_YYYYMMDDHHMMSS.log” and then attempts to compress it into a .cab file.

However, when the cbs.log reaches a size of 2 GB before that cleanup process compresses it, the file is to large to be handled by the makecab.exe utility.  The log file is renamed to CbsPersist_date_time.log, but when the makecab process attempts to compress it the process fails (but only after consuming some 100 MB under \Windows\Temp).  After this, the cleanup process runs repeatedly (approx every 20 minutes in my experience).  The process fails every time, and also consumes a new ~ 100 MB in \Windows\Temp before dying.  This is repeated until the system runs out of drive space.

This can be reproduced by trying to manually create the cab file –

Directory of C:\CBS-BAK
12/11/2019  12:28 PM    <DIR>          .
12/11/2019  12:28 PM    <DIR>          ..
12/11/2019  12:12 PM     2,491,665,966 CbsPersist_20150823021618.log

C:\CBS-BAK>makecab CbsPersist_20150823021618.log
Cabinet Maker – Lossless Data Compression Tool
86.19% – CbsPersist_20150823021618.log (1 of 1)
ERROR: (FCIAddFile)Data-size or file-count exceeded CAB format limits

C:\CBS-BAK>dir %TEMP%\cab*
Volume in drive C is OSDisk
Volume Serial Number is 44DE-0CDD
Directory of C:\Users\USERNAME\AppData\Local\Temp
08/26/2015  02:31 PM       102,786,654 cab_4556_2

12/11/2019  12:28 PM        12,978,919 cab_5860_2
12/11/2019  12:27 PM                 0 cab_5860_3

To resolve this –

Stop the Windows Modules Installer (TrustedInstaller) service

Delete or move the large Cbspersist_XX.log file out of \Windows\Logs\CBS.

Start the Windows Modules Installer (TrustedInstaller) service

Troubleshooting Failed Login Attempts in Windows Active Directory Server

On Event Viewer, we should look for the following information (filter Security log):

Security log, events 4625 and 4771 (format for filtering is: 4625,4771).

We need to filter for these two events since we don’t know if the user failed to authenticate using NTLM (4625) or Kerberos (4771).

References:

4625(F): An account failed to log on

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625

4771(F): Kerberos pre-authentication failed

https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4771

With a view containing only events 4625 and 4771 we can then search (Find…) the user we are troubleshooting.

We should be looking for and see the following information on each of events.

4625:

You can refer to the article above for a full description on the Status and Sub-Status codes.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 5/21/2019 10:40:19 AM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: DC2.contoso.local

Description:

An account failed to log on.

Subject:

Security ID: NULL SID

Account Name: –

Account Domain: –

Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:

Security ID: NULL SID

Account Name: test2016 à This should be showing the account you are troubleshooting.

Account Domain: WIN2K16MEMBER

Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xC000006D à These are the fields you should be looking also.

Sub Status : 0xC0000064 à We can have either 0xC0000064 or 0xC000006A

Process Information:

Caller Process ID: 0x0

Caller Process Name: –

Network Information:

Workstation Name: WIN2K16MEMBER à This might not show on this event but if it does this is where the bad password is coming from.

Source Network Address: 192.168.0.31 à This might not show on this event but if it does this is the IP where the bad password is coming from.

Source Port: 49735

Detailed Authentication Information:

Logon Process: NtLmSsp

Authentication Package: NTLM

Transited Services: –

Package Name (NTLM only): –

Key Length: 0

If the above event does not show the Network Information details, you will have to enable the Netlogon debug log to have more tracing and NTLM authentication information.

You can refer to the following article for the full instructions on how to enable and disable Netlogon

debugging:

Enabling debug logging for the Netlogon service

https://support.microsoft.com/en-us/help/109626/enabling-debug-logging-for-the-netlogon-service

Although, enabling and disabling Netlogon debugging is quite easy but should only be enabled for troubleshooting purposes and disabled afterwards:

Enable Netlogon debug:

From an elevated command prompt (as administrator), run the following command:

nltest /dbflag:2080ffff

Disable Netlogon debug:

From an elevated command prompt (as administrator), run the following command:

nltest /dbflag:0x0

The netlogon debug log can then be found under C:\Windows\debug\netlogon.log

On the netlogon debug log we should look for (find…) the user we are troubleshooting and should be able to find information similar to the bellow:

08/15 16:38:22 [LOGON] [608] C ONTOSO: SamLogon: Generic logon of CONTOSO.LOCAL\test2016 from ( WIN2K16MEMBER ) (via JUMPSERVER) Returns 0xC000006A

This entry tells you where the bad password came from.

4771:

You can refer to the article above for a full description on the Failure Codes.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 7/26/2019 11:47:11 AM

Event ID: 4771

Task Category: Kerberos Authentication Service

Level: Information

Keywords: Audit Failure

User: N/A

Computer: DC2.contoso.local

Description:

Kerberos pre-authentication failed.

Account Information:

Security ID: CONTOSO\Administrator

Account Name: Administrator à This should be showing the account you are troubleshooting.

Service Information:

Service Name: krbtgt/CONTOSO

Network Information:

Client Address: ::ffff: 192.168.0.4 à This might not show on this event but if it does this is the IP where the bad password is coming from.

Client Port: 49908

Additional Information:

Ticket Options: 0x40810010

Failure Code : 0x18 à This is the Failure Code we should be looking for: The wrong password was provided.

Pre-Authentication Type: 2

Certificate Information:

Certificate Issuer Name:

Certificate Serial Number:

Certificate Thumbprint:

This was the easy part!

The hard part is often to troubleshoot from the client side as we don’t have any specific procedure to understand what is sending the bad passwords.

An application? A Scheduled Task? A script?

Can be either and/or all of them and for that reason we often need to revisit the client workstation to continue searching for the culprit(s).

Sometimes it is a middle device that connects the user to Exchange, SQL or any other resource and the same steps needs to be taken on each device in the middle that will bring us back to the originating source.

More information:
You can also check the bellow articles for more information on troubleshooting information and tips regarding account lockouts:

Active Directory: Bad Passwords and Account Lockout

https://social.technet.microsoft.com/wiki/contents/articles/32490.active-directory-bad-passwords-and-account-lockout.aspx

Active Directory: Troubleshooting Frequent Account Lockout

https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

Troubleshooting account lockout the PSS way

https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/

Remote Desktop CredSSP encryption Oracle remediation Registry fix

This is a quick credssp registry fix for the following error when trying to connect to a machine using RDP (Remote Desktop):

Image showing RDP CredSSP Authentication Error when connecting to a host with RDP

This is because the server you are connecting to is not patched up to date, and the machine you are connecting from is. Modify the registry to allow your machine to connect to it:

  1. Open Regedit.
  2. Navigate to the following registry key, or create it if it does not exist:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters
  3. Create a new DWORD value called “AllowEncryptionOracle
  4. Set the new registry entry to have a value of 2:

Image showing AllowEncryptionOracle registry entry being set to a value of 2

    5. Connect to the server that you were unable to connect to before.

Run this from an elevated command prompt to achieve the same result:

  • REG ADD “HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters” /v AllowEncryptionOracle /t REG_DWORD /d 2

How to export user photos in O365 / Exchange Online using Exchange Online Powershell

Below small script can be use to export photos from O365 / Exchange Online using powershell.

First you need to connect to exchange online.

#############################################

get-mailbox -ResultSize Unlimited | % {Get-UserPhoto $_.identity} | % {Set-Content -path “C:\Photos\$($_.identity).jpg” -value $_.picturedata -Encoding byte}

####################################################

How to export thumbnail/photos from Active Directory using powershell

Below is smal powershell script to export photos from the Active Directory using AD powershell.

#########################################################

$list=GET-ADuser –filter * -properties thumbnailphoto

Foreach ($User in $list)

{

$Directory=’C:\Photos\’

If ($User.thumbnailphoto)

  {

  $Filename=$Directory+$User.samaccountname+’.jpg’

  [System.Io.File]::WriteAllBytes($Filename, $User.Thumbnailphoto)

  }

}

#########################################################

Changing your Domain Account password on a RDP session on Windows Server 2012 R2 and 2016 Servers

This procedure is the only one which worked for me on a Windows 2012 R2 and 2016 RDP session:

1. Click Start

2. Type osk (to bring up the on screen keyboard)

3. Hit enter

image

image

4. Once the on screen keyboard is open, hold ctrl+Alt on your physical keyboard, then click on the del key in the on screen keyboard.

image

5. Minimize the on screen Keyboard

6. Click Change a password.

Global Internet Shutdown Likely Over Next 48 Hours: Report 12th Oct 2018

Russia Today reported that global internet users might experience network connection failures as the main domain servers and its related network infrastructure will be down for some time.

Widespread network failure could be on the cards for internet users across the globe for the next 48 hours as key domain servers undergo routine maintenance, says Russia Today.

A report in the Russian news organisation claims that Internet Corporation for Assigned Names and Numbers (ICANN) is prepping up for maintenance work of domain servers and related network infrastructure by changing cryptographic key which will result in down-time in internet activity across the globe.

The maintenance work to be undertaken by the ICANN will help protect the internet’s address book popularly known as the Domain Name System (DNS).

Experts says that the change of cryptographic key will help prove as a necessary step for internet protection as the number of cyber attacks swell.

In a statement, the Communications Regulatory Authority (CRA) said the global internet shutdown is necessary for ensuring a secure, stable and resilient DNS. “To further clarify, some inte ..

Internet users across the globe may experience widespread network failures as the key domain servers are slated to undergo routine maintenance over the next 48 hours.

Russia Today reported that global internet users might experience network connection failures as the main domain servers and its related network infrastructure will be down for some time.

The Internet Corporation of Assigned Names and Numbers (ICANN) will carry out maintenance work during this time period by changing the cryptographic key that helps protect the internet’s address book or the Domain Name System (DNS). This has been necessitated to counter the rising incidents of cyber attacks, the ICANN said.

In a statement, the Communications Regulatory Authority (CRA) said the global internet shutdown is necessary for ensuring a secure, stable and resilient DNS. “To further clarify, some internet users might be affected if their network operators or Internet Service Providers (ISPs) have not prepared for this change. However, this impact can be avoided by enabling the appropriate system security extensions,” it added.

COMMENT

Internet users could face difficulties in accessing web pages or making any transactions in the next 48 hours. Also, users could face inconvenience accessing the global network if they use an outdated ISP.

 

A report in the Russian news organisation claims that Internet Corporation for Assigned Names and Numbers (ICANN) is prepping up for maintenance work of domain servers and related network infrastructure by changing cryptographic key which will result in down-time in internet activity across the globe.

The maintenance work to be undertaken by the ICANN will help protect the internet’s address book popularly known as the Domain Name System (DNS).

Experts says that the change of c ..

How to Install a WordPress Theme

Install a Theme using WordPress Admin Theme Search

If you’re looking to install a free WordPress theme from the WordPress.org themes directory, then the easiest way is by using the WordPress admin theme search functionality.

First thing you need to do is login to your WordPress admin area. Next, click on Appearance » Themes.

Click on Appearance Themes

Once you are on the themes page, click on the Add New button at the top.

Add New Themes in WordPress

On the next screen, you will have the ability to select from: Featured WordPress themes, Popular WordPress themes, Latest WordPress themes, search for a specific theme, or search for themes with specific features.

Search for WordPress Theme

Based on your search, you will see a single theme or a list of themes that met your criteria. In our case, we searched for the blogging theme Slipstream.

When you see the theme that you want to install, simply bring your mouse on top of the image. This will reveal the install button, preview button, and details button. Go ahead and click on the install button.

Install a WordPress Theme

WordPress will now install your theme and show you a success message along with the link to activate or live preview.

Activate a WordPress Theme

Click on the activate button, and you’ve successfully installed and activated your WordPress theme.

Note: Depending on the theme, it may add additional settings options that you may need to configure either through the theme customizer or through a separate options panel.

Install a Theme by using Upload Method from WordPress Admin

The first method that we covered only allows you to install free themes that are available in the WordPress.org theme’s directory. But what if you want to install a commercial “premium” WordPress theme from companies like ThemeLab, StudioPress, iThemes, etc.

Or what if you want to install a custom theme? Well in this case, you would need to install the theme using the upload method from your WordPress admin.

Start by downloading the .zip file of the theme that you purchased from a marketplace or a commercial theme provider.

Next login to your WordPress admin area and click on Appearance » Themes.

Click on Appearance Themes

Once you are on the themes page, click on the Add New button at the top.

Add New Themes in WordPress

On the next screen, click on the Upload Theme button at the top.

WordPress Theme Install Upload Theme

You will be prompted to choose the zip file that you downloaded earlier. Select the file and click Install Now.

Upload the Theme File in WordPress

Once your theme is installed, you will see a success message along with the link to activate and preview the theme.

Activate a WordPress Theme

Click on the activate button, and you’ve successfully installed and activated your WordPress theme. Depending on the theme, it may add additional settings options that you may need to configure either through the theme customizer or through a separate options panel.

Note: The theme upload functionality is only available for self-hosted WordPress.org users. If you’re using WordPress.com, then you will not see this option because it limits you. In order to use custom theme upload feature, you would need to use self-hosted WordPress.org (See this article that explains the difference between Self Hosted WordPress.org vs WordPress.com).

Installing a WordPress Theme using FTP

If you’re feeling adventurous and want take it to the next level, then you can learn about installing WordPress themes using FTP. Remember, this is not for true beginners because it is a little bit more advanced.

Now that you have read the article above and installed and setup your FTP program, connect to your host using FTP. You would need to go to the path (/wp-content/themes/). Once you’re there, simply upload your theme’s folder there.

Remember you must unzip the folders before you upload a theme using FTP. Once you have uploaded the theme, you would need to go to your admin area and click on Appearance » Themes.

You should see the theme that you uploaded listed there. Bring your mouse on top of that theme and click on the activate button.

free website like wordpress

10 Popular Alternatives to WordPress

WordPress is popular, and we love it, but it is not the only publishing platform. There are WordPress alternatives that you can use to build your website. Recently one of our readers asked us to write about WordPress competitors. In this article, we will show you 10 popular alternatives to WordPress.

1- Blogger

Blogger

Last but not the least, Blogger is still alive. It is a free blog service by Google. It has most of the features you would need for blogging. A commenting system, built-in social capabilities, easy to use, templates, and the option to use your own domain name.

We have written a full comparison between Blogger vs WordPress (Pros and Cons). If you are using Blogger and want to switch to WordPress, then follow this guide.

We hope this article provided you a chance to look at some popular WordPress alternatives. While looking at these alternatives, you may want to take a look at our guide on why you should use WordPress.

2- Google Sites

Google Sites

Google Sites is an easier and simpler way to build small websites. It is extremely easy to use, free to host, and you can even use your own custom domain for your site.

It cannot be compared with CMS software in our list, but it can be compared with services like Wix, Weebly, and Squarespace.

3- Tumblr

Tumblr

Tumblr is a popular free blogging platform. Tumblr combines blogging with social, and makes blogging quite fun. It has a strong user base despite the fact that it was acquired by Yahoo in 2013.

Tumblr allows users to choose from free or premium themes. Users can also use custom domain names for their Tumblr blogs. Apart from your blog, you can also create pages. It is a completely hosted solution, so you don’t have to worry about installing or maintaining any software.

4- Joomla

Joomla

This year Joomla will be celebrating its 10th birthday. It is a strong, multi-purpose, and open source CMS. It has a large community of users and developers.

Joomla comes with all the things that WordPress can do, and then some more. It has extensions and templates. It is already used by millions of users, small businesses, corporations, government and non-profits all over the world.

Just like WordPress, Joomla has a community support system, extensive documentation, and it runs on most web hosting platforms.

5- Ghost

Ghost

Some WordPress users who want to focus on blogging felt that WordPress is going in a totally different direction. This gave birth to Ghost, which is a NodeJS based blogging software.

The difference is that Ghost is entirely focused on blogging and keeping the clutter away. It provides a clean writing and browsing experience for bloggers and readers.

6- Wix

Wix

Wix is a completely hosted web site builder. It is free to use for personal or a small business website. It comes with pre-designed templates that users can modify using the drag and drop page builder.

Wix also has eCommerce support with its paid plans, which allows site owners to accept online payments using PayPal or authorize.net. See our article on Wix vs WordPress for a side by side comparison of the two platforms.

If you are already using Wix and want to transfer it to WordPress, then see our article on how to properly switch from Wix to WordPress.

7- Shopify

Shopify

If you want to build an online store, then Shopify is a great alternative to WordPress. It provides easy to use tools to create your own online shop. You can sell your products and accept payments.

Shopify comes with easy to use tools to get you started with your website. It has ready-made templates, apps, and lots of integration options.

Wondering how it compares to WooCommerce (the best WordPress eCommerce plugin)? See our article on Shopify vs WooCommerce for a detailed comparison of the two platforms.

8- Drupal

Drupal

Drupal is another very popular open source CMS. Just like WordPress and Joomla, Drupal has a strong user base and developer community. It powers nearly 2.1% of all websites on the internet including The White House, The Economist, State of Georgia, and many more.

Drupal has modules and themes just like WordPress. It shares the same software requirements as WordPress and Joomla, so it can run on pretty much any web host that supports WordPress.

9- Jekyll

Jekyll

Jekyll is a static site generator. It is written in Ruby and requires NodeJS. It is a lot different than WordPress. For starters it is a static site generator which means it takes your text and generates static HTML pages for your site (no database).

You can use free hosting provided by GitHub Pages with Jekyll. This means that if you are familiar with Markdown, SVN, Git, and command line, then you will be up and running in no-time. In other words, this is made for developers!

10- Squarespace

Squarespace

Squarespace is a paid site builder that can be used as a WordPress alternative. It is extremely easy to use and a completely hosted solution.

Just like Wix and Weebly, Squarespace also offers ready-to-use templates that you can customize. There are no plugins or additional modules to install. You can only use the features provided by Squarespace. See our comparison of Squarespace vs WordPress.