Sometimes there is a need to debug Windows servers when ssh to the server is working but something else is not.   This article shows some commands that may be helpful when doing that.   For all commands below, start by ssh'ing to the Windows server

- Show firewall rules


         netsh advfirewall firewall show rule name=all   (show all rules)


         netsh advfirewall show rule name=all dir=in   (show all inbound rules)


-Open port 22 on the Windows firewall in the inbound direction on the source server
        In an elevated powershell command (run as administrator)

            netsh.exe advfirewall add rule name=rw-tcp-22-in dir=in action=allow protocol=TCP localport=22


- Show MTU size 

           netsh interface ipv4 show subinterfaces


- Add a local user named 'rackware'  to the administrators group on a target server (so you can log in to the target)

      

             net user /add rackware  rackware 

             net localgroup administrators rackware /add


- Adding an IP address to a target that somehow does not have one

               netsh interface ipv4 set address name="Ethernet0" static <ipaddr> <netmask> <gateway>


-Changing MTU size of the RMM to 1300
               ip link set dev ens3 mtu 1300 


-Checking the status of the vss writers:
              vssadmin list writers



-Getting the Windows Application Event Log 

           Issue the following command on the RMM:
             scp <Userid>@<ip addr>:/cygdrive/c/windows/system32/winevt/Logs/application.evtx /tmp/application.evtx 

           where Userid is the userid that is used to ssh to the windows server, and 'ip addr' is the ip address of the windows server
           At this point /tmp/application.evtx is on your RMM. Give it read permission with the command "chmod 454 /tmp/application.evtx"

            Copy the application.evtx file to a Windows PC and look at it with the Event Viewer from Control Panel.


-Getting the Windows System Event Log
          Issue the following command on the RMM:

             scp <Userid>@<ip addr>:/cygdrive/c/windows/system32/winevt/Logs/system.evtx /tmp/system.evtx 

           where Userid is the userid that is used to ssh to the windows server, and 'ip addr' is the ip address of the windows server

            At this point /tmp/system.evtx is on your RMM. Give it read permission with the command "chmod 454 /tmp/system.evtx"

            Copy the system.evtx file to a Windows PC and look at it with the Event Viewer from Control Panel.


-Get CPU Usage of a Windows Host

         wmic cpu get loadpercentage


-Determine if some other process is using port 22  
        netstat -ano -p tcp | findstr "ESTABLISHED" | findstr ":22"

        note - if another process on the Windows server is using port 22, ssh'ing from the RMM will get a "connection refused" response.