Windows: Reset WSUS and recreate SUSDB

Here are the steps if you have installed WSUS on Server 2012R2 on the Windows Internal Database to reset the Database and WSUS itself.


Install the Microsoft SQL 2012 Management Studio.

Install SQL-Management Studio

Determine the SQL Server String, Database name and the WSUS Content Directory

c:\> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" /v SqlServerName     SqlServerName    REG_EXPAND_SZ    MICROSOFT##WID c:\> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" /v SqlDatabaseName     SqlDatabaseName    REG_SZ    SUSDB c:\> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Update Services\Server\Setup" /v ContentDir     ContentDir    REG_EXPAND_SZ    D:\WSUS Stop all WSUS related services (World Wide Web Publishing Service, WSUS Certificate Server and WSUS Service) c:\> net stop W3SVC c:\> net stop WsusService c:\> net stop WSusCertServer Start SQL Management Studio as Administrator (right click) and Connect to the Windows internal Database through the named pipe \\.\pipe\Microsoft##WID\tsql\query Connect to Windows internal Database by SQL-Management Studio And delete the SUSDB ALTER DATABASE SUSDB SET OFFLINE WITH ROLLBACK IMMEDIATE; DROP DATABASE SUSDB; Delete the Database files c:\> del /Q C:\Windows\WID\Data\SUSDB.* c:\> del /Q C:\Windows\WID\Data\SUSDB_*.* Remove the existing Content Dirctory c:\> rmdir /Q /S D:\WSUS Reconfigure WSUS, Create SUSDB and a new content Directory c:\> "C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR="D:\WSUS" If the error “Fatal Error: Failed to start and configure the WSUS service” occured try to start the WSUS Service manually c:\> net start WsusService c:\> net start WSusCertServer

 

How to Manage Failover Clusters?

 

Configure roles/features on nodes for high availability

1. Server manager → Add roles and features.
2. In the select installation type page, select Role based installation.
3. Select destination server for this role.
4. In the list of roles displayed, select Hyper-v .The 'Add features that are required for Hyper-V window' is displayed. This window shows the dependencies that will be installed. Click Add features.

   

5. The select features window is displayed next. Select Failover Clustering. The features that are required for Failover Clustering will pop up in the next window. This window shows the dependencies that will be installed with this feature. Click Add features.

   

6. Next, the Hyper-V window is displayed.

   

7. The Create Virtual Switches window is displayed. In Network adapters, select the network that you want your virtual machine to use for the cluster. If you have multiple NIC’s listed here, choose the appropriate ones.

   

8. The Virtual Machine Migration window is displayed.Select "Allow this server to send" and "Receive live migrations of virtual machines". This allows the VM to transfer between your nodes where required.

   

9. The Default Stores window is displayed. Do not change the default stores.

   

10. Confirm your installation selections and click Install.

Connecting to iSCI network drives

1. Start the iSCI initiator and connect to your two SAN drives:
   • Click Start → Windows Administrative Tools → iSCI Initiator.
   • Ensure the drives are set to allow simultaneous connections. This is configured on your SAN. Make sure you have granted access to your two cluster servers.
2. Connect to the SAN drives:
   • Open the iSCI initiator → Targets tab→ Enter the IP address for the SAN.

     

   • Click Quick Connect.Your drives are displayed.
   • Highlight a drive, then click connect to connect to each drive.
   • When a drive is connected, click Done.
   • Click the Volumes and Devices tab.

     

   • Click Auto-configure → OK. When you are connected on the first machine, click Start → WIndows Administrative tools → Computer Management → Disk Management.

     

3. Bring the disks online
   • Right-click the disk number.
   • Select Online.
4. Repeat the above step for the second drive.
5. Initialize the disks:
   • Right-click the disk number next to one of the new drives.
   • Select Initialize disk.
   • In the box that appears, ensure that both your new disks have a check mark next to them.
   • Set as MBR.
   • Click OK.
6. Configure the new drive:
   • Right-click the first drive.

     

   • Select Create New Simple Volume.
   • Leave the defaults in place.
   • Choose a drive letter to assign.
   • Label your drives:
     • 5GB drive—label the drive as Quorum
     • 150GB (larger drive)—label it as ClusterStorage
7. Repeat the above steps for the second drive.

Create the failover cluster

From the OS of any of the nodes created in the above steps, do the following:

1. Click Start → Windows Administrative tools → Failover Cluster Manager to launch the Failover Cluster Manager. Click "create cluster". Click Next on the 'Before you begin' window.

   

2. In the next window, enter the server names that you want to add to the cluster. Alternatively, you can locate them via Browse. Click Add → next.

   

3. Validation warning window is displayed. Select Yes to "allow verification of the cluster services".

   

4. When you click next, the Validate a Configuration wizard is displayed. Continue by clicking Next.
5. In the testing options window, select "Run all tests" (recommended).The next window will let you confirm the list of tests that will be run by Windows.

   

6. The Validating window is displayed while all of the clustering tests are being run. This process may take several minutes depending on your network infrastructure and the number of nodes you have chosen to add to your cluster. When the tests are completed, check the report, and fix configuration errors, if any. The cluster setup will fail if any errors exist.

   

7. The 'Access Point for Administering the Cluster' window in the Create Cluster wizard is displayed. In Cluster Name, enter a name for your cluster. In the available network provide an IP address for the cluster.

   

8. After clicking next, the confirmation window is displayed. This window lists the settings to be applied to your new cluster.
   • Select the "Add all eligible storage to the cluster" check box. The system will now try to assign any storage it can find. The system attempts to create the new cluster in your domain.
   • This may take a while as there are several checks and tests are conducted while the system is configured.
   • When the process is complete, the Summary window is displayed stating that the cluster wizard completed successfully.

     

9. Check to confirm that the cluster is configured correctly
   • In the Failover Cluster Manager, navigate to Nodes.

     

   • Check that all nodes in the cluster are online. If they are not, go to the server that is offline and bring the system online to join the cluster.
10. Navigate to Storage → Disks.
    • a. The system detects the SCSI drives and displays them here. If you were setting this up with only two nodes, then the 5GB Quorum cluster would have been assigned as Disk Witness in Quorum.The configured storage space is assigned to Available Storage.

      

11. Configure this storage to be part of the cluster.
    • Right-click the disk assigned to available storage; then select "Add to Cluster Shared Volumes". The cluster is now assigned to Cluster Shared Volume.

      

12. Check the Cluster Events folder for any issues with the cluster. If there are no issues, you can configure your virtual machine in the cluster environment.

Windows Server 2016 Server Core: How-to setup a WSUS server?

 What is WSUS?

Windows Server Update Services (WSUS) enables system administrators to manage the distribution of Microsoft’s product updates to company’s network computers.

How WSUS works?

WSUS works in a way that its infrastructure enables system administrators to download updates, patches and fixies in the company’s central server, and then from the server to update other computers.

How to add a WSUS role?

To add the WSUS role in your server using PowerShell, complete the following steps:

• login to your server by typing your Administrator’s password and pressing Enter
• type PowerShell at command prompt and press Enter
• type Install-WindowsFeature -Name UpdateServices -IncludeManagementTools and press Enter

How-to setup a WSUS server?

To setup your WSUS server using PowerShell, complete the following steps:

• to create a folder that stores the WSUS content type at PowerShell prompt type New-Item -Path C: -Name WSUS -ItemType Directory and press Enter

• to configure the folder where the WSUS content will download type at Command prompt .\wsusutil.exe postinstall CONTENT_DIR=C:\WSUS and press Enter

• to configure the WSUS synchronization with Microsoft Update type Set-WsusServerSynchronization –SyncFromMU and press Enter

to set the Update Languages to English and save configuration settings type

• $wsusConfig.AllUpdateLanguagesEnabled = $false and press Enter
• $wsusConfig.SetEnabledUpdateLanguages(“en”) and press Enter
• $wsusConfig.Save() and press Enter

• to get WSUS Subscription type $subscription = $wsus.GetSubscription() and press Enter

• to start synchronization type $subscription.StartSynchronization() and press Enter

How to Restart/Shutdown Windows Server / Windows 10 pro - Using Commands?

Using the Windows Restart Command

1 . Restart Windows  with the GUI

Click the Start menu > Power button > Restart.

2. How to Restart/Shutdown Windows Using Command Prompt

> In the Search Windows, type cmd then Command Prompt app will appear on the list. Right click Run as Administrator

C:/> shutdown /r                          -- command to restart

C:\> Shutdown /s                          -- command to shutdown

C:\> Shutdown /s /t 3600            -- command to shutdown after 1 hour

3. How to Restart/Shutdown Windows Using PowerShell Command

> In the Search Windows, type PowerShell then Windows PowerShell app will appear on the list. Right click Run as Administrator

PS C:\> Restart-Computer           -- PowerShell command to restart computer.

 PS C:\> Stop-Computer              -- PowerShell command to shut down the computer.

PS C:\> Stop-Computer -delay 3600       --PowerShell command to shut down after 1 hour.

               

Restart/Shutdown the computer remotely

PS C:\> Restart-Computer –ComputerName “RCTServer”  -- restart the remote computer with the computer name RCTServer

Shutdown Multiple Servers / Computers

PS C:> $Targets =”SQLServer, ExchServer, GnomeServer”
PS C:> Stop-Computer -comp $Targets -force

Why two-factor authentication (2FA) is important?

 Cybercriminals are hungry for passwords. As seen in plenty of news articles about hacks and data leaks, an unprotected password can help cybercriminals gain access to your bank account, credit cards, or personal websites. From there, they can sell your personal information, gain access to your money, or compromise your overall digital security.

But the battle isn’t lost. One way to quickly boost the safety of your online accounts is two-factor authentication — also known as 2FA — which adds an extra layer of security to your accounts.

What is 2FA?

Two-factor authentication (2FA) is an extra step added to the log-in process, such as a code sent to your phone or a fingerprint scan, that helps verify your identity and prevent cybercriminals from accessing your private information. 2FA offers an extra level of security that cyberthieves can’t easily access, because the criminal needs more than just your username and password credentials.

2FA is a subset of multi-factor authentication, an electronic authentication method that requires a user to prove their identity in multiple ways before they are allowed access to an account. Two-factor authentication is so named because it requires a combination of two factors, whereas multi-factor authentication can require more.

A good example of two-factor authentication in the real world is an ATM card. In addition to physically presenting the card, you also need to type in your PIN to access your account.

On the web, you can find examples of 2FA just by taking a scroll through your browser history. You’ll find plenty of websites where all you need is your username or email and your password. These use one-factor authentication, where the password is the only thing you need for entry.

As the name suggests, two-factor authentication requires one extra step — and a second factor — to log onto a site or access an online account. Most often, you first enter your username and password. The site typically then sends a text message to your mobile phone with a six-digit numerical code. This code is called an authenticator, or sometimes a passcode or verification code. You can only access the site by then entering this code that appears on your mobile device. If you don't have the code, you can't log on, even if you know the correct password.

Why do I need 2FA?

Passwords are historically weak, due to both the advanced nature of hacking and a general annoyance with password creation and use. A Harris Poll found that 78% of Gen Z uses the same password across multiple accounts, increasing their overall vulnerability if a criminal was to figure out their credentials. And beyond that: About 23 million accounts still use the password “123456.”

With it becoming increasingly easy for cybercriminals to guess passwords, 2FA is more important than ever. It might seem like a hassle to add an extra step to your web surfing, but without it you could be leaving yourself vulnerable to cybercriminals who want to steal your personal information, access your bank accounts, or hack into your online credit card portals.

Adding the extra step to account access means thieves will struggle to access your personal information. If you add a knowledge factor to your bank account, a cybercriminal who knows your password won’t be able to access the account without having your phone when it receives the verification code.

That way, those still relying on the password “password” have a better shot at keeping their bank accounts secure.

How 2FA works

To understand two-factor authentication, you first need to understand factors. A 2FA factor is what you will need to access the account, and they are generally broken into three categories:

• Knowledge: These factors require you to know something, like security questions, a PIN sent to your device, or a specific keystroke.
• Possession: The user must physically possess the factor, like a debit card or a USB drive, and insert it into the device to gain entry.
• Biology: Access is granted once the user proves their identity through biological markers like a fingerprint or voice.

Types of 2FA

There are several types of 2FA available, all of them relying on the different forms of factors we’ve listed above.

• Hardware tokens: This type of 2FA requires users to possess a type of physical token, such as a USB token, that they must insert in their device before logging on. Some hardware tokens display a digital code that users must enter.
• SMS and voice 2FA: You’ll receive either a text or voice message giving you a code that you must then enter to access a site or account.
• Software tokens for 2FA: These tokens are apps that you download. Any site that features 2FA, will then send a code to the app that you enter before logging on.
• Push notifications for 2FA: You’ll download a push notification app to your phone. When you enter your login credentials to access a website, a push notification is sent to your smartphone. A message will then appear on your phone requesting that you approve your log-in attempt with a tap. 
• Biometrics: To log onto a site, you’ll first have to verify it’s you through something physical about yourself. Most commonly, this means using a fingerprint scanner.
• Location: If your account was created and registered in one state, and suddenly a log-in is attempted in a different location, it may trigger a location factor. These factors will alert you when a log-in is attempted on a new device and send you a code to enter to verify your identity.

How to enable 2FA

Though not all sites use 2FA, some give you the option to activate it for your account. For sites that enable 2FA, you can find the toggle to turn it on in your settings, usually under the Security tab.

Some popular websites that do enable 2FA include: Amazon, Facebook, Instagram, Dropbox, Lastpass, LinkedIn, Intuit, TurboTax, Mint, PayPal ,and Yahoo. For a complete list of websites that have 2FA capabilities, visit this website.

Adding two-factor authentication to your high-priority accounts can help keep you — and your money and personal information — more secure.

How secure is 2FA?

A harsh reality: Nothing is 100 percent secure. There are ways that criminals can bypass the system and access your account even if you have 2FA enabled. For example, lost password recovery usually resets your password via email, and it can completely bypass 2FA.

However, adding an extra roadblock for cybercriminals looking to access your accounts is better than taking a chance and leaving yourself vulnerable by not enabling 2FA.

Troubleshoot gateways - Power BI

 Note

We've split the on-premises data gateway docs into content that's specific to Power BI and general content that applies to all services that the gateway supports. You're currently in the Power BI content. To provide feedback on this article, or the overall gateway docs experience, scroll to the bottom of the article.

This article discusses some common issues when you use the on-premises data gateway with Power BI. If you encounter an issue that isn't listed here, you can use the Power BI Community site. Or, you can create a support ticket.

Configuration

Error: Power BI service reported local gateway as unreachable. Restart the gateway and try again.

At the end of configuration, the Power BI service is called again to validate the gateway. The Power BI service doesn't report the gateway as live. Restarting the Windows service might allow the communication to be successful. To get more information, you can collect and review the logs as described in Collect logs from the on-premises data gateway app.

Data sources

Error: Unable to Connect. Details: "Invalid connection credentials"

Within Show details, the error message that was received from the data source is displayed. For SQL Server, you see a message like the following:

Output

Login failed for user 'username'.

Verify that you have the correct username and password. Also, verify that those credentials can successfully connect to the data source. Make sure the account that's being used matches the authentication method.

Error: Unable to Connect. Details: "Cannot connect to the database"

You were able to connect to the server but not to the database that was supplied. Verify the name of the database and that the user credential has the proper permission to access that database.

Within Show details, the error message that was received from the data source is displayed. For SQL Server, you see something like the following:

Output

Cannot open database "AdventureWorks" requested by the login. The login failed. Login failed for user 'username'.

Error: Unable to Connect. Details: "Unknown error in data gateway"

This error might occur for different reasons. Be sure to validate that you can connect to the data source from the machine that hosts the gateway. This situation could be the result of the server not being accessible.

Within Show details, you can see an error code of DM_GWPipeline_UnknownError.

You can also look in Event Logs > Applications and Services Logs > On-premises data gateway Service for more information.

Error: We encountered an error while trying to connect to <server>. Details: "We reached the data gateway, but the gateway can't access the on-premises data source."

You were unable to connect to the specified data source. Be sure to validate the information provided for that data source.

Within Show details, you can see an error code of DM_GWPipeline_Gateway_DataSourceAccessError.

If the underlying error message is similar to the following, this means that the account you're using for the data source isn't a server admin for that Analysis Services instance. For more information, see Grant server admin rights to an Analysis Services instance.

Output

The 'CONTOSO\account' value of the 'EffectiveUserName' XML for Analysis property is not valid.

If the underlying error message is similar to the following, it could mean that the service account for Analysis Services might be missing the token-groups-global-and-universal (TGGAU) directory attribute.

Output

The username or password is incorrect.

Domains with pre-Windows 2000 compatibility access have the TGGAU attribute enabled. Most newly created domains don't enable this attribute by default. For more information, see Some applications and APIs require access to authorization information on account objects.

To confirm whether the attribute is enabled, follow these steps.

1. Connect to the Analysis Services machine within SQL Server Management Studio. Within the Advanced connection properties, include EffectiveUserName for the user in question and see if this addition reproduces the error.

2. You can use the dsacls Active Directory tool to validate whether the attribute is listed. This tool is found on a domain controller. You need to know what the distinguished domain name is for the account and pass that name to the tool.

   Console

dsacls "CN=John Doe,CN=UserAccounts,DC=contoso,DC=com"

You want to see something similar to the following in the results:

Console

2. Allow BUILTIN\Windows Authorization Access Group
                                   SPECIAL ACCESS for tokenGroupsGlobalAndUniversal
                                   READ PROPERTY
   

To correct this issue, you must enable TGGAU on the account used for the Analysis Services Windows service.

Another possibility for "The username or password is incorrect."

This error could also be caused if the Analysis Services server is in a different domain than the users and there isn't a two-way trust established.

Work with your domain administrators to verify the trust relationship between domains.

Unable to see the data gateway data sources in the Get Data experience for Analysis Services from the Power BI service

Make sure that your account is listed in the Users tab of the data source within the gateway configuration. If you don't have access to the gateway, check with the administrator of the gateway and ask them to verify. Only accounts in the Users list can see the data source listed in the Analysis Services list.

Error: You don't have any gateway installed or configured for the data sources in this dataset.

Ensure that you've added one or more data sources to the gateway, as described in Add a data source. If the gateway doesn't appear in the admin portal under Manage gateways, clear your browser cache or sign out of the service and then sign back in.

Datasets

Error: There is not enough space for this row.

This error occurs if you have a single row greater than 4 MB in size. Determine what the row is from your data source, and attempt to filter it out or reduce the size for that row.

Error: The server name provided doesn't match the server name on the SQL Server SSL certificate.

This error can occur when the certificate common name is for the server's fully qualified domain name (FQDN), but you supplied only the NetBIOS name for the server. This situation causes a mismatch for the certificate. To resolve this issue, make the server name within the gateway data source and the PBIX file use the FQDN of the server.

Error: You don't see the on-premises data gateway present when you configure scheduled refresh.

A few different scenarios could be responsible for this error:

• The server and database name don't match what was entered in Power BI Desktop and the data source configured for the gateway. These names must be the same. They aren't case sensitive.
• Your account isn't listed in the Users tab of the data source within the gateway configuration. You need to be added to that list by the administrator of the gateway.
• Your Power BI Desktop file has multiple data sources within it, and not all of those data sources are configured with the gateway. You need to have each data source defined with the gateway for the gateway to show up within scheduled refresh.

Error: The received uncompressed data on the gateway client has exceeded the limit.

The exact limitation is 10 GB of uncompressed data per table. If you're hitting this issue, there are good options to optimize and avoid it. In particular, reduce the use of highly constant, long string values and instead use a normalized key. Or, removing the column if it's not in use helps.

Reports

Error: Report could not access the data source because you do not have access to our data source via an on-premises data gateway.

This error is usually caused by one of the following:

• The data source information doesn't match what's in the underlying dataset. The server and database name need to match between the data source defined for the on-premises data gateway and what you supply within Power BI Desktop. If you use an IP address in Power BI Desktop, the data source for the on-premises data gateway needs to use an IP address as well.
• There's no data source available on any gateway within your organization. You can configure the data source on a new or existing on-premises data gateway.

Error: Data source access error. Please contact the gateway administrator.

If this report makes use of a live Analysis Services connection, you could encounter an issue with a value being passed to EffectiveUserName that either isn't valid or doesn't have permissions on the Analysis Services machine. Typically, an authentication issue is due to the fact that the value being passed for EffectiveUserName doesn't match a local user principal name (UPN).

To confirm the effective username, follow these steps.

1. Find the effective username within the gateway logs.

2. After you have the value being passed, validate that it's correct. If it's your user, you can use the following command from a command prompt to see the UPN. The UPN looks like an email address.

   Console

2. whoami /upn
   

Optionally, you can see what Power BI gets from Azure Active Directory.

1. Browse to https://developer.microsoft.com/graph/graph-explorer.

2. Select Sign in in the upper-right corner.

3. Run the following query. You see a rather large JSON response.

   HTTP

3. https://graph.windows.net/me?api-version=1.5
   

4. Look for userPrincipalName.

If your Azure Active Directory UPN doesn't match your local Active Directory UPN, you can use the Map user names feature to replace it with a valid value. Or, you can work with either your Power BI admin or local Active Directory admin to get your UPN changed.

Kerberos

If the underlying database server and on-premises data gateway aren't appropriately configured for Kerberos constrained delegation, enable verbose logging on the gateway. Then, investigate based on the errors or traces in the gateway’s log files as a starting point for troubleshooting. To collect the gateway logs for viewing, see Collect logs from the on-premises data gateway app.

ImpersonationLevel

The ImpersonationLevel is related to the SPN setup or the local policy setting.

[DataMovement.PipeLine.GatewayDataAccess] About to impersonate user DOMAIN\User (IsAuthenticated: True, ImpersonationLevel: Identification)

Solution

Follow these steps to solve the issue.

1. Set up an SPN for the on-premises gateway.
2. Set up constrained delegation in your Active Directory.

FailedToImpersonateUserException: Failed to create Windows identity for user userid

The FailedToImpersonateUserException happens if you're unable to impersonate on behalf of another user. This error could also happen if the account you're trying to impersonate is from another domain than the one the gateway service domain is on. This is a limitation.

Solution

• Verify that the configuration is correct as per the steps in the previous "ImpersonationLevel" section.
• Ensure that the user ID it's trying to impersonate is a valid Active Directory account.

General error: 1033 error while you parse the protocol

You get the 1033 error when your external ID that's configured in SAP HANA doesn't match the sign-in if the user is impersonated by using the UPN (alias@domain.com). In the logs, you see "Original UPN 'alias@domain.com' replaced with a new UPN 'alias@domain.com'" at the top of the error logs, as seen here:

[DM.GatewayCore] SingleSignOn Required. Original UPN 'alias@domain.com' replaced with new UPN 'alias@domain.com.'

Solution

• SAP HANA requires the impersonated user to use the sAMAccountName attribute in Active Directory (user alias). If this attribute isn't correct, you see the 1033 error.

  

• In the logs, you see the sAMAccountName (alias) and not the UPN, which is the alias followed by the domain (alias@doimain.com).

  

XML

      <setting name="ADUserNameReplacementProperty" serializeAs="String">
        <value>sAMAccount</value>
      </setting>
      <setting name="ADServerPath" serializeAs="String">
        <value />
      </setting>
      <setting name="CustomASDataSource" serializeAs="String">
        <value />
      </setting>
      <setting name="ADUserNameLookupProperty" serializeAs="String">
        <value>AADEmail</value>

[SAP AG][LIBODBCHDB DLL][HDBODBC] Communication link failure:-10709 Connection failed (RTE:[-1] Kerberos error. Major: "Miscellaneous failure [851968]." Minor: "No credentials are available in the security package."

You get the "-10709 Connection failed" error message if your delegation isn't configured correctly in Active Directory.

Solution

• Make sure that you have the SAP Hana server on the delegation tab in Active Directory for the gateway service account.

  

Export logs for a support ticket

Gateway logs are required for troubleshooting and creating a support ticket. Use the following steps for extracting these logs.

1. Identify the gateway cluster.

   If you're a dataset owner, first check the gateway cluster name associated with your dataset. In the following image, IgniteGateway is the gateway cluster.

   

2. Check the gateway properties.

   The gateway admin should then check the number of gateway members in the cluster and if load balancing is enabled.

   If load balancing is enabled, then step 3 should be repeated for all gateway members. If it's not enabled, then exporting logs on the primary gateway is sufficient.

3. Retrieve and export the gateway logs.

   Next, the gateway admin, who is also the administrator of the gateway system, should do the following steps:

   a. Sign in to the gateway machine, and then launch the on-premises data gateway app to sign in to the gateway.

   b. Enable additional logging.

   c. Optionally, you can enable the performance monitoring features and include performance logs to provide additional details for troubleshooting.

   d. Run the scenario for which you're trying to capture gateway logs.

   e. Export the gateway logs.

Refresh history

When you use the gateway for a scheduled refresh, Refresh history can help you see what errors occurred. It can also provide useful data if you need to create a support request. You can view scheduled and on-demand refreshes. The following steps show how you can get to the refresh history.

1. In the Power BI nav pane, in Datasets, select a dataset. Open the menu, and select Schedule refresh.

   

2. In Settings for..., select Refresh history.

   

   

For more information about troubleshooting refresh scenarios, see Troubleshoot refresh scenarios.

Fiddler trace

Fiddler is a free tool from Telerik that monitors HTTP traffic. You can see the back and forth with the Power BI service from the client machine. This traffic list might show errors and other related information.