Knowledge Base

Server

Expand allClose all

Fix Issues with Secondary Domain Controller

If you ever run into an issue with a secondary domain controller and your getting an error authentication error in active directory and ldap errors you can try this command

“rundll32.exe keymgr.dll, KRShowKeyMgr”

It will show you a list of stored usernames and passwords. Remove the user name and add the domain administrator account

Mark as helpful. 0

Windows 2003 config system missing corrupt

1. Insert your Windows Server 2003 CD and reboot from the CD drive

[To boot from CD, go to BIOS Setup option on startup and select your CD/DVD drive as the first boot drive, save the present settings and exit]

Your computer will reboot & will boot from Windows Server 2003

2. Press ‘R’ when offered the option of using the Windows Recovery Console

Recovery Console will prompt at the command prompt type the following:

C:\WINDOWS >cd system32\

this changes the current directory to C:\Windows\System32

ren config configold

This renames the config folder to configold

mkdir config

this makes a new directory called config

cd config

changes the current directory to c:\Windows\System32\Config

then type the following lines pressing enter after each one

copy c:\windows\repair\system

copy c:\windows\repair\software

copy c:\windows\repair\sam

copy c:\windows\repair\security

copy c:windows\repair\default

after each line it should say:

1 file copied

type: exit

Now Server will reboot

Mark as helpful. 0

How to configure Primary and Secondary DNS Server

When configuring your DNS server, you must be familiar with the following concepts:
• Forward lookup zone
• Reverse lookup zone
• Zone types

A forward lookup zone is simply a way to resolve host names to IP addresses. A reverse lookup zone allows a DNS server to discover the DNS name of the host. Basically, it is the exact opposite of a forward lookup zone. A reverse lookup zone is not required, but it is easy to configure and will allow for your Windows Server 2008 Server to have full DNS functionality.

When selecting a DNS zone type, you have the following options: Active Directory (AD) Integrated, Standard Primary, and Standard Secondary. AD Integrated stores the database information in AD and allows for secure updates to the database file. This option will appear only if AD is configured. If it is configured and you select this option, AD will store and replicate your zone files.

A Standard Primary zone stores the database in a text file. This text file can be shared with other DNS servers that store their information in a text file. Finally, a Standard Secondary zone simply creates a copy of the existing database from another DNS server. This is primarily used for load balancing.

To open the DNS server configuration tool:
1.Select DNS from the Administrative Tools folder to open the DNS console.
2.Highlight your computer name and choose Action | Configure a DNS Server… to launch the Configure DNS Server Wizard.
3.Click Next and choose to configure the following: forward lookup zone, forward and reverse lookup zone, root hints only (Figure E).
4.Click Next and then click Yes to create a forward lookup zone (Figure F).
5.Select the appropriate radio button to install the desired Zone Type (Figure G).
6.Click Next and type the name of the zone you are creating.
7.Click Next and then click Yes to create a reverse lookup zone.
8.Repeat Step 5.
9.Choose whether you want an IPv4 or IPv6 Reverse Lookup Zone (Figure H).
10.Click Next and enter the information to identify the reverse lookup zone (Figure I).
11.You can choose to create a new file or use an existing DNS file (Figure J).
12.On the Dynamic Update window, specify how DNS accepts secure, nonsecure, or no dynamic updates.
13.If you need to apply a DNS forwarder, you can apply it on the Forwarders window. (Figure K).
14.Click Finish (Figure L).

Mark as helpful. 0

Reset Citrix Licensing Admin Password

1) Open the “server.xml” file in C:\Program Files\Citrix\Licensing\LS\conf. If on Win2k8 you will need to open your editor as an admin.
2) Find the entry that looks something like this:
;

3) Erase the contents between the double quotes after “password=”
4) Enter a plaintext password so it looks like this: password=”test”
5) Change the passwordExpired value to be “true”
6) Save the server.xml file.
7) Restart the licensing services. I also closed and re-opened the LAC but this may not be necessary.
8) Log into the LAC using user name “admin” and the password you set.
9) You will be prompted to change your password. Do it. By doing it, the new password will be encrypted in the server.xml file.
10) To check that everything is working as planned, re-open the server.xml to check that the password is now encrypted.

Mark as helpful. 0

Read only permissions on entire volume

This can be used on servers and workstations

If you see a read only permission issue and you tired to fix it from the advanced properties and it doesn’t work then give this a try
1.Open a command prompt (ie. Start > Run > cmd) with administrative privileges
2.Type in the command: diskpart
3.Run the command: list disk
4.Look for the disk number that’s having the problem. In my case I have a system drive, a RAID 5 configuration (1 logical drive) and then the new drive, so it was DISK 2. I will continue to use it in the example but note that yours may differ.
5.Select the disk using the following command: sel disk 2
6.Enter the following command: ATTRIBUTES DISK CLEAR READONLY
7.Exit diskpart with the command: exit

For specific volumes use this command

list volume
sel vol 0 (my problem was on volume 0)
detail volume (just to see the status)
ATTRIBUTES VOL CLEAR READONLY
detail volume (just to see the status, again)

You may have to restart the server or workstation afterwards.

Mark as helpful. 0

Move a DHCP database from a Windows Server 2003 or 2008 to another Windows Server 2008 machine

http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx

The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another. The information below details the necessary steps.

Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008

To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:

1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.

2. Click Start, click Run, type cmd in the Open box, and then click OK.

3. Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.

Note: You must have local administrator permissions to export the data.

Configure the DHCP server service on the server that is running Windows Server 2008

1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.

2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.

Import the DHCP database

1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.

2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.

3. Verify that the DHCP service is started on the Windows Server 2008-based computer.

4. Click Start, click Run, type cmd in the Open box, and then click OK.

5. At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.

Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:

Error initializing and reading the service configuration – Access Denied

Note You must have local administrator permissions to import the data.

6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.

7. If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.

Authorize the DHCP server

1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.

Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.

2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.

3. Right-click the server object, and then click Authorize.

4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.

Mark as helpful. 0

Issues with renewing SSL Certificate on Windows 2008

When renewing SSL Certificate it may still show the old Certificate after the renewal.

To resolve this you can right-click on the site and choose edit bindings. In there, you should see a binding for port 443 that is associated with an SSL cert. That may still be pointing at the old one.

Mark as helpful. 0

DHCP Server “Not enough storage is available to complete this operation”

Error message when you use a Windows Server 2003-based domain controller to join a Windows XP-based client computer to a domain: “Not enough storage is available to complete this operation”

http://support.microsoft.com/default.aspx?scid=kb;EN-US;935744

To resolve this problem, increase the Kerberos token size. To do this, follow these steps on the client computer that logs the Kerberos event.
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Note If the Parameters key is not present, create the key. To do this, follow these steps: a. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
b. On the Edit menu, point to New, and then click Key.
c. Type Parameters, and then press ENTER.
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type MaxTokenSize, and then press ENTER.
5. On the Edit menu, click Modify.
6. In the Base area, click Decimal, type 65535 in the Value data box, and then click OK.

Note The default value for the MaxTokenSize registry entry is a decimal value of 12,000. We recommend that you set this registry entry value to a decimal value of 65,535. If you incorrectly set this registry entry value to a hexadecimal value of 65,535, Kerberos authentication operations may fail. Additionally, programs may return errors. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
297869 (http://support.microsoft.com/kb/297869/) SMS administrator issues after you modify the Kerberos MaxTokenSize registry value

7. Exit Registry Editor.
8. Restart the computer.

Mark as helpful. 0

Assigning service account permissions for a BlackBerry Enterprise Server for Microsoft Exchange

Task 1

To assign Local Administrator rights to the BlackBerry Enterprise Server service account, complete the following steps:

For a BlackBerry Enterprise Server on a Domain Controller
1.Click Start > Programs > AdministrativeTools > Active Directory Users and Computers.
2.Select the Builtin folder.
3.Double-click Administrators.
4.On the Members tab, click Add.
5.Type the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Check Names.
6.Click OK.
7.Click Apply then OK.

For a BlackBerry Enterprise Server on a Member Server
1.Click Start > Administrative Tools > Computer Management.
2.In the left pane, expand System Tools and click Local Users and Groups.
3.In the right pane, double-click Groups.
4.Right-click Administrators and click Properties.
5.In the Administrators Properties window, Click Add
6.In the Select Users, Contacts, Computers, or Groups window, type the BlackBerry Enterprise Server service account name (for example, BESAdmin), and then click Check Names.
7.Click OK.
8.Click Apply then OK.

——————————————————————————–

Task 2

To assign Local Security Policy permissions to the BlackBerry Enterprise Server service account, complete the following steps:

Note: This procedure allows the BlackBerry Enterprise Server service account to access the local computer and to run the BlackBerry Enterprise Server as a Windows service.
1.Click Start > Administrative Tools > Local Security Policy.
NOTE: If the computer is a Domain Controller, click Start > Administrative Tools > Domain Controller Security Policy.

2.In the Local Securities window, click Local Policies > User Rights Assignment (for Windows Small Business Server 2008, click Start > Administrative Tools > Group Policy Management window, then Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment).
3.Perform one of the following steps: ◦For Windows Server 2000, double-click Log on Locally.
◦For Windows Server 2003 and 2008, double-click Allow Log on Locally.

4.Click Add User or Group.
5.Select the BlackBerry Enterprise Server service account name, and then click Add.
6.Click OK.
7.In the Local Security Settings window, double-click Log On As a Service.
8.Click Add User and then select the BlackBerry Enterprise Server service account.
9.Click OK.

——————————————————————————–

Task 3

To grant the Send As permission on a single account for all BlackBerry smartphone users in a Microsoft Active Directory domain or container, complete the following steps:
1.Open Active Directory Users and Computers.
2.On the View menu, select the Advanced Features option.
Note: If Advanced Features is not selected, the Security tab will not be visible for domain and container objects.

3.Right-click the appropriate domain or container, and then click Properties.
4.On the Security tab, click Advanced.
5.If the BlackBerry Enterprise Server service account that requires the Send As permission is not listed, click Add and then select the BlackBerry Enterprise Server service account name.
6.Click OK.
7.Double-click the BlackBerry Enterprise Server service account name.
8.Select User Objects in the Applies Onto list.

Note : If the Domain Controller is Windows Server 2008, select Descendant User Objectsin the Applies Onto list.

9.Select the Send As check box.
10.Click Apply, and then click OK.
11.Close the Properties window, and then close Active Directory Users and Computers.
Note: For more information about the Send As permission, visit the Microsoft Support Knowledge Base and search for Users cannot send e-mail messages from a mobile device or from a shared mailbox in Exchange 2000 Server and in Exchange Server 2003.

For Microsoft® Exchange Server 2007 and Microsoft Exchange Server 2010, the Send As permission can be granted to the BlackBerry Enterprise Server service account at a container level in Active Directory by using the PowerShell command shell.

Note: This command applies the same permission described in the steps above to a specific container within Active Directory. If new BlackBerry smartphone users are added that are located in a separate Active Directory container, this command will need to be run again, specifying the new location.

In the Exchange Management Shell command prompt window, type the following and press Enter:

Add-ADPermission -InheritedObjectType User -InheritanceType Descendents -ExtendedRights Send-As -User “BESAdmin” -Identity CN=,DC=,DC=,DC=

or

Add-ADPermission –InheritedObjectType User –InheritanceType Descendents –ExtendedRights Send-As –User “BESAdmin” –Identity OU=,DC=,DC=,DC=

In this Distinguished Name format, the location of the object to be modified (in this case, the container in which BlackBerry smartphone users are found) is explicitly specified from most specific to least specific identifier. For example, if the domain name is www.example.com, and the container is Users, the Identity string should read: CN=Users,DC=example,DC=com . Note that there is no domain_3 in this example, as none is required.

Successful application of this permission can be verified via Active Directory Users and Computers (Steps 1 through 4 of Task 2, above), or via the Exchange Management Shell interface. To verify that this permission has been applied using PowerShell, run the following command:

Get-Mailbox -Identity “” | Get-ADPermission | where { ($_.ExtendedRights -like “*Send-As*”) -and -not ($_.User -like “NT AUTHORITY\SELF”) } | select Identity, User, ExtendedRights, IsInherited | FT -Wrap

Where is the display name of the BlackBerry smartphone user to be verified. The following output indicates success:

Identity User ExtendedRights IsInherited
——– —- ————– ———–
user01 domain\BESAdmin {Send-As} True

——————————————————————————–

Task 4

To assign Microsoft Exchange Server permissions at the Administrative Group level, complete the following steps for the appropriate Microsoft Exchange environment:

Note: This procedure allows an administrator to manage BlackBerry smartphone users and groups.

For Microsoft Exchange Server 2000 or 2003
1.Click Start > Programs > Microsoft Exchange > System Manager.
2.Select Administrative Groups.
3.Right-click First Administrative Group and select Delegate Control.
4.In the Exchange Administration Delegation Wizard, click Next, and then click Add.
5.Click Browse and then select the BlackBerry Enterprise Server service account.
6.Click OK.
7.In the Role drop-down list in the Delegate Control window, select Exchange View Only Administrator.
8.Click OK to add the BlackBerry Enterprise Server service account to the Users and Groups list.
9.Click Next, and then click Finish.

For Microsoft Exchange Server 2007

To set an Exchange View Only Administrator role:
1.Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following and then press ENTER:
add-exchangeadministrator -role ViewOnlyAdmin

where < BESAdmin>is the name of the BlackBerry Enterprise Server service account.

To check an Exchange View Only Administrator role:
1.Click Start>Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following and then press ENTER:
get-exchangeadministrator | Format-List

3.Verify that the BlackBerry Enterprise Server service account has the ViewOnlyAdmin role.

For Microsoft Exchange Server 2010
1.Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following command and then press ENTER:
Add-RoleGroupMember “View-Only Organization Management” -Member “BESAdmin”

——————————————————————————–

Task 5

To assign Microsoft Exchange Server permissions at the Microsoft Exchange Server level, complete the following steps:

For Microsoft Exchange Server 2000 or 2003
1.Click Start > Programs > Microsoft Exchange > System Manager.
2.Select Administrative Groups > First Administrative Group > Servers.
3.Right-click the Microsoft Exchange Server name and then click Properties.
4.On the Security tab, select the BlackBerry Enterprise Server service account.
5.Select the following permissions from the Permissions list:
6.◦Administer Information Store
◦Send As
◦Receive As

7.Click the Advanced button.
8.Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected.
9.Click OK.
10.Repeat the preceding steps for each Microsoft Exchange Server that will host mailboxes within the routing group.

If inheritable rights do not propagate to the individual mail stores, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Microsoft Exchange System Manager:
1.Click Start > Programs > Microsoft Exchange > System Manager.
2.Select Administrative Groups > First Administrative Group > Servers.
3.Click on the plus sign next to the Microsoft Exchange Server name to expand the next levels.
4.Click on the plus sign next to the First Storage Group to expand the information stores.
5.Right-click the first Mailbox Store name and then click Properties.
6.On the Security tab, select the BlackBerry Enterprise Server service account.
7.Select the following permissions from the Permissions list:
8.◦Administer Information Store
◦Send As
◦Receive As

9.Click the Advanced button.
10.Verify that the Select the Allow inheritable permissions from parent to propagate to this object and all child objects option is selected.
11.Click OK.
12.Repeat the steps 5-11 for each Mailbox Store that will host mailboxes for this server.

For Microsoft Exchange Server 2007

To set Send As, Receive As, and AdministerInformation Store permissions, complete the following steps:
1.Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2.Open the command prompt as administrator.
3.Type the following line, and then press ENTER:

get-mailboxserver | add-adpermission -user -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Where is the name of the Microsoft Exchange Server 2007 and < BESAdmin> is the name of the BlackBerry Enterprise Server service account.

If inheritance to the individual mail stores is not enabled, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Microsoft Exchange management shell:

get-mailboxdatabase \’First Storage Group\Mailbox Database’ | add-adpermission -user -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

Note: First Storage Group\Mailbox Database is the default mailbox name within Microsoft Exchange Server 2007.

If inheritance to the individual mail stores is not enabled on a custom mailbox database, to set the Send As, Receive As, and Administer information store permissions at the store level, complete the following steps from the Microsoft Exchange management shell:

Add-ADPermission –identity “” –user “” -accessrights GenericRead, GenericWrite -extendedrights Send-As, Receive-As, ms-Exch-Store-Admin

To verify the Send As, Receive As, and Administer Information Store permissions, complete the following steps:
1.Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following line and press Enter.
get-mailboxserver | get-ADpermission -user | Format-List

To verify the Send As, Receive As, and Administer Information Store permissions at the mailbox store level, complete the following steps:
1.Click Start > Programs > Microsoft Exchange Server 2007 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following and press Enter.
get-mailboxdatabase \ | get-ADpermission -user | Format-List

Note: The Get-Mailboxdatabase cmdlet is designed to retrieve one or more mailbox database objects from a server or organization. For more info refer to the following Microsoft Technet.

For Microsoft Exchange Server 2010
1.Click Start > Programs > Microsoft Exchange Server 2010 > Exchange Management Shell.
2.Open the command prompt as administrator, type the following line and then press ENTER:
Get-MailboxDatabase | Add-ADPermission -User “BESAdmin” -AccessRights ExtendedRight -ExtendedRights Receive-As, ms-Exch-Store-Admin, ms-Exch-Store-Visible

Note: The Get-Mailboxdatabase cmdlet is designed to retrieve one or more mailbox database objects from a server or organization. As such, if there are multiple Exchange servers with multiple mailbox database objects, this cmdlet will only need to be applied once provided that the Exchange servers are part of the same organization. However, for every new Exchange mailbox database created, run the cmdlet again in order to apply the Exchange permissions to that mailbox database. For more info refer to the following Microsoft Technet.

For Microsoft Exchange 5.5

The BlackBerry Enterprise Server service account requires the Service Account Admin permissions on the Site container and Configuration container.

——————————————————————————–

Task 6

To assign a throttling Policy for the BlackBerry Enterprise Server service account, complete the following steps:

Note: This only applies for Microsoft Exchange 2010

If a BESPolicy throttling policy has not already been created, then create a new throttling policy that does not limit concurrent connections to the Microsoft Exchange Server:
1.On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange Management Shell.
2.Type New-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null

Note: If the Microsoft Exchange Server is 2010 SP1, complete the following step as well:

set-ThrottlingPolicy BESPolicy -CPAMaxConcurrency $NULL -CPAPercentTimeInCAS $NULL -CPAPercentTimeInMailboxRPC $NULL
3.
Type Set-Mailbox “BESAdmin” -ThrottlingPolicy BESPolicy.

4.Restart the BlackBerry Controller Service (For existing installation).

If a BESPolicy throttling policy has already been created, but is still set to throttle concurrent connection, then modify the existing BESPolicy to disable throttling.
1.On the Microsoft Exchange Server, click Start > Microsoft Exchange Server 2010 > Exchange Management Shell.
2.Type Set-ThrottlingPolicy BESPolicy -RCAMaxConcurrency $null -RCAPercentTimeInAD $null -RCAPercentTimeInCAS $null -RCAPercentTimeInMailboxRPC $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null -EWSMaxSubscriptions $null -EWSFastSearchTimeoutInSeconds $null -EWSFindCountLimit $null
3.Type Set-Mailbox “BESAdmin” -ThrottlingPolicy BESPolicy.
4.Restart the BlackBerry Controller Service (For existing installation).
Important : Restarting the BlackBerry Enterprise Server or its services might delay email message delivery to BlackBerry smartphones.

Note : It might take up to 20 minutes for replication to occur and BlackBerry smartphones to start.

If the preceding method does not work to reset the throttling policy, remove the existing policy and re-create a new BESPolicy.

Remove the BESPolicy by typing Remove-ThrottlingPolicy -Identity BESPolicy.

Note : A policy that is assigned to BlackBerry smartphone users cannot be removed. In order to remove a policy that is associated with any BlackBerry smartphone users, reassign the default policy to the BlackBerry smartphone user and then remove the BESPolicy.

For more information on the Microsoft Exchange Server 2010 throttling policy and the commands to set default policy, refer to Microsoft Technet and search for Remove-ThrottlingPolicy.

——————————————————————————–

Task 7

If the server is a Microsoft SQL Server, assign the server roles by completing the following steps:
1.
Note: The following is not applicable to Microsoft SQL Server Desktop Engine (MSDE).

2.In the Microsoft SQL Enterprise Manager, go to Microsoft SQL Servers/SQL Server Group/.
3.Expand the Microsoft SQL Server and expand Security.
4.Right-click Logins.
5.Click New Login.
6.On the General tab, click the button next to the Name field.
7.Select the new BlackBerry Enterprise Server service account name from the Names list.
8.Click Add.
9.Click OK.
10.On the Server Roles tab, select Server Administrators and Database Creators from the Server Role list.
Note: If running BlackBerry Enterprise Server 4.1 to 5.0, add the System Administrators role to add BlackBerry smartphone users in a role-based administration environment. For instructions, see the Administration Guide – BlackBerry Enterprise Server for Microsoft Exchange .

11.On the Database Access / User Mapping tab, select the check box for the BlackBerry Configuration Database.
12.In the Database Roles for list, select the db_owner check box.
For additional information on assigning the required permissions for the BlackBerry Configuration Database, see KB03112 .

For additional information on the permissions that are required to manage the BlackBerry Configuration Database

http://btsc.webapps.blackberry.com/btsc/viewdocument.do?externalId=KB02276&sliceId=2&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

Mark as helpful. 0

Time Sync on Domain

Run from Command Prompt

w32tm /monitor

find “PDC”

check refID:”‘LOCL’ =BAD NEWS (if it is set to local server IP – this needs to be changed)

Here are the steps to changing the settings:

-net time /setsntp:”time.nist.gov”

-net stop w32time

-net start w32time

-w32tm /config /update

Check w32tm /monitor Again

If it does not work –

w32tm /resync /rediscover

Go to other DC servers, run

net time \\PDCservername /set

affirm “Y”

Mark as helpful. 0

Configure server for BES installation

Configure Server for BES Installation
1. Create a Besadmin account with the same admin password of the domain administrator, unless otherwise request.
2. Go to Administrative Tools, Domain Controller Security Policy, Local Policies, and User rights Assignment – add Besadmin account to, Allow Log on Locally, Log on as a service.
a.For Windows 2008

i. Administrator tools

ii. Group Policy Management

iii. Domain Controllers

1. Default Domain Controllers Policy

2. Right click and Edit

a. Computer configuration

b. Policies

c. Windows settings

d. Security settings

e. Local Policies

f. User rights Assignment

3. Add besadmin and Administrators group accounts to Allow Log on Locally

4. Add besadmin to Log on as a service

iv. Run gpupdate in CMD
3.Exchange 2003 mailbox rights updates

· Open Exchange System Manager, Click on Action in Menu, Click Properties, then put check and enables Display routing groups & Display Administrative groups, Click Apply & Then OK.

· Exchange System Manager, open administrative Group, right-click on first Administrative group and click Delegate control, then click Add, browse and select Besadmin and set role to Exchange View Only administrator, click next and complete.
4.Exchange System Manager, open administrative Group, click on first Administrative group, server, right click on the server, go to properties, go to Security , Click on the Besadmin Account – check Allow for Receive AS , Send AS and Administer Information Store.
5.In Active directory make Besadmin a member of the administrators group.
6.In Active Directory , Go to View and Click Advanced Features
7.In Active Directory ,go to the User Account User Container , Right Click on Folder , go to properties , then go to Security
8.In Security add the Besadmin account, Click Allow Read, Then click Advanced, then click Add, Add Besadmin. In the Apply onto box select User Objects, Click Allow: List Contents, Send As and Receive As. Then click apply and then OK.
a.For Windows 2008

i. Select Descendant User Objects from the Apply to dropdown

ii. Give besadmin rights to each of the Descendant User Objects mentioned above
9.The log into server with Besadmin account. Then install BES Server.
10.Enable Terminal access for the BESadmin account

Exchange 2007\2010
1.In Exchange 2007/2010, command gives access on mailbox store level so you don’t need to deal with new added users . Get-Mailboxdatabase | Add-AdPermission -User “besadmin” -AccessRights GenericAll
2.You install this on BES server to access exchange 03/07 and 10 MAPI
a.Microsoft Exchange Server MAPI client and collaboration data objects 1.2.1

http://www.microsoft.com/downloads/en/details.aspx?familyid=e17e7f31-079a-43a9-bff2-0a110307611e&displaylang=en

Mark as helpful. 0

How to Re-register Volume Shadow Copy Service (VSS) Components on Windows 2003/Windows 2008

If an Exchange Backup Job is performed with AOFO and Sybari Antigen product is installed in ESE mode, the error: “AOFO: Initialization failure on: \\servername\Microsoft Information Store\First Storage Group Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS)” may occurHow to Re-register Volume Shadow Copy Service (VSS) Components on Windows 2008/Windows 2003.http://www.symantec.com/business/support/index?page=content&id=TECH70486

Problem

How to Re-register Volume Shadow Copy Service (VSS) Components on Windows 2008/Windows 2003.

Solution

VSS may not be working in one or more of the following ways:

1. Volume snapshots may fail with errors.
2. Backups using VSS may fail.
3. One or more VSS writers are missing when running the following command:
•vssadmin list writers

4. Using Backup Exec for Window Servers, backup jobs may:
•fail with VSS or snapshot errors.
•hang at snapshot processing.

5. Using Backup Exec System Recovery, backup jobs may:
•fail at 5%.
•appear to be progressing, reach 90% or higher then fail.

Re-registering VSS in Windows 2008 & testing is done in 2 parts:

Part 1 – Create and Execute a batch file named, FIXVSS08.BAT:
Please note the following:
•Run the batch file as Administrator.
•This is only for Windows 2008, not Windows 2003.

After running the .bat file, reboot the server to bring all of the writers into a stable state.
Copy and paste the following into Notepad, then click Save As and save it as FIXVSS08.BAT.

rem FILENAME: FIXVSS08.BAT

rem

net stop “System Event Notification Service”

net stop “Background Intelligent Transfer Service”

net stop “COM+ Event System”

net stop “Microsoft Software Shadow Copy Provider”

net stop “Volume Shadow Copy”

cd /d %windir%\system32

net stop vss

net stop swprv

regsvr32 /s ATL.DLL

regsvr32 /s comsvcs.DLL

regsvr32 /s credui.DLL

regsvr32 /s CRYPTNET.DLL

regsvr32 /s CRYPTUI.DLL

regsvr32 /s dhcpqec.DLL

regsvr32 /s dssenh.DLL

regsvr32 /s eapqec.DLL

regsvr32 /s esscli.DLL

regsvr32 /s FastProx.DLL

regsvr32 /s FirewallAPI.DLL

regsvr32 /s kmsvc.DLL

regsvr32 /s lsmproxy.DLL

regsvr32 /s MSCTF.DLL

regsvr32 /s msi.DLL

regsvr32 /s msxml3.DLL

regsvr32 /s ncprov.DLL

regsvr32 /s ole32.DLL

regsvr32 /s OLEACC.DLL

regsvr32 /s OLEAUT32.DLL

regsvr32 /s PROPSYS.DLL

regsvr32 /s QAgent.DLL

regsvr32 /s qagentrt.DLL

regsvr32 /s QUtil.DLL

regsvr32 /s raschap.DLL

regsvr32 /s RASQEC.DLL

regsvr32 /s rastls.DLL

regsvr32 /s repdrvfs.DLL

regsvr32 /s RPCRT4.DLL

regsvr32 /s rsaenh.DLL

regsvr32 /s SHELL32.DLL

regsvr32 /s shsvcs.DLL

regsvr32 /s /i swprv.DLL

regsvr32 /s tschannel.DLL

regsvr32 /s USERENV.DLL

regsvr32 /s vss_ps.DLL

regsvr32 /s wbemcons.DLL

regsvr32 /s wbemcore.DLL

regsvr32 /s wbemess.DLL

regsvr32 /s wbemsvc.DLL

regsvr32 /s WINHTTP.DLL

regsvr32 /s WINTRUST.DLL

regsvr32 /s wmiprvsd.DLL

regsvr32 /s wmisvc.DLL

regsvr32 /s wmiutils.DLL

regsvr32 /s wuaueng.DLL

sfc /SCANFILE=%windir%\system32\catsrv.DLL

sfc /SCANFILE=%windir%\system32\catsrvut.DLL

sfc /SCANFILE=%windir%\system32\CLBCatQ.DLL

net start “COM+ Event System”

Part 2 – Testing VSS by performing a System State Backup:
•You must first open a command prompt by right-clicking on Command Prompt and select Run As Administrator.

The command to start a System State Backup is:

Wbadmin start systemstatebackup -backuptarget:F:

Additional Notes:
•F: is the target drive where you wish to store the system state backup.
•This shouldn’t be a drive that is hosting any of the files included with System State.
•For Windows 2003, please refer to the following article: http://support.microsoft.com/kb/940032

For additional details, refer to the following Microsoft Technet article:
http://blogs.technet.com/sbs/archive/2008/10/13/system-state-backups-and-sbs-2008.aspx

Mark as helpful. 0

Meeting invitations received from external domains show as regular email messages on the BlackBerry

Calendar invitations and meetins are shown as regular email.

Retrieve the Microsoft Exchange Server calendar settings for the associated BlackBerry smartphone user account:

Microsoft Exchange Server 2007 SP1
Get-MailboxCalendarSettings -identity [Accountname] | Format-List
Microsoft Exchange Server 2010
Get-CalendarProcessing -identity [Accountname] | Format-List

Get-CalendarProcessing -identity user01 | Format-List

AutomateProcessing : None
AllowConflicts : False
BookingWindowInDays : 180
MaximumDurationInMinutes : 1440
AllowRecurringMeetings : True
EnforceSchedulingHorizon : True
ScheduleOnlyDuringWorkHours : False
ConflictPercentageAllowed : 0
MaximumConflictInstances : 0
ForwardRequestsToDelegates : True
DeleteAttachments : True
DeleteComments : True
RemovePrivateProperty : True
DeleteSubject : True
DisableReminders : True
AddOrganizerToSubject : True
DeleteNonCalendarItems : True
TentativePendingApproval : True
EnableResponseDetails : True
OrganizerInfo : True
ResourceDelegates : {}
RequestOutOfPolicy :
AllRequestOutOfPolicy : False
BookInPolicy :
AllBookInPolicy : True
RequestInPolicy :
AllRequestInPolicy : False
AddAdditionalResponse : False
AdditionalResponse :
RemoveOldMeetingMessages : True
AddNewRequestsTentatively : True
ProcessExternalMeetingMessages : False
DefaultReminderTime : 15
RemoveForwardedMeetingNotifications : False
Identity : rim.com/TestAccounts/user/user01

Apply this command line on power shell

Get-Mailbox -Server “” -ResultSize Unlimited | Set-CalendarProcessing -ProcessExternalMeetingMessages $true -AutomateProcessing AutoUpdate -AddNewRequestsTentatively $true

Here is the full resolution

http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB20866

Mark as helpful. 0

Adding CAL Licenses to BES 5.0

Add or delete a BlackBerry CAL key
1. In the BlackBerry® Administration Service, on the Servers and components menu, expand BlackBerry Solution topology
> BlackBerry Domain > Component view.
2. Click BlackBerry Administration Service.
3. Click Edit component.
4. In the License key section, perform one of the following actions:
• To add a BlackBerry CAL key, type the information for the BlackBerry CAL key. Click the Add icon.
• To delete a BlackBerry CAL key, click the Delete icon.
5. Click Save all.

Mark as helpful. 0

MTU Test

Here is an MTU test that can be used if you suspect packet fragmentation through your WAN connection or just want properly set your firewall wan MTU. First do the low test to establish a baseline. Then go from your current MTU setting down increments of “8”. MTU of 1500 is usually the default MTU but depending on the isp this can cause problems.

Ping -f –l “1404” www.yahoo.com

Low test: MTU 1404

Mid: MTU set to 1460

Any line using a vpn should not be below a 1450 MTU. It is a good idea not to set your mtu any lower than 1450 anyway unless required by your ISP.

Mark as helpful. 1

Fix Windows Update Issues

Fix Windows Update Issues

Reboot the computer and try to download Windows Updates, if they still fail to install, continue with the next step.

Stop the Automatic Update Service
1.Click on Start, Run
2.Type the following command and press Enter

services.msc
3.Right-click on the Automatic Updates option in the Name column and click Stop
4.Close the Services window

Show Hidden Files and Folders
1.Open My Computer
2.Click on Tools, Folder Options
3.Click on the View tab
4.Under the Hidden Files and Folders section, select “Show Hidden Files and Folders”
5.Click Ok

Delete the Previously Downloaded Windows Updates
1.Open My Computer
2.Double-click on Drive C (or whatever drive Windows is installed on)
3.Double-click on the Windows folder
4.Double-click on the SoftwareDistribution folder
5.Double-click on the Download folder
6.Click on Edit on the menu bar
7.Click on Select All
8.Click on File on the menu bar
9.Click on Delete and delete everything in the download folder
10.Return to the SoftwareDistribution folder by clicking on the green up arrow on the toolbar
11.Double-click on the EventCache folder
12.Click on Edit on the menu bar
13.Click on Select All
14.Click on File on the menu bar
15.Click on Delect and delete everything in the eventcache folder

Restart the Automatic Updates Service
1.Click on Start, Run
2.Type the following command and press Enter

services.msc
3.Double-click on the Automatic Updates option in the Name column
4.Click on the Start button under Service Status to restart the service
5.Select Automatic under Startup Type to start the service each time Windows starts
6.Click Ok
7.Close the Services Window

Download the Latest Version of Windows Update Agent

Click on the following link to download the latest version of the Windows Update Agent and save it to your desktop.

Download Windows Update Agent

Warning:

If you receive a message stating the Update Agent is already installed follow these extra steps:
1.Click Start, Run
2.Click the Browse button
3.Navigate to where you saved WindowsUpdateAgent30-x86.exe on your desktop and click it one time
4.Click on the Open button
5.On the Open line, go to the end of the command. After the last quotation mark type the following

/wuforce
6.The line should look something like the following now:

“C:\Documents and Settings\username\Desktop\WindowsUpdateAgent30-x86.exe” /wuforce
7.Click Ok and install the Update Agent

Download and Install the KB927891 Update

Click on the following link to download the KB927891 Update for Windows XP or click here to read more about the update

Download KB927891 Update for Windows XP

Restart your computer and try downloading and installing any Windows XP Updates again

Solution 2

regsvr32.exe c:\windows\system32\wuweb.dll

regsvr32.exe c:\windows\system32\wups2.dll

regsvr32.exe c:\windows\system32\wups.dll

regsvr32.exe c:\windows\system32\wucltui.dll

regsvr32.exe c:\windows\system32\wuaueng1.dll

regsvr32.exe c:\windows\system32\wuaueng.dll

regsvr32.exe c:\windows\system32\wuapi.dll

Click Start, Run and paste each line into the run line (one line at a time), and press enter after each.

Reboot, and try Windows Update again.

Mark as helpful. 0

Add multiple static MAPI agents to Blackberry Enterprise Server

HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents

Name: NumAgents

Type: DWORD

Decimal Value: 10

HKEY_LOCAL_MACHINE\SOFTWARE\Research In Motion\BlackBerry Enterprise Server\Agents

Name: NumAgentsFullServer

Type: DWORD

Decimal Value: 10

Note: For Windows 64 Bit servers the registry keys will be as follows:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Research In Motion\BlackBerry Enterprise Server\Agents

Set to 8

Registry Path: HKLM\Software\Research In Motion\BlackBerry Enterprise Server\Dispatcher Data Type: DWORD

Name: MaxUsersPerAgent

Set to 4

**** You can increase MaxUsersPerAgent to 10-15 if you decide to add more user in BES without spawning more agent. Once you resolve exchange issue please revert the settings. You have to reboot the BES.

Mark as helpful. 0

Install Backup Exec 2012 License

Go to add and remove programs and click on Change for Symantec Backup Exec to find the option to add licenses

Problem

Symantec Backup Exec 2012 is shown as being in Trial version even after installing the serial numbers.

Cause

1. During the install of Backup Exec 2012, “Maintenance” serial numbers are entered, but the the actual “Product” serial numbers were not entered. Figure 1.

Figure 1

 

2. If “Product” serial numbers were entered, but not selected in “Select the products to install on this computer, Backup Exec will still be installed in Trial mode. Figure 2.

Figure 2

 

 

Solution

1.  Run the installation again and verify  which serial numbers were installed.  The “Product Name/Description” will indicate which ones are “Maintenance serial numbers” and which ones are “Product” serial numbers. Figure 3.

Figure 3

 

2. Click “Next” and the “Select the product to install on this computer” screen will show whether the “Product” serial number was selected to be installed on the local computer.  If nothing is checked, then Backup Exec 2012 was installed as a Trial version. Figure 4.

Figure 4

 

3.  To get Backup Exec installed as a licensed version, select the “Serial numbers” and continue the installation. Figure 5.

Figure 5

Mark as helpful. 0

Configure Message Delivery Restrictions for a Mailbox – Exchange 2010

In the EAC, navigate to Recipients > Mailboxes.

  • In the list of user mailboxes, click the mailbox that you want to configure message delivery restrictions for, and then click Edit Edit Icon.
  • On the mailbox properties page, click Mailbox Features.
  • Under Message Delivery Restrictions, click View details to view and change the following delivery restrictions:
    • Accept messages from   Use this section to specify who can send messages to this user.
      • All senders   This option specifies that the user can accept messages from all senders. This includes both senders in your Exchange organization and external senders. This is the default option. It includes external users only if you clear the Require that all senders are authenticated check box. If you select this check box, messages from external users will be rejected.
      • Only senders in the following list   This option specifies that the user can accept messages only from a specified set of senders in your Exchange organization. Click Add Add Icon to display a list of all recipients in your Exchange organization. Select the recipients you want, add them to the list, and then click OK. You can also search for a specific recipient by typing the recipient’s name in the search box and then clicking Search Search Icon.
      • Require that all senders are authenticated   This option prevents anonymous users from sending messages to the user. This includes external users that are outside of your Exchange organization.
    • Reject messages from   Use this section to block people from sending messages to this user.
      • No senders   This option specifies that the mailbox won’t reject messages from any senders in the Exchange organization. This is the default option.
      • Senders in the following list   This option specifies that the mailbox will reject messages from a specified set of senders in your Exchange organization. Click Add Add Icon to display a list of all recipients in your Exchange organization. Select the recipients you want, add them to the list, and then click OK. You can also search for a specific recipient by typing the recipient’s name in the search box and then clicking Search Search Icon.
  • Click OK to close the Message Delivery Restrictions page, and then click Save to save your changes.

Mark as helpful. 1

Disable HP services on VMWare server

@echo off REM Created Feb 13 2008 by Lawrence Dee REM —– REM INSTRUCTIONS: REM This is a script to disable the HP services REM to ease use in a Virtual Machine

REM —– REM – Set services to Manual (=’demand’ in SC) rather than Auto start pause

sc config “Cissesrv” start= demand sc config “CpqNicMgmt” start= demand sc config “CpqRcmc” start= demand sc config “cpqvcagent” start= demand sc config “cqmghost” start= demand sc config “CqMgServ” start= demand sc config “CqMgStor” start= demand sc config “sysdown” start= demand sc config “SysMgmtHp” start= demand

:STOPServices REM – stop services sc stop “Cissesrv” sc stop “CpqNicMgmt” sc stop “CpqRcmc” sc stop “cpqvcagent” sc stop “cqmghost” sc stop “CqMgServ” sc stop “CqMgStor” sc stop “sysdown” sc stop “SysMgmtHp”

pause

GOTO EXIT

REM Notes and descriptions from SC Query

SERVICE_NAME: Cissesrv DISPLAY_NAME: HP Smart Array SAS/SATA Event Notification Service

SERVICE_NAME: CpqNicMgmt DISPLAY_NAME: HP Insight NIC Agents

SERVICE_NAME: CpqRcmc DISPLAY_NAME: HP ProLiant Remote Monitor Service

SERVICE_NAME: cpqvcagent DISPLAY_NAME: HP Version Control Agent

SERVICE_NAME: CqMgServ DISPLAY_NAME: HP Insight Server Agents

SERVICE_NAME: CqMgStor DISPLAY_NAME: HP Insight Storage Agents

SERVICE_NAME: sysdown DISPLAY_NAME: HP ProLiant System Shutdown Service

SERVICE_NAME: SysMgmtHp DISPLAY_NAME: HP System Management Homepage

REM – not listed in SC Query cqmghost.exe HP Insight Foundation Agents :EXIT

Mark as helpful.

Prevent users from changing passwords unless prompted with GPO

How to Configure the System to Prevent Users from Changing Passwords Unless Prompted

Users can change their passwords during the period between the   minimum and maximum password age settings. Your security design may require   that users change their passwords only when they are prompted by the operating   system at the maximum password age. You can configure Windows to permit users   to change their passwords only when the operating system prompts them to do so.   To prevent users from changing their passwords (except when required), disable   the Change Password option in the Windows Security dialog box that appears when you press CTRL+ALT+DELETE.
You can implement this configuration for a whole domain by using a Group   Policy, or you can implement this configuration for one or more specific users   by editing the registry.

How to Configure a Site, Domain, or Organizational Unit to Prevent Users from Changing Passwords Unless Prompted

  1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. Right-click the domain or organizational unit for which you want to implement the new password change policy, and then click Properties.
  3. Click the Group Policy tab.
  4. Click the Group Policy object (GPO) that you want to work with, and then click Edit. If there are no existing policies listed in the Group Policy Object Links list, click New to create a new policy, type a name for the new policy, and then click Edit.
  5. Expand the GPO, expand User Configuration, expand Administrative Templates, and then expand System.
  6. Click Ctrl+Alt+Del Options.
  7. In the right pane, double-click Remove Change Password.
  8. Click Enabled, and then click OK.
  9. Quit the Group Policy Object Editor snap-in, click OK, and then quit the Active Directory Users and Computers snap-in.
  10. Click Start, and then click Run.
  11. Type cmd in the Open box, and then click OK.
  12. At the command prompt, type the following line, and then press ENTER:
    gpupdate /target:user /force
  13. Type exit to close the command prompt.

Mark as helpful.

Delete bulk messages by Subject thru Exchange 2010 command shell

This is very useful to delete multiple messages on a large mailbox by subject without logging into the mailbox.

Before you can delete message you have to make sure the administrator has proper access.

First you have to add your administrator to the Discovery Management role group

Add-RoleGroupMember -Identity “Discovery Management” -Member Administrator

Then you have to make sure your Administrator is apart of the Mailbox Import Export role The easiest way to add that is by following these steps

Open up your Exchange Management Console Go to Toolbox and open up Role Based Access Control Login and double click “Organization Management Add “Mailbox Import Role” Also check to make sure Administrator is a user in that account.

Restart your Exchange Management Shell and now you can use the following command to delete your messages

Search-Mailbox -Identity “April Stewart” -SearchQuery ‘Subject:”Your bank statement”‘ -DeleteContent -force

Mark as helpful.

Block Instant messaging (IM) – Sonicwall

* Navigate to the Firewall > App Control Advanced page. (In Gen5 TZ devices this page would be under Security Services > App Control Advanced)  * Check the box under Enable App Control and click on Accept at the top of the page.  * Under View Stye: Category, select IM  * Click on the configure button to bring up the Edit App Control Category window.  * Select Enable under Block  * Select Enable under Log  * Select All under Included Users/Groups  * Click on OK to save the settings.

To block the web chat we would need to add the forbidden list on Content Filter with ” chatenabled.mail.google.com” for gtalk.

Mark as helpful.

Clear recycle bin for all users on workstation or server

Run this from Command prompt. If you run into issues you can run it from elevated command prompt

  • For Windows 7 or Server 2008 enter this command:

    rd /s c:\$Recycle.Bin

  • For Windows XP, Vista, or Server 2003 enter this command:

    rd /s c:\recycler

Mark as helpful.

Trend Micro Security Server is not updating

Option I:

Sometimes when the Security Server obtains updates, it would time out and generate errors in the logs. To resolve this:

 

Increase the timeout value when the Security Server obtains updates.

  1. On the Security Server, open the ..\Program Files\Trend Micro\Security Server\PCCSRV\Admin\aucfg.ini file with a text editor such as Notepad.
  2. Insert the “timeout=99999” line, as shown below:
    [downloader]
    retry=3
    timeout=99999
  3. Save and close the file.
  4. Update the server and verify the new timeout settings.
Option II:

The issue may also occur when the client is using a proxy server to update. To fix this:

 

Specify the proxy server on the WFBS console.

  1. Log on to the WFBS console.
  2. Go to Preferences > Global Settings.
  3. Under Proxy Information section, update the following:
    • Use a proxy server for updates and license notification
    • Use SOCKS 4/5 proxy protocol
    • Address
    • Port
    • Proxy server authentication
      • User name
      • Password
Option III:

The client sometimes has a firewall that blocks the current update source. To resolve this:

 

Change the ActiveUpdate source.

  1. Log on to the WFBS console.
  2. Go to Update > Source.
  3. Select Alternate update source.
  4. Use any of the following sources for WFBS:
    • For WFBS 5.0: http://wfbs50-p.activeupdate.trendmicro.com/activeupdate
    • For WFBS 5.1: http://wfbs51-p.activeupdate.trendmicro.com/activeupdate
    • For WFBS 6.0: http://wfbs60-p.activeupdate.trendmicro.com/activeupdate
    • For WFBS 7.0: http://iau.trendmicro.com/iau_server.dll
    • For WFBS 8.0: http://wfbs80-p.activeupdate.trendmicro.com/activeupdate/
Option IV:

Akamai, Trend Micro’s third-party content provider, provides localized cache servers that are geographically located close to you. Since Akamai’s server IP addresses changes depending on the country you are located in (and even under different network conditions), it is best to use the DNS name “trendmicro.georedirector.akadns.net” or “activeupdate.trendmicro.com.edgekey.net ” as the basis for your firewall rule.

 

Add an IP range of ActiveUpdate servers to be excluded on their firewall configuration

Note: This works best if you are connecting using a single ISP.
  1. Do one of the following:
    • For WFBS 5.0: Ping “wfbs51-p.activeupdate.trendmicro.com”
    • For WFBS 5.1: Ping “wfbs51-p.activeupdate.trendmicro.com”
    • For WFBS 6.0: Ping “wfbs60-p.activeupdate.trendmicro.com”
    • For WFBS 7.0: Ping “iau.trendmicro.com”
    • For License update: Ping “licenseupdate.trendmicro.com”
    • For AntiSpam source: Ping “csm-as.activeupdate.trendmicro.com”
    • For Smart Scan update: Ping “wfbs6-icss-p.activeupdate.trendmicro.com”
    • For the OPP (Outbreak Policy Pattern): Ping “oc.activeupdate.trendmicro.com”
    You should then be redirected to “a151.g.akamai.net”.
  2. Change the last octet of the IP address you got to “.255” This should give you the address block for your servers.
    Important: The resolved IP addresses can change depending on network traffic, and on whether or not the servers fail. Akamai compensates for this by modifying their DNS to point to a different server set. If this is the case, the procedure above should be repeated again, then add the new server IPs to the list.
Option V:

The issue may also occur when manual update is working and scheduled update is not in WFBS 6.0. To fix this:

 

Verify the scheduled update source of WFBS 6.0

  1. Open the ..\PCCSRV\Private\ofcserver.ini using a text editor like Notepad.
  2. Make sure that the following lines are correct:
    EnableScheduleUpdate=1
    UpdateSource_Schedule=http://wfbs60-p.activeupdate.trendmicro.com/activeupdate<
    ScheduleUpdateSpamSource=http://csm-as.activeupdate.trendmicro.com/activeupdate
Option VI:

The Security Server might not update due to corrupted pattern files or corrupted update components in the server’s cache. To fix this, run the Disk Cleaner tool.

If the issue still persists, contact Trend Micro Technical Support and provide the Case Diagnostic Tool (CDT) log generated on the WFBS server. For the instructions on how to get this, refer to this solution: Using the CDT to collect all the information needed by Trend Micro Technical Support.

Mark as helpful.

Corrupt Licensing issues Windows 2003 SBS

Yes even in this day and age people are still using Windows 2003 SBS.

SBS 2003 – 5 Cal Reset Issue

After much stuffing about I found that the SBS2003 licenses are kept in the licstr.cpa file in the WINDOWS\system32 folder. Thankfully, Microsoft actually keep an automatic backup of this in autolicstr.cpa. The simple process was to stop the License Logging Service, rename licstr.cpa to licstr.cpa.old, then copy autolicstr.cpa to licstr.cpa. After this I started License Logging Service and used Server Management to confirm that the licenses had been restored.

Mark as helpful.

Increase Receive Connector Limit Exchange 2007

In any case, the setting MaxMessageSize, which has a default of 10 MB in Exchange 2007, is the parameter that needs adjustment. If you want to get a look at the values for the MaxMessageSize parameter for all of the SMTP receive connectors in your Exchange organization, start up the command line-based Exchange Management Shell and issue the following command:

get-receiveconnector | select identity,maxmessagesize

The output in Figure A shows you that, for the three Exchange servers in this organization, all of the installed SMTP receive connectors have a maximum message size of 10 MB.

Figure A

Mark as helpful.

Remove Large Search Index File

Low disk space caused by Large Search Index file.

From the Indexing Options Control Panel, click Advanced, and then under Index location, click select new and place on another hard drive. Restart Windows Search service. Make sure index is in new location and remove old files from old location

Mark as helpful.

Configure OWA Redirection for Exchange 2010

Very important NOTE – After all the steps below are completed, make sure to remove redirection from “Public” folder in Default Web site otherwise users will have issues with opening attachments and emails. You do this by clicking on the public folder, going to HTTP redirect and un checking “redirect requests to this destination” box and applying the settings. After everything is complete run the iisreset in the command prompt to restart the necessary services.

One of the things I’ve been doing for as long as I can remember is redirecting requests that don’t go to https://owa.customer.com/owa (or /exchange) to the correct URL. So, if someone goes to http://owa.customer.com or https://owa.customer.com, they get redirected to the correct (secure) URL. Historically I’ve always done this with two components:

  • A custom website listening on Port 80 on each CAS server
  • A default.aspx file in the root of the Default Web Site redirecting to /owa

This approach no longer works with Exchange 2010 CAS because the PowerShell virtual directory actually operates over Port 80 (authentication is Kerberized). If you try and tinker with this, you’ll start getting errors from Remote PowerShell like this:

 

VERBOSE: Connecting to cas01.customer.com
[cas01.customer.com] The WinRM service cannot process the request because the request needs to be sent to a different machine. Use the redirect information to send the request to a new machine.  Redirect location reported: https://owa.customer.com/owa/PowerShell. To automatically connect to the redirected URI, verify “MaximumConnectionRedirectionCount” property of session preference variable “PSSessionOption” and use “AllowRedirection” parameter on the cmdlet.
+ CategoryInfo          : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [], PSRemotingTransportRedirectException
+ FullyQualifiedErrorId : PSSessionOpenFailed

 

In order to work around this, you need to use the HTTP Redirection feature in IIS (the default.aspx trick mentioned above should work too), as well as remove the requirement for SSL at the top level Default Web Site object. You have to be careful doing this because when you set settings on the web site, IIS will push them down to any virtual directory below which does not explicitly set that setting itself. To setup the redirect, select the Default Web Site in IIS Manager, and open the HTTP Redirect option under IIS. Complete it like this:

image

 

Warning: It’s very important that you check the checkboxes exactly as shown in the screenshot above!

 

Once this step is complete, you need to remove the enforced redirect from each of the virtual directories under the Default Web Site. To do this, select each virtual directory individually, and then open the HTTP Redirect property and uncheck the “Redirect requests to this destination” checkbox. You’ll need to do this on the following virtual directories:

  • aspnet_client
  • Autodiscover
  • ecp
  • EWS
  • Microsoft-Server-ActiveSync
  • OAB
  • PowerShell
  • Rpc

 

Note: The Exchange, Exchweb, and Public virtual directories should redirect to /owa.

 

If at this point you simply browse to http://cas01.customer.com, you’ll get an HTTP 403.4 error. This is because SSL is required at the top-level website. In order to get the redirect working, we need to disable SSL for the toplevel website while leaving it enabled for the relevant child virtual directories.

Select the Default Web Site and open the SSL Settings properties. Uncheck the Require SSL checkbox as shown below:

image

Like the redirection settings, this change will be inherited down the tree for any virtual directory which does not explicitly set the setting independently. Ensure that SSL is required for the following virtual directories:

  • Autodiscover
  • ecp
  • EWS
  • Microsoft-Server-ActiveSync
  • OAB
  • owa
  • Rpc

 

Warning: If you require SSL for the PowerShell virtual directory, you will render Remote PowerShell inoperable!

 

Once you’ve configured the redirection and SSL settings, open a command prompt and run iisreset. At this point you should be able to browse to http://localhost on the CAS server and get redirected to https://owa.customer.com/owa. These steps were tested on Windows Server 2008 R2. While they should be similar under Windows Server 2008, they may not be identical.

Mark as helpful.

Cannot add map drive – “The network folder specified is currently mapped using a different user name and password”

If your trying to add a mapped drive and getting error that starts with “The network folder specified is currently mapped using a different user name and password..”

Open command line and run: net use
 
Then you need to delete the drive that is mapped to that server by running: net use /delete \\server\share

Mark as helpful.

Disable password expire in Windows 2008

1)   Load Group Policy Editor ( Start –> Run –> gpedit.msc )

2)   Expand sections as follows –

Computer Configuration –> Windows Settings –> Security Settings –> Account Policies –> Password Policy

Set ‘Maximum password age’ to 0 to totally disable expiry.

Disable Password Expiry

Disable Password Expiry in Windows Server 2008

You can also change the setting on password complexity here if you find Microsoft’s default setting too restrictive.

Mark as helpful.

Configure maximum number of days for Blackberry Enterprise Server log files

To specify the number of days that the log files are stored on the BlackBerry Enterprise Server, complete the following steps:

BlackBerry Enterprise Server 4.0 and 4.1

  1. Open the BlackBerry Server Configuration Panel by selecting Start > Programs > BlackBerry Enterprise Server > BlackBerry Server Configuration.
  2. Select the Logging tab.
  3. Under each category, specify the preferred number of days for Debug Log Maximum Daily File Age. The recommended number of days is 30.
  4. Click OK.
  5. On the computer that host the BlackBerry Enterprise Server components, in the Microsoft Windows Services, restart the appropriate BlackBerry Enterprise Server services.

BlackBerry Enterprise Server 5.0

  1. In the BlackBerry Administration Service, on the left pane, expand BlackBerry Solution Topology > BlackBerry Domain > Component View.
  2. Select Logging
  3. Click the instance that contains the logging settings.
  4. On the Logging details tab, click Edit instance.
  5. In each section, in the Maximum age of daily log files field, type the required number of days (for example, 30 days) to delete the log files after.
  6. Click Save all.
  7. On the Servers and components menu, locate and restart the components that contain the changed logging settings.

Note: In BlackBerry Enterprise Server 5.0 SP1, the field to enter the number of days is dimmed and unavailable. This issue has been resolved in BlackBerry Enterprise Server 5.0 SP2.

Mark as helpful.

How to clean disabled shadow copy files for designated drives

Sometimes drives might be allocated with some hidden files which doesn’t show in reports.

This amount of disk space is being used for shadow copies.
Confirm if shadow copy is enabled or disabled for that drive. (In most cases it is disabled)
When you right click and go to properties of the drive under shadow copies you can see the disk space allocated by this shadow copy.
If it is disabled; simply enable and disable the shadow copy to delete the leftovers.

Mark as helpful.

Setup Autodiscover Record

How to use the new DNS SRV lookup method to locate the Exchange 2007 Autodiscover service

To use the new DNS SRV lookup method in order to locate the Exchange 2007 Autodiscover service, follow these steps.

Note You must create the Autodiscover SRV record in the external DNS zone that matches the right side of your user’s SMTP addresses. For example, if a user’s primary SMTP address is user@contoso.com, the record must be created in the contoso.com external DNS zone. If you have multiple primary SMTP address domains in your organization, you must create an Autodiscover SRV record in each zone.

  1. In your external DNS zone, remove any HOST (A) or CNAME records for the Autodiscover service.
  2. Use the following parameters to create a new SRV record:
    Service: _autodiscover
    Protocol: _tcp
    Port Number: 443
    Host: mail.contoso.com

Mark as helpful.

Fix Sysvol Replication – Event ID 13559

Issue:

You receive the following error after cloning a Windows 2008 DC.

 

Event ID: 13559

Source: NtFrs

Description:

The File Replication Service has detected that the replica root path has changed from “d:\windows\sysvol\domain” to “d:\windows\sysvol\domain”. If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path.

This was detected for the following replica set:

“DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”

 

Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file.

 

[1] At the first poll which will occur in 60 minutes this computer will be deleted from the replica set.

[2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.

 

Cause:

The Volume Serial Number of the drive letter specified in the Event ID has changed (D: in this case).  The File Replication Service saves and compares the Volume Serial Number and other disk information on each startup.  Changing the Volume Serial Number to the original value will not resolve this problem.

 

This most likely occurred because you have cloned, backed up and restored or otherwise changed the drive that holds the SYSVOL information.

 

Solution:

Method 1

Providing you have at least one other DC for this domain available and the problem DC does not hold any FSMO roles for the domain you can follow these steps to resolve this issue:

1)      Backup/Copy the location specified (d:\windows\sysvol\domain in this case) to a folder in the same partition

  1. This will keep the permissions intact and keep copies of the files just in case there is an issue.

2)      Create a file called NTFRS_CMD_FILE_MOVE_ROOT in the location specific

  1. d:\windows\sysvol\domain in this case

3)      Restart the File Replication Service.

4)      Check the Event Log for the following event

Event ID: 13560

Source: NtFrs

Description:

The File Replication Service is deleting this computer from the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” as an attempt to recover from the error state,

Error status = FrsErrorMismatchedVolumeSerialNumber

At the next poll, which will occur in 5 minutes, this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.

 

  1. Sometimes Error status = FrsErrorMismatchedReplicaRootObjectId is given.

5)      Wait 5-10 minutes or more then check the event log again for the following additional events

Event ID: 13520

Source: NtFrs

Description:

The File Replication Service moved the preexisting files in d:\windows\sysvol\domain to d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

 

The File Replication Service may delete the files in d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog at any time. Files can be saved from deletion by copying them out of d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog. Copying the files into d:\windows\sysvol\domain may lead to name conflicts if the files already exist on some other replicating partner.

 

In some cases, the File Replication Service may copy a file from d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog into d:\windows\sysvol\domain instead of replicating the file from some other replicating partner.

 

Space can be recovered at any time by deleting the files in d:\windows\sysvol\domain\NtFrs_PreExisting___See_EventLog.

 

Event ID: 13553

Source: NtFrs

Description:

The File Replication Service successfully added this computer to the following replica set:

“DOMAIN SYSTEM VOLUME (SYSVOL SHARE)”

 

Information related to this event is shown below:

Computer DNS name is “DC01.domain.local”

Replica set member name is “DC01”

Replica set root path is “d:\windows\sysvol\domain”

Replica staging directory path is “d:\windows\sysvol\staging\domain”

Replica working directory path is “c:\windows\ntfrs\jet”

 

Event ID: 13516

Source: NtFrs

Description:

The File Replication Service is no longer preventing the computer DC01 from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.

 

Type “net share” to check for the SYSVOL share.

 

6)      Event 13516 indicates you have successfully re-established replication of the SYSVOL.

  1. You can safely delete the NtFrs_PreExisting___See_EventLog folder specified in event 13553.

7)      You should keep your manual backup copy for a few days just in case there were files that are needed.

 

Method 2

To save replication time you can mark the SYSVOL as a non authoritative restore and restart the NtFrs service.  You do this by editing the BurFlags registry setting of the NtFrs Services key.  Read this for more information:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

 

Method 3

If this is your only DC you need to mark the SYSVOL as authoritative for the domain by editing the BurFlags registry setting of the NtFrs Services key.  Read this for more information:

Using the BurFlags registry key to reinitialize File Replication Service replica sets

Mark as helpful.

Print Spooler fails randomly on Server 2008

Create a reg backup

Service: Print Spooler – The following steps helped me to remove a driver, which was causing the issue:
1. Open regedit (e.g. click Start, key regedit and press Enter)
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
3. Under this key, there will be the keys Version-2 and Version-3 (one or the other of these may be absent – not a problem)
4. The sub-keys under these contain the printer driver configuration information
5. Delete all the sub-keys inside Version-2 and Version-3, but not these keys themselves

Mark as helpful.

Exchange 2010 Powershell command to delete all content in mailbox

**Note that this command deletes all of the mail in the inbox as well as the folders.

[PS] C:\Windows\system32>Search-Mailbox -Identity “Luk, Terence” -DeleteContent

 

Exchange 2010 SP1 or SP2 PowerShell cmdlet for deleting all email in a mailbox

I haven’t had to do a whole lot of Exchange 2010 work recently as most of the projects I’ve been involved in were either desktop virtualization or datacenter related but just about a week ago I was asked what the cmdlet was to delete all the mail in an inbox.  I remember executing the cmdlet a while ago and after a bit of digging in my notes, I found it.  Knowing that I’m bound to come across this again, I thought I’d write a short blog on the prerequisites required for setting up the account and finally the cmdlet for future reference.

Prerequisites

The first thing you’ll need to do is ensure that you have given the account you’re going to use the proper permissions by adding them into the following groups:

  1. Discovery Management <—Already Exists
  2. Exchange Support Diagnostics <—Does not exist so you’ll need to create it
  3. Exchange Mailbox Import Export<—Does not exist so you’ll need to create it

Discovery Management

The Discovery Management group is located in the Microsoft Exchange Security Groups OU in your domain:

image

Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.

clip_image001

Exchange Support Diagnostics & Exchange Mailbox Import Export

The Exchange Support Diagnostics & Exchange Mailbox Import Export groups are not created by default which means you’ll need to manually create them.  The following TechNet blog does a great job of explaining these groups so I won’t reiterate it here:

http://blogs.technet.com/b/exchange/archive/2010/03/26/3409621.aspx

The instructions in the blog above never worked for me as switch:

-Members “<domain\groupname>”

Would cause the cmdlet I execute to continuously fail.  My workaround is to simply omit that switch and add the members with the Active Directory Users and Computers GUI once the group has been created so to create the Exchange Mailbox Import Export group, execute the following cmdlet:

[PS] C:\Windows\system32>New-RoleGroup -Name “Exchange Mailbox Import Export” -Roles “Mailbox Import Export” -DisplayName “Exchange Mailbox Import Export” -Description “This group will provide access to mailbox import and export cmdlets within entire Exchange Organization.”

Name                          AssignedRoles                 RoleAssignments               ManagedBy

—-                          ————-                 —————               ———

Exchange Mailbox Import Ex… {Mailbox Import Export}       {Mailbox Import Export-Exc… {domain.internal/Microsoft …

[PS] C:\Windows\system32>

image

To create the Exchange Support Diagnostics group, execute the following cmdlet:

[PS] C:\Windows\system32>New-RoleGroup -Name “Exchange Support Diagnostics” -Roles “Support Diagnostics” -DisplayName “Exchange Support Diagnostics” -Description “This group will provide access to support diagnostics cmdlets within entire Exchange Organization.”

Name                          AssignedRoles                 RoleAssignments               ManagedBy

—-                          ————-                 —————               ———

Exchange Support Diagnostics  {Support Diagnostics}         {Support Diagnostics-Excha… {domain.internal/Microsoft …

[PS] C:\Windows\system32>

image

Once those 2 cmdlets have been successfully executed, you should now see the following 2 groups:

image

Proceed with adding the the account you intend on executing the cmdlet to delete the contents in a mailbox into those 2 groups.

Deleting contents of a mailbox

To delete the contents of a mailbox, first obtain the identity of the mailbox by executing the following:

[PS] C:\Windows\system32>Get-Mailbox | where-object {$_.alias -match “tluk”}

Name                      Alias                ServerName       ProhibitSendQuota

—-                      —–                ———-       —————–

Luk, Terence              tluk                 svrexmb12        unlimited

clip_image001[4]

Now that you have the identity execute the following cmdlet to delete the content:

**Note that this command deletes all of the mail in the inbox as well as the folders.

[PS] C:\Windows\system32>Search-Mailbox -Identity “Luk, Terence” -DeleteContent

Confirm

Deleting content from mailboxes Luk, Terence

[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is “Y”): Y

RunspaceId       : e9269d66-4888-4dd4-96cd-c72e0358e099

Identity         : domain.internal/Domain/Users/CCS/Luk, Terence

TargetMailbox    :

TargetPSTFile    :

Success          : True

TargetFolder     :

ResultItemsCount : 145

ResultItemsSize  : 18.22 MB (19,107,056 bytes)

[PS] C:\Windows\system32>

image

Check the mailbox to ensure that the content has been deleted:

image

Mark as helpful.

Expand server drive in Windows 2003

To extend a partition or volume, you must first select the volume to give it the focus, and then you can specify how large to make the extension. To extend a volume, follow these steps:

  1. At a command prompt, type diskpart.exe.
  2. Type list volume to display the existing volumes on the computer.
  3. Type Select volume volume number where volume number is number of the volume that you want to extend.
  4. Type extend [size=n] [disk=n] [noerr]. The following describes the parameters:
    size=n
    The space, in megabytes (MB), to add to the current partition. If you do not specify a size, the disk is extended to use all the next contiguous unallocated space.

    disk=n
    The dynamic disk on which to extend the volume. Space equal to size=n is allocated on the disk. If no disk is specified, the volume is extended on the current disk.

    noerr
    For scripting only. When an error is thrown, this parameter specifies that Diskpart continue to process commands as if the error did not occur. Without the noerr parameter, an error causes Diskpart to exit with an error code.

  5. Type exit to exit Diskpart.exe.

Mark as helpful.

Recreating user profiles while maintaining the users mailbox

If you delete a user from Active Directory his mailbox won’t show up for a few hours under the disconnected mailboxes unless you run any of these commands
Deleted mailboxes will appear in disconnected mailbox list, but it will not reflect immediately. We have to wait for online maintenance to run and complete.

If we accidentally delete mailbox and if we wanted to reconnect it back then we may not be able to find it Disconnected Mailbox. We have run Clean-MailboxDatabase to get the deleted mailbox.

Eg.

Clean-MailboxDatabase \servername\SGName\Store
Cleaning Database of Individual Store

Get-Mailboxdatabase | Clean-MailboxDatabase
Cleans all the database in the Organization

Get-Mailboxdatabase | Where{ $_.Server –eq “<servername>”}| clean-MailboxDatabase
Cleans all the database in the specific store

Get-Mailboxdaatabase | Where{ $_.Name –eq “<DatabaseName>”}| clean-MailboxDatabase
Cleans all the Database which matches the specific name given in Databasename

Mark as helpful.

Exchange 2010 sends attachments as winmail.dat

  • In Microsoft Exchange Server 2010, select Microsoft Exchange On-Premises, select Organization Configuration, select Hub Transport, select the Properties for Default (or Domain name you have defined), select Never Use under Exchange Rich-text format. Save.

Never Use - Exchange Rich-Text Format - Hub Transport - Organization Configuration - Exchange Server 2010

Mark as helpful.

Clean up space from large softwaredistribution folder

Start>Run
type cmd and press enter
type net stop wuauserv and press enter
type rename c:\windows\SoftwareDistribution softwaredistribution.old and press enter
type net start wuauserv and press enter
type exit and press enter
Restart the computer and make sure there are no issues, then you can delete the old folder

Mark as helpful.

Enable content redirection from server to client – Citrix

When you enable server to client content redirection, embedded URLs are intercepted on the XenApp server and sent to the client device and the Web browser or multimedia players on the client device open these URLs. This feature frees servers from processing these types of requests by redirecting application launching for supported URLs from the server to the local client device. The browser locally installed on the client device is used to navigate to the URL. Users cannot disable this feature. Accessing published content with local client desktops does not use XenApp resources or licenses because local viewer applications do not use XenApp sessions to display the published content.

For example, users may frequently access Web and multimedia URLs they encounter when running an email program published on a server. If you do not enable content redirection from server to client, users open these URLs with Web browsers or multimedia players present on servers running XenApp.

Note: If the client device fails to connect to a URL, the URL is redirected back to the server.

Complete the following configurations:

  1. Locate the Citrix policy setting for User > ICA > File Redirection. Add and enable Host to client redirection to allow file type associations for URLs and some media content to be opened on the user device (disabled by default). When disabled, content opens on the server.
  2. From the XenApp console, publish the content file and select the users or groups that can access it.
The following URL types are opened locally through user devices for Windows and Linux when this type of content redirection is enabled:

  • HTTP (Hypertext Transfer Protocol)
  • HTTPS (Secure Hypertext Transfer Protocol)
  • RTSP (Real Player and QuickTime)
  • RTSPU (Real Player and QuickTime)
  • PNM (Legacy Real Player)
  • MMS (Microsoft Media Format)

If content redirection from server to client is not working for some of the HTTPS links, verify that the user device has an appropriate certificate installed. If the appropriate certificate is not installed, the HTTP ping from the client device to the URL fails and the URL is redirected back to the server. For legacy plug-ins, content redirection from server to client requires Internet Explorer Version 5.5 with Service Pack 2 on systems running Windows 98 or higher.

Mark as helpful.

Clean up Server Metadata from orphaned or decommissioned domain controllers

When you use Remote Server Administration Tools (RSAT) or the Active Directory Users and Computers console (Dsa.msc) that is included with Windows Server 2008 or Windows Server 2008 R2 to delete a domain controller computer account from the Domain Controllers organizational unit (OU), the cleanup of server metadata is performed automatically. Previously, you had to perform a separate metadata cleanup procedure.

You can also use the Active Directory Sites and Services console (Dssite.msc) to delete a domain controller’s computer account, which also completes metadata cleanup automatically. However, Active Directory Sites and Services removes the metadata automatically only when you first delete the NTDS Settings object below the computer account in Dssite.msc.

As long as you are using the Windows Server 2008, Windows Server 2008 R2, or RSAT versions of Dsa.msc or Dssite.msc, you can clean up metadata automatically for domain controllers running earlier versions of Windows operating systems.

Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

  1. Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers <DomainControllerName>, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
  3. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
  4. In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

    Metadata Cleanup in ADUC

  5. In the Active Directory Domain Services dialog box, click Yes to confirm the computer object deletion.
  6. In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

    DC offline in AD Users and Computers

  7. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  8. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.

    You cannot change this domain controller. If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.

 

  1. Open Active Directory Sites and Services: On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers <DomainControllerName>, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
  3. Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.

    Metadata Cleanup in AD Sites and Services

  4. In the Active Directory Domain Services dialog box, click Yes to confirm the NTDS Settings deletion.
  5. In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

    DC offline in AD Users and Computers

  6. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
  7. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
  8. Right-click the domain controller that was forcibly removed, and then click Delete.

    DC Deletion in AD Sites and Services

  9. In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.

As an alternative, you can clean up metadata by using Ntdsutil.exe, a command-line tool that is installed automatically on all domain controllers and servers that have Active Directory Lightweight Directory Services (AD LDS) installed. Ntdsutil.exe is also available on computers that have RSAT installed.

  1. Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.
  2. At the command prompt, type the following command, and then press ENTER:

    ntdsutil

  3. At the ntdsutil: prompt, type the following command, and then press ENTER:

    metadata cleanup

  4. At the metadata cleanup: prompt, type the following command, and then press ENTER:

    remove selected server <ServerName>

    Or

    remove selected server <ServerName1> on <ServerName2>

    Value Description
    ntdsutil: metadata cleanup Initiates removal of objects that refer to a decommissioned domain controller.
    remove selected server Removes objects for a specified, decommissioned domain controller from a specified server.
    <ServerName> or <ServerName1> The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain. If you specify only one server name, the objects are removed from the current domain controller.
    on <ServerName2> Specifies removing server metadata on <ServerName2>, the Domain Name System (DNS) name of the domain controller to which you want to connect. If you have identified replication partners in preparation for this procedure, specify a domain controller that is a replication partner of the removed domain controller.
  5. In Server Remove Configuration Dialog, review the information and warning, and then click Yes to remove the server object and metadata.

    At this point, Ntdsutil confirms that the domain controller was removed successfully. If you receive an error message that indicates that the object cannot be found, the domain controller might have been removed earlier.

  6. At the metadata cleanup: and ntdsutil: prompts, type quit, and then press ENTER.
  7. To confirm removal of the domain controller:

    Open Active Directory Users and Computers. In the domain of the removed domain controller, click Domain Controllers. In the details pane, an object for the domain controller that you removed should not appear.

    Open Active Directory Sites and Services. Navigate to the Servers container and confirm that the server object for the domain controller that you removed does not contain an NTDS Settings object. If no child objects appear below the server object, you can delete the server object. If a child object appears, do not delete the server object because another application is using the object.

Mark as helpful.

Citrix Licensing Service crashes on startup

The Citrix Licensing Service crashes on startup when using License Server versions 11.6.1 build 10007 through 11.9 installed on Windows Server 2003, Windows Server 2008 or Windows Server 2008 R2. The following Event ID 1000 is logged in the Windows Application Event Log:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 2011/06/07
Time: 10:13:18
User: N/A
Computer: <Server_Name>
Description:
Faulting application lmadmin.exe, version 0.0.0.0, faulting module lmadmin.exe, version 0.0.0.0, fault address 0x0005d8c2.

Cause

The concurrent_state.xml and/or the activation_state.xml files become unusable and the Citrix Licensing Service, lmadmin.exe, does not properly handle the unusable file and crashes.

Resolution

  • issue is resolved with the Citrix License Server version 11.10 for Windows which can be downloaded from here.
  • following steps can be performed as a workaround until your Citrix License Server can be upgraded to version 11.10.
  • Delete the concurrent_state.xml and the activation_state.xml files.
  • C:\Program Files\Citrix\Licensing\ls\conf directory on a 32-bit server
  • C:\Program Files(x86)\Citrix\Licensing\ls\conf directory on a 64-bit
  • Restart the license server.

These files are recreated after restarting the license server allowing the Citrix Licensing Service to successfully start and the Citrix License Server to function normally.

Mark as helpful.

Setup Public Folder rights Exchange 2007

You can only do this through the Exchange Management Shell in Exchange 2007

 

Add-PublicFolderClientPermission -Identity “\Corporate Calendar” -AccessRights Owner -User Dave

to double check rights

Get-PublicFolderClientPermission -Identity “\Corporate Calendar” | fl

to remove settings

Remove-PublicFolderClientPermission -Identity “\Corporate Calendar” -Access Rights Owner -User Dave

If the name is more then one word spaced out then it requires “quotations”

Mark as helpful.

Troubleshoot OWA Server 2008 SBS Exchange 2007

SBS 2008. OWA was spitting out HTTP Error 500.19 – Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

It then listed information, owaauth.dll was mentioned somewhere. Should start taking screen shots of these… It also referenced a line of web.config from program files\windows small business server\bin\webapp\sbs web applications, a line containing only . The event log showed an error relating to the DLL as well:

The Module DLL C:\Program Files\Microsoft\Exchange Server\ClientAccess\Owa\auth\owaauth.dll failed to load. The data is the error.

And this one:

Could not load all ISAPI filters for site ‘SBS WEB APPLICATIONS’. Therefore site startup aborted.

The error on the website complained of something being locked.

Searches all talked about 32bit mode vs 64bit, unlocking strings, resetting IWAM and IUSR accounts (though they don’t seem to apply to SBS 2008?), recreating your OWA folders… I did all that for hours with no luck. In the end, it was permissions: owaauth.dll had Authenticated Users granted Read and not Read & Execute. I discovered this by comparing the file to another server. The whole OWA folder was jacked. IISRESET and we were back up.

The moral here is to always remember to check your basics first. Two of my co-workers looked at this for well over an hour before it was passed to me and I won’t say how long I spent working on it before I found this. If the error says that a file can’t be loaded, maybe it actually means that the file can’t be loaded.

Mark as helpful.

Setup OWA Exchange 2007

1. Start IIS Manager.

2. Expand the local computer, expand Sites, and then click Default Web Site.

3. At the bottom of the Default Web Site Home pane, click Features View if this option isn’t already selected.

4. In the IIS section, double-click HTTP Redirect.

5. Select the Redirect requests to this destination check box.

6. Type the absolute path of the /owa virtual directory. For example, type https://mail.contoso.com/owa.

7. Under Redirect Behavior, select the Only redirect requests to content in this directory (not subdirectories) check box.

8. In the Status code list, click Found (302).

9. In the Actions pane, click Apply.

10. Click Default Web Site.

11. In the Default Web Site Home pane, double-click SSL Settings.

12. In SSL Settings, clear Require SSL.
Note:

If you don’t clear Require SSL, users won’t be redirected when they enter an unsecured URL. Instead, they’ll get an access denied error.

13. For the new settings to take effect, open a Command Prompt window, and then type iisreset /noforce to restart IIS.

Mark as helpful.

WinRM error: The content type is absent or invalid Exchange 2010

The error message is something to the effect of “Console initialization failure: WinRM error: The content type is absent or invalid.” I’ve since forgotten if this message shows up in the management console or the shell but both will display a similar message when trying to connect the the installed exchange server. Other errors you might see are along the lines of “The WinRM client sent a request.”

The resolution actually turned out to be very simple. Go to your IIS install and find the wwwroot directory. In that directory is a file called web.config. Rename this file. Now open a command prompt and issue the following command:
iisreset
You should now be able to get into the Exchange Mangement Console or Shell.

Mark as helpful.

Deleted Delegates Still Receive Meeting Invites for Other Mailbox Users

I encountered two cases this week caused by the same bug. They began with different problem descriptions:

  1. When people in a team send meeting requests to a room mailbox their team regularly uses, they receive an NDR for a person who left the company some time ago and no longer has an account or mailbox
  2. A person who used to be the delegate/manager for a room mailbox continues to receive meeting requests for that room, even though they no longer appear in the delegates list

Note that this doesn’t only impact room mailboxes, it just happens that was the situation in both of my cases this week.

In both cases the same bug was the root cause.  When delegates are added to a mailbox an invisible rule is added to that mailbox to forward the meeting requests to the delegates. When they are later removed the rule continues to send them the meeting requests.

For example in this case Ana Williams has one delegate, Alan Reid, but a former delegate Alex Heyne is also still receiving a copy of the meeting requests, even though he does not appear in the delegates list.

Because the invisible rule is invisible :) it can’t be seen in Outlook.

Instead we need to open the mailbox using MFCMAPI to see the rule.

Update: a few people have let me know that they’ve had success fixing this issue by simply removing all existing delegates, then re-adding them. That seems to remove the invisible rule with the stale entry, and then it is re-added with just the intended delegates. Though that approach didn’t work for me in these cases, it would be the quickest win so is worth trying first before going further with MFCMAPI.

Download MFCMAPI here and extract the file onto a computer that also has Outlook installed (it will use the Outlook profile to logon to Exchange).

After launching MFCMAPI click the Session menu and choose Logon.

After logging on choose MDB, Open other mailboxes, then From GAL.

Choose the suspect mailbox from the GAL, in this case Ana Williams. Click OK at the “CreateStoreEntryID flags” dialog that appears.

Navigate the Root Container down to Top of Information Store and then Inbox. Right-click Inbox and choose Other tables and then Rules table.

Depending on the number of regular inbox rules the mailbox has you may see more than one entry. To locate the invisible rule that handles email forwarding for delegates look for the rule that has a blank “Rule Name“, and has a PR_RULE_PROVIDER value of “Schedule+ EMS Interface“.

Before proceeding to the next step be aware that this process removes the email forwarding for all delegates on the mailbox. So before you delete it make sure you’ve made a note of the delegates who are supposed to remain on the mailbox, as they will need to be re-added.

Right-click the rule and choose Delete.

The final step is to re-add any delegates to the mailbox that are still wanted.

When this is complete only those intended delegates will receive the meeting requests, and the deleted delegates should receive no more meeting requests, or in the case of the former staff member, no longer cause NDRs back to the meeting organizers.

Mark as helpful.

Disable Back Pressure Exchange 2007

When running Exchange 2007 in a testing lab with limited resources you might experience issues in mail delivery like emails goes to draft folder or not receiving them at all. The reason for that is the Back Pressure feature that stops specific functions.

To disable Back Pressure: Go to C:\Program Files\Microsoft\Exchange Server\Bin directory and open the EdgeTransport.exe.config file using notepad.
Change the value of EnableResourceMonitoring from True to False: To: Save file and Restart Microsoft Exchange Transport Service. –

Mark as helpful.

Disable Screen tips in Citrix

Use the following registry edit to disable Tips from showing up

 

[HKEY_CURRENT_USER\Software\Citrix\ICA Client\Keyboard Mapping\Tips]
“In full screen mode”=dword:01323fa9

Mark as helpful. 2

An unexpected error occurred during citrix discovery

Change Citrix Independent Management Architecture Service from Log On As “Network Service to a local service.

Restart the service and run discovery again in AppCenter.

Mark as helpful.

How to clear out corrupted definitions for a Symantec Endpoint Protection client manually


DISCLAIMER:The following instructions are for the Symantec Endpoint Protection product ONLY.
If there are any other Symantec products installed on the system that share the virus definitions please contact Symantec Technical Support.


Instructions for 32-bit Operating Systems:

For Windows 2000/2003/XP

      1. Stop the Symantec Endpoint Protection Services:
      2. Click Start, Run, typing in smc -stop, and pushing Enter.
        1. Click the Start button and then click Run
        2. Type services.msc and click OK
        3. Right-click Symantec Endpoint Protection and click Stop.
        4. Minimize the Services window

          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.

      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\Program Files\Common Files\Symantec Shared\VirusDefs\
          – Delete all files and subfolders
        • Delete the downloaded data in the “C:\Documents and Settings\All Users\Application Data\Symantec\Liveupdate\downloads”


          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.


      4. Delete the data from the registry:
        1. Click the Start button and then click Run
        2. Type regedit and click OK
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click Start, Run, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection service and click Start.

For Windows Vista/Server 2008/Windows7

    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, type in smc -stop, and push Enter
      1. Click the Start button.
      2. In the search bar type services and then press Enter.
        Note: If the User Account Control prompt pops up click Continue.
      3. Right-click Symantec Endpoint Protection and click Stop.

        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.

    3. Delete the data from the Definition folders:
      • Virus Definitions
        C:\ProgramData\Symantec\Definitions\VirusDefs\
        – Delete all files and subfolders


        WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.


    4. Delete the data from the registry:
      1. Click the Start button
      2. Type regedit and press Enter
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    6. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection and click Start.

Instructions for 64-bit Operating Systems:

For Windows 2000/2003/XP

      1. Stop the Symantec Endpoint Protection Services:
      2. Click Start, Run, type in smc -stop, and push Enter.
        1. Click the Start button and then click Run
        2. Type services.msc and click OK
        3. Right-click Symantec Endpoint Protection and click Stop.
        4. Minimize the Services window

          Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.

      3. Delete the data from the Definition folders:
        • Virus Definitions
          C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\
          – Delete all files and subfolders


          WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.


      4. Delete the data from the registry:
        1. Click the Start button and then click Run
        2. Type regedit and click OK
        3. Navigate to:
          HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
        4. Delete the following values:
          1. SRTSP
          2. NAVCORP_70
          3. DEFWATCH_10
          4. SepCache3
          5. SepCache2
          6. SepCache1
      5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
      6. Click Start, Run, type in smc -start, and push Enter.
        1. Maximize the Services window.
        2. Right-click Symantec Endpoint Protection service and click Start.

For Windows Vista/Server 2008/Windows 7

    1. Stop the Symantec Endpoint Protection Services:
    2. Click Start, Run, type in smc -stop, and push Enter.
      1. Click the Start button.
      2. In the search bar type services and then press Enter.
        Note: If the User Account Control prompt pops up click Continue.
      3. Right-click Symantec Endpoint Protection and click Stop.
        Note: If you are unable to stop the Symantec Management Client you will need to temporarily disable Tamper Protection. Please see the Technical Information at the bottom of this document for instructions.
    3. Delete the data from the Definition folders:
      • Virus Definitions
        C:\ProgramData\Symantec\Definitions\VirusDefs\
        – Delete all files and subfolders


        WARNING: In the next steps you will edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify only the registry values that are specified. For instructions, see How to back up the Windows registry.


    4. Delete the data from the registry:
      1. Click the Start button
      2. Type regedit and press Enter
      3. Navigate to:
        HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Symantec\SharedDefs
      4. Delete the following values:
        1. SRTSP
        2. NAVCORP_70
        3. DEFWATCH_10
        4. SepCache3
        5. SepCache2
        6. SepCache1
    5. Restart the Symantec Endpoint Protection Services stopped in the previous step, 3.c.
    6. Click Start, Run, type in smc -start, and push Enter.
      1. Maximize the Services window.
      2. Right-click Symantec Endpoint Protection and click Start.

References
In some instances, Symantec Technical Support may recommend the use of an unsupported tool that automates the removal of corrupted SEP definitions. For details please see Using the “Rx4DefsSEP” utility at http://www.symantec.com/business/support/index?page=content&id=TECH93036&locale=en_US

Technical Information
How to disable Tamper Protection:

    1. Open and log into the Symantec Endpoint Protection Manager console
    2. Click the Clients view.
    3. Select the appropriate group.
    4. Under the Policies tab, in the “Settings” section, click General Settings.
    5. Under the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down.
    6. Click OK.

 

 

IMPORTANT: Once definitions will be purged, the following popup message will appear:

“Virus definitions are missing on this computer. This computer will remain unprotected until definitions are downloaded from the network. Contact your system administrator for help updating your virus definitions.”

This message will keep showing (after every smc -stop/smc -start or session opening), even when Symantec Endpoint Protection will receive/apply new set of definitions, until “Symantec Endpoint Protection” service is restarted. To avoid this, it is possible either:

– to drop JDB file to update client then restart “Symantec Endpoint Protection” service

– to use Rx4DefsSEP

– to use a script which is checking Antivirus/Antispyware definition status and restart “Symantec Endpoint Protection” service if appropriate

NOTE: this behavior is as designed.

Mark as helpful.

Operations are in Progress, Please wait – Server 2008

I was greeted with this screen.

Operations In progress

Hm, i thought.

I flipped over to the Services console via the MMC and noticed that the Acronis Scheduler service was ‘Stopping’

Ok i thought, well, lets kill this bad boy. (yes i said bad boy)

Luckily on the server i was using i had already downloaded PsTools, if you have never used PsTools you really should.

If you are a domain administrator, you can have a huge amount of fun killing annoying applications on Co-Workers computers and making it look like an application has crashed. I never got tired of killing our interns IE sessions when they were on Facebook instead of working, and you can even write a small bat file to run at random just to add a little more authenticity to it. Oh, i digress.

Ok, so first i found the name of the process the Scheduler service used via the MMC.

acronis

Next, i turn to PsTools and use the PsList command.

PsList \\server | findstr Schedul2

I use the ‘findstr’ tool also here to filter the output of the PsList command so i only see the relevant process running.

pslist

This confirms that yes, this process is running on the target server.

Next i can use PsKill to end that process.

PsKill \\server Schedul2

pskill

As soon as the process was killed, the DRAC screen updated to ‘stopping services’ and the server finished it’s reboot.

Hopefully this will help you troubleshoot any ‘Operations are in progress’ messages you see on your servers.

Mark as helpful.

Print Spooler Randomly Fails

I’ve searched hi and low and my print spooler just keeps failing. These is most likely caused by a bad print driver. To isolate this so the print spooler doesn’t fail you have to setup Print Driver Isolation.

The reason that you don’t see the PrintIsolationHost.exe process spawn immediately after switching a driver to isolation mode is for better resource management. The process is called when needed, and is closed when not required. In shared mode, the printing model is very similar to isolated mode, except that you will only see one PrintIsolationHost.exe process – unless you also have drivers running in full isolation mode at the same time.

Now that we’ve covered some of the basics of PDI, let’s talk about configuring PDI via Group Policy. There are two new group policy settings that you can use to control the isolation mode of drivers on machines to which the policy applies. Both settings are in the Computer Configuration\Administrative Templates\Printers. The two settings are:
•Execute Print Drivers in Isolated Processes – there are two settings ◦Disabled – Completely disable driver isolation, resulting in all the print drivers being loaded into the print spooler process as in previous OS versions. This would be a way to force “legacy” mode
◦Enabled or Not Configured – Allows driver isolation, in which case the driver isolation modes can be set as needed (or as specified by the OEM)

•Override Print Driver Execution Compatibility Setting Reported by Print Driver – again, there are two settings ◦Enabled – Forces drivers flagged as incompatible with PDI to run in “shared” mode
◦Disabled or Not Configured – whatever isolation compatibility advertised in the .inf file for the driver is honored

The values for these policies are stored in the registry at HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers\ in the following values:
•PrintDriverIsolationExecutionPolicy
•PrintDriverIsolationOverrideCompat

A value of 0 = disabled, and 1 = enabled. If the policy settings are “Not Configured” then these values will not exist in the registry by default and the system assumes the default settings as discussed above.

To wrap up this post, we’ll take a look at some of the registry values that can be used to modify PDI behavior – specifically the lifetime and recycle behavior of PrintDriverIsolation.exe processes. These values exist in the HKLM\SYSTEM\CurrentControlSet\Control\Print\ key.

Value Name Type Description
PrintDriverIsolationIdleTimeout REG_DWORD Time in milliseconds that specifies the maximum time a printer driver isolation process should remain idle before it is shut down.
PrintDriverIsolationTimeBeforeRecycle REG_DWORD Time in milliseconds that specifies the maximum time span a printer driver isolation process should be used for before it is shut down / restarted. The shut down and restart sequence reclaims memory potentially leaked by drivers
PrintDriverIsolationMaxobjsBeforeRecycle REG_DWORD Specifies the maximum number of operations a printer driver isolation process should be used for before it is shut / down and restarted. Again, the shut down and restart sequence reclaims memory potentially leaked by drivers

In instances where you might suspect isolated drivers leaking memory or if you have a large number of PrintDriverIsolationHost.exe processes, these settings may be worth tweaking.

Note that all of the changes described in this section will take effect when the Print Spooler service is restarted.

 

Confirm the default Local Print Provider

1) Use Regedit to locate the Print key in the Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

2) Click to highlight the Print key in Regedit and export the key as a .reg file for backup purposes (File > Export).

3) Locate the Local Port Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port

4) Confirm that the Driver value in the Local Port Registry key is set to Localspl.dll. If it is not, double-click the Driver value to edit the Data String and set it to Localspl.dll.

 

Remove 3rd Party Port and Language Monitors

1) Note any 3rd-party Monitors that are listed in the Monitors Registry key for future reference:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors

The default Monitors are:

==========================

AppleTalk Printing Devices

BJ Language Monitor

Local Port

LPR Port

PJL Language Monitor

Standard TCP/IP Port

USB Monitor

Windows NT Fax Monitor

==========================

Note: Not all of the above default Port Monitors will be present in all cases. You may also see the Microsoft Office Document Imaging Monitor which is installed by MS Office.

The 2 types of monitors that may be listed here are Port Monitors and/or Language Monitors. As a general rule, Language Monitors will not have any printer ports defined in the Ports subkey and may be removed without causing a problem. Port Monitors such as HP Standard TCP/IP, however, may have active printers using this port type. If a 3rd-party Port Monitor is in use, with printers defined in the Ports subkey under the Port Monitor, you will need to convert the port(s) to a Standard TCP/IP Port (Standard Port Monitor).

2) To convert the printer ports from the 3rd-party Port Monitor to Standard TCP/IP Port Monitor, perform the following steps:

Convert 3rd Party Ports to Standard TCP/IP Ports

1) Open the Printers and Faxes folder.

2) Right-click the printer that was identified as using the 3rd-party Port Monitor and select Properties.

3) In the Properties for the printer, click the Ports tab.

4) On the Ports tab, click the Add Port button.

5) In the Printer Ports dialog, select Standard TCP/IP and click the New Port button to start the Add Standard TCP/IP Printer Port Wizard.

6) Click Next when the Add Standard TCP/IP Printer Port Wizard starts to specify the printer that will be using this new port.

7) Enter the Printer Name or IP Address for the printer that will be using this new port and click Next.

Note: The wizard automatically fills in the port name for you in the Port Name box. You can either accept this name or type the name that you want to use, and then click Next. Standard Port Monitor then sends a query to the print device. Based on the SNMP values that are returned, the device details are determined and the appropriate device options are displayed. If the print device cannot be identified, you must supply additional information about it.

8) If the Additional Port Information Required page is displayed, perform one of the following tasks under Device Type:

Click Standard, click the appropriate device in the list, and then click Next.

-or-

Click Custom, click Settings, specify the protocol settings (RAW or LPR) and the SNMP status settings that you want to use, click OK, and then click Next.

10) If the wizard prompts you for the print server protocol, specify the protocol that you want to use, either RAW or LPR.

11) If the wizard prompts you to select a port, specify the port that you want to use in the Device Port box, and then click Next.

12) Click Finish, and then click Close. On the Ports tab in the Properties for the printer, you should see that the printer is now set to use the new Standard TCP/IP Port that you just created. The new Standard TCP/IP port is also displayed in the Ports on this server list on the Ports tab in the Print Server Properties (File > Server Properties from within the Printers folder)

13) You can then delete the 3rd-party port from the Ports tab within the Print Server Properties.

14) Repeat these steps for all printers that are using a 3rd-party Port Monitor.

After moving all printers to the Standard TCP/IP Port Monitor, we can delete the 3rd-party Port Monitor’s Registry key under the Monitors key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors

Remove All Other 3rd party Monitors

For any other 3rd party Monitors that are identified under the Monitors key and are confirmed to NOT have any printer ports listed under the Ports subkey for the Monitor, we will need to perform the following 2 steps

  • Identify printers configured to use the 3rd party Monitor.
  • Delete the reference to the Monitor for that printer.
  • Delete the Registry key for the 3rd party Monitor.

Note: The Client Printer Port is the Citrix Metaframe Monitor used for autocreated client printers in Terminal Server sessions. Do not remove this Monitor unless it is confirmed to be related to the problem:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\Client Printer Port

Driver REG_SZ cpmmon.dll

==========================

See the following article before removing Lexmark Monitors:

155516 How to Remove the Lexmark MarkVision Monitor

http://support.microsoft.com/?id=155516

1) Note the name of the 3rd-party Monitor that is being removed. We will use this name to search the Print Registry key for references to this Monitor.

Assume, for example, that the HP Master Monitor is installed:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\HP Master Monitor

EOJTimeout REG_DWORD 0xea60

Driver REG_SZ HPBMMON.DLL

==========================

2) In Regedit, click to highlight the Print key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

3) Press F3, or click the Edit menu and select Find.

4) In the Find What field, type the name of the 3rd-party Monitor that is being removed, HP Master Monitor in this example, and click Find Next. Identify printers that are configured to use the Monitor that we are removing, for example:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\HP Color LaserJet 2500 PCL 6

Configuration File REG_SZ HPBF342E.DLL

Data File REG_SZ HPBF342I.PMD

Driver REG_SZ HPBF342G.DLL

Help File REG_SZ HPBF342E.HLP

Monitor REG_SZ HP Master Monitor

==========================

5) Double-click the Monitor value to delete the 3rd party Monitor data string. In this example, delete the “HP Master Monitor” value. The Monitor value will be left with a blank data string, as follows:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\HP Color LaserJet 2500 PCL 6

Configuration File REG_SZ HPBF342E.DLL

Data File REG_SZ HPBF342I.PMD

Driver REG_SZ HPBF342G.DLL

Help File REG_SZ HPBF342E.HLP

Monitor REG_SZ

==========================

6) Repeat the steps above for all 3rd-party Monitors.

7) Stop and restart the Print Spooler service for the changes take effect.

 

Net stop spooler

Net start spooler

 

Note: In most cases, removing the 3rd party Monitors will not affect normal printing. If new problems are seen after removing the 3rd party Monitors, we can restore the backed up Print Registry key to restore the original configuration..

You can then perform the steps above again in smaller steps, stopping and starting the Print Spooler service more frequently, to determine if a specific component is required. If so, skip the removal of this component and continue removing the other 3rd-party items.

Note: If the problem is easily reproducible, you may also individually remove the 3rd-party Monitors to try to narrow the problem down to a particular Monitor. This procedure will take more time and may require restarting the Print Spooler service multiple times.

Remove 3rd-party Print Providers

Remove 3rd party Print Providers by deleting the 3rd-party providers in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers

The default Print Providers are:

Internet Print Provider

Lanman Print Services

The Client Printer Provider is the Citrix Metaframe provider used for autocreated client printers in Terminal Server sessions. Do not remove this Provider unless it is confirmed to be related to the problem:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\Client Printer

Name REG_SZ C:\Program Files\Citrix\system32\cdmprov.dll

DisplayName REG_SZ Client Printer

==========================

2) Stop and restart the Print Spooler service for the changes take effect.

Net stop spooler

Net start spooler

 

Remove 3rd Party Print Processors

Perform the following steps to confirm that all printers are configured to use the WinprintPrint Processor.

  • Identify printers that are configured to use a 3rd party Print Processor.
  • Change the 3rd party Print Processor to Winprint.
  • Delete the Registry key for the 3rd party Print Processor.

1) Note the name of the installed Print Processors under the following Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors

The default Print Processor is Winprint:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\winprint

Driver REG_SZ localspl.dll

==========================

Assume, for example, that the HPPRN05 is installed:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\HPPRN05

Driver REG_SZ HPPRN05.DLL

==========================

2) In Regedit, click to highlight the Print key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

3) Press F3, or click the Edit menu and select Find.

4) In the Find What field, type Print Processor and click Find Next. Identify the Print Processor being used for each printer:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\Client1

ChangeID REG_DWORD 0x1b9fa8c9

Status REG_DWORD 0x180

Name REG_SZ Client\XPWS

Share Name REG_SZ

Print Processor REG_SZ HPPRN05

==========================

5) Double-click the Print Processor value to change the 3rd party processor data string to Winprint:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\Client1

ChangeID REG_DWORD 0x1b9fa8c9

Status REG_DWORD 0x180

Name REG_SZ Client\XPWS

Share Name REG_SZ

Print Processor REG_SZ WinPrint

==========================

6) Repeat the steps above for all 3rd-party Print Processors.

7) Stop and restart the Print Spooler service for the changes to take effect.

 

Net stop spooler

Net start spooler

 

Note: In most cases, changing the print processor to Winprint will not affect normal printing. If new problems are seen after changing the print processor,  we can restore the backed up Print Registry key and restart the Print Spooler service to restore the original configuration.

You can then perform the steps above again in smaller steps, stopping and starting the Print Spooler service more frequently, to determine if a specific component is required. If so, skip the removal of this component and continue removing the other 3rd party items.

 

Additional steps to be done

 

1) Check the Spool folder to see if there are any old files in the folder. When printing is working properly, the files in the Spool folder are deleted as the jobs are printed. The default Spool folder is:

systemroot\System32\Spool\Printers

The Spool folder location can be confirmed by checking the DefaultSpoolDirectory Registry value in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers

Move any old files that are in the Spool folder to see if the problem still occurs. Corrupt files in the Spool folder can cause Print Spooler service problems. You may need to stop the Print Spooler service to move the files from the Spool folder.

2) The Print Spooler service is, by default, dependent only upon the Remote Procedure Call (RPC) service, RPCSS. To confirm the Spooler dependencies, check the DependOnService value in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler

Confirm that the dependent services are started. If there are any other dependent services listed, in addition to RPCSS, edit the DependOnService Registry value to remove all dependencies except RPCSS.

3) Configure the installed antivirus application to exclude scanning the Spool folder. There can be contention between the antivirus application and the Print Spooler service that may cause intermittent printing problems.

Mark as helpful. 0

Use Command Line to Power off a Virtual Machine – VMWare

Using the ESXi 5.x esxcli command to power off a virtual machine

The esxcli command can be used locally or remotely to power off a virtual machine running on ESXi 5.x. For more information, see the esxcli vm Commands section of the vSphere Command-Line Interface Reference.

  1. Open a console session where the esxcli tool is available, either in the ESXi Shell, the vSphere Management Assistant (vMA), or the location where the vSphere Command-Line Interface (vCLI) is installed.
  2. Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file, using this command:
    esxcli vm process list
  3. Power off one of the virtual machines from the list using this command:
    esxcli vm process kill --type=[soft,hard,force] --world-id=WorldNumber
    Notes: Three power-off methods are available. Soft is the most graceful, hard performs an immediate shutdown, and force should be used as a last resort. Alternate power off command syntax is: esxcli vm process kill -t [soft,hard,force] -w WorldNumber
  4. Repeat Step 2 and validate that the virtual machine is no longer running.

For ESXi 4.1:

  1. Get a list of running virtual machines, identified by World ID, UUID, Display Name, and path to the .vmx configuration file, using this command:
    esxcli vms vm list
  2. Power off one of the virtual machines from the list using this command:
    esxcli vms vm kill --type=[soft,hard,force] --world-id=WorldNumber

Using the ESXi command-line utility vim-cmd to power off the virtual machine

  1. On the ESXi console, enter Tech Support mode and log in as root. For more information, see Tech Support Mode for Emergency Support (1003677).
  2. Get a list of all registered virtual machines, identified by their VMID, Display Name, and path to the .vmx configuration file, using this command:
    vim-cmd vmsvc/getallvms
  3. To get the current state of a virtual machine:
    vim-cmd vmsvc/power.getstate VMID
  4. Shutdown the virtual machine using the VMID found in Step 2 and run:
    vim-cmd vmsvc/power.shutdown VMID
    Note: If the virtual machine fails to shut down, use this command:
    vim-cmd vmsvc/power.off VMID

Mark as helpful. 0

Change Windows Folder Permissions using %username% variable

The problem I was looking to fix was changing a shared user folder permissions for multiple folders using a %username% variable. I use this variable a lot especially with logon folders (Example: net use U: server1\shared\users’\%username%, which automatically gives say user Tim access to just Tim’s folder, users\Tim)

After searching for hours on the internet trying to use calcs and powershell command that didn’t work I found a program called NTFSFix that works on Windows 2000-2008 from my testing.
You can download it directly from http://www.wisesoft.co.uk/download/NTFSFixv1.1.exe

Here’s some info from their website from Wisesoft. Note %foldername% works the same as %username%

Select Mode (Add or Replace)

NTFSFix - Welcome

  • Add custom permissions to the work area (Default permissions shown below)

NTFSFix - Wiz1

  • Select the root folder. (UNC or local path supported) You can also exlude folders here.

NTFSFix - Wiz2

  • Confirm the selection & start the permissions change.

NTFSFix - Wiz2

In the above screenprint two folders were not configured properly. This is because no users exist in the domain with the same name as the folder.

Mark as helpful. 0

Purge Disconnected Mailboxes in Exchange Server 2007

Listing all disconnected mailboxes

Get-MailboxStatistics | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid

Removing a single entry

Remove-Mailbox -Database <Database-Name> -StoreMailboxIdentity <MailboxGuid> -confirm:$false

Removing all users at the same time

$users = Get-MailboxStatistics | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid

Now that we have all disconnected mailboxes in a var, we can run the following cmdlet to remove all of them:

$users | ForEach { Remove-Mailbox -Database “Mailbox Database” -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Mark as helpful. 0

Move Exchange Queue on Exchange 2007

1. On a separate disk volume, create a new folder structure, D:\Microsoft Exchange\Queue.

2. Open the Exchange Management Shell and type the following command:

Move-TransportDatabase.ps1 -QueueDatabasePath: “D:\Microsoft Exchange\Queue” -QueueDatabaseLoggingPath: “D:\Microsoft Exchange\Queue”

3. This PowerShell script performs the move operation for the queue database and queue database logging
from “C:\inetpub\mailroot\Queue” (as in case of Exchange 2007) to “D:\Microsoft Exchange\Queue”

4.You can now see the queue database and it’s associated log files on the new volume

Mark as helpful. 0

Purge Disconnected Mailboxes in Exchange Server 2010

List mailbox databases guid
> Get-MailboxDatabase |ft Name, Guid

List disconnected mailboxes in a specific database
> Get-MailboxStatistics -Database | Where-Object {$_.DisconnectDate -Notlike $NULL} | FL DisplayName, DisconnectDate, MailboxGuid

Delete a specific disconnected mailbox
> Remove-Mailbox -Database “” -StoreMailboxIdentity -confirm:$false

Delete all disconnected mailboxes in a specific database
> $users = Get-MailboxStatistics -Database “” | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid,Database

> $users | ForEach { Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Example
Delete a specific disconnected mailbox in the database named My Database
> Remove-Mailbox -Database “My Database” -StoreMailboxIdentity g437dd12-2f96-4a67-8f6f-c47fa70247e2 -confirm:$false

Delete all disconnected mailboxes in the database named My Database
> $users = Get-MailboxStatistics -Database “My Database” | where-object { $_.DisconnectDate -ne $null } | Select DisplayName,MailboxGuid,Database

> $users | ForEach { Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Mark as helpful. 0

/var/mail is very large – Linux

Use putty to log into your Linux server. You will probably need the root password.
After you login if you need root access type su and enter the password

Type the word mail and press Enter.

You’ll see a list of messages (or maybe just one message).

Enter the number of the message that you want to read, e.g. press 1 and Enter.

Press ‘d’ to delete the message.
You can also use d* to delete all messages
or d1-100(ex d1-1000 to delete 1000 messages) to delete a specific range

Repeat steps 3-4 until you’ve deleted all the messages.

Type quit and press Enter.

Also if you want you can make a blank file
Copy your original file then make it blank
At first
cp /var/mail/root /var/mail/root.backup
then
cat /dev/null > /var/mail/root

You can change root to whichever username you are recreating

Mark as helpful. 0

Delete Disconnected Mailboxes on Exchange 2010 Version 2

Problem

In older versions of Exchange, we just had to “Purge” disconnected mailboxes, now we don’t have that option.

Solution

WARNING this will remove ALL disconnected mailboxes, make sure you actually want to do this before proceeding.

1. On one of the Exchange servers > Start > All Programs > Microsoft Exchange Server 2010 > Exchange Management Shell.

2. Issue the following commands;

$mailboxes = Get-ExchangeServer | Where-Object {$_.IsMailboxServer –eq $true} | ForEach-Object { Get-MailboxStatistics –Server $_.Name | Where-Object {$_.DisconnectDate –notlike ‘’}} | select displayname, mailboxguid, database

Then;

$mailboxes | ForEach { Remove-Mailbox -Database $_.Database -StoreMailboxIdentity $_.MailboxGuid -confirm:$false }

Purge Mailboxes

2. If you have the Exchange Management console open (as above), you may need to refresh, before they disappear.

Mark as helpful. 0

Snapshot Consolidation in VMware ESXi 5.5 fails

Symptoms

  • Cannot perform snapshot consolidation in VMware ESXi 5.5 and ESXi 6.0.x.
  • Performing a snapshot consolidation in ESXi 5.5 fails.
  • When attempting to consolidate snapshots using the vSphere Client, you see the error:
    • maximum consolidate retries was exceeded for scsix:x
    • Consolidate Disks message: The virtual machine has exceeded the maximum downtime of 12 seconds for disk consolidation

Cause

This issue occurs because ESXi 5.5 introduced a different behavior to prevent the virtual machine from being stunned for an extended period of time.
This message is reported if the virtual machine is powered on and the asynchronous consolidation fails after 10 iterations. An additional iteration is performed if the estimated stun time is over 12 seconds.This occurs when the virtual machine generates data faster than the consolidated rate.
In comparison with previous version of ESXi, if the asynchronous consolidation fails after 10 iterations, the virtual machine is stunned until the remaining data is consolidated. For more information, see Virtual machines become unresponsive for over 30 minutes when removing a snapshot (2039754).

Resolution

To resolve this issue, turn off the snapshots consolidation enhancement in ESXi 5.5 and ESXi 6.0.x, so that it works like earlier versions of ESX/ESXi. This can be done by setting the snapshot.asyncConsolidate.forceSync to TRUE.
Note: If the parameter is set to true, the virtual machine is stunned for long time to perform the snapshot consolidation, and it may not respond to ping during the consolidation.

To set the parameter snapshot.asyncConsolidate.forceSync to TRUE using the vSphere client:

  1. Shut down the virtual machine.
  2. Right-click the virtual machine and click Edit settings.
  3. Click the Options tab.
  4. Under Advanced, right-click General
  5. Click Configuration Parameters, then click Add Row.
  6. In the left pane, add this parameter:
    snapshot.asyncConsolidate.forceSync
  7. In the right pane, add this value:
    TRUE
  8. Click OK to save your change, and power on the virtual machine.

To set the parameter snapshot.asyncConsolidate.forceSync to TRUE without shutting down the virtual machine, run this Powercli command:
get-vm virtual_machine_name | New-AdvancedSetting -Name snapshot.asyncConsolidate.forceSync -Value TRUE -Confirm:$False
Note
: To work around this issue, when under heavy IO load, you can alternatively retry snapshot consolidation at a time when the virtual machine is issuing less IO.

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

 

You can increase the time limit on the snapshots consolidation by changing the configuration parameters.

 

To change the Configuration parameter to increase the time limit on the snapshots consolidation:

  1. Shut down the virtual machine.
  2. Right-click the virtual machine and click Edit Settings.
  3. Click the Options tab.
  4. Under Advanced, click General.
  5. Click Configuration Parameters and add snapshot.maxConsolidateTime = 30.

Mark as helpful. 0

Logon Failure: The Target Account Name is Incorrect

Fix “Logon Failure: The Target Account Name is Incorrect” Error

Reset Machine Account Passwords using Netdom.exe

netdom resetpwd /s:server /ud:domain\User /pd:*

The /s:server is the name of another domain controller in which the KDC service is running. That server will be used for setting the machine account password.

The other two parameters are simply the user name and password for a domain administrator account.

You will need to install the Windows Server Support Tools from the CD-ROM. Once installed, you have to stop the Kerberos Key Distribution Center service and set the Startup Type to Manual.

Note that this method basically is fixing a problem with replication between two domain controllers. Sometimes replication can fail because the secret password between the domain controllers gets out of sync.

Make sure replication between your domain controllers is actually working!

Mark as helpful. 0

After Installing or Upgrading to vCenter Server 6.0, logging in to the vSphere Web Client for all users reports the error: You do not have permissions to view this object or this object does not exist

After installing or upgrading to vCenter Server 6.0 on Windows, you experience these symptoms when logging into the vSphere Web Client with any authorized user account:

  • When browsing to any object, you see the error:

    You do not have permissions to view this object or this object does not exist

  • In the %ProgramData%\VMware\vCenterServer\runtime\VMwareSTSService\logs\lookupServer.log file on the Platform Services Controller, you see entries similar to:
[YYYY-MM-DDTHH:MM:SS:MS-04:00 pool-2-thread-1  ERROR com.vmware.vim.lookup.vlsi.util.VmodlEnhancer] Unable to load library ‘vmafdclient’: The specified module could not be found.
java.lang.UnsatisfiedLinkError: Unable to load library ‘vmafdclient’: The specified module could not be found.

[YYYY-MM-DDTHH:MM:SS:MS-04:00 pool-7-thread-1  ERROR com.vmware.vim.vmomi.server.impl.SoapBindingImpl] Method ‘list’ completed with undeclared fault of type ‘LookupFaultServiceFault’
(lookup.fault.ServiceFault) {
   faultCause = null,
   faultMessage = null,
   errorMessage = Unable to load library ‘vmafdclient’: The specified module could not be found.


[YYYY-MM-DDTHH:MM:SS:MS-04:00 pool-2-thread-1  INFO  com.vmware.vim.lookup.vlsi.VlsiSecurityChecker] Operation create is permitted for user {Name: machine-6b018b31-b0fb-11e3-a918-0050569817d1, Domain: vsphere.local}

[YYYY-MM-DDTHH:MM:SS:MS-04:00 pool-2-thread-1  ERROR com.vmware.vim.lookup.vlsi.util.VmodlEnhancer] Could not initialize class com.vmware.af.interop.VmAfClientAdapter$VmAfClientLibrary
java.lang.NoClassDefFoundError: Could not initialize class
com.vmware.af.interop.VmAfClientAdapter$VmAfClientLibrary

  • In the %ProgramData%\VMware\vCenterServer\logs\vapi\endpoint\endpoint.log file on the vCenter Server, you see entries similar to:

YYYY-MM-DDTHH:MM:SS:MS-04:00 | ERROR | state-manager1            | ComponentManagerClientWrapper  | Service lookup failed.
java.util.concurrent.ExecutionException: (cis.cm.fault.ComponentManagerFault) {

  • In the %ProgramData%\VMware\vCenterServer\logs\cm\cm.log file on the Platform Services Controller, you see entries similar to:

YYYY-MM-DDTHH:MM:SS:MS-04:00 [pool-14-thread-1  WARN  com.vmware.cis.services.cm.service.impl.LsVmomiSiteStore (46db3ac0-a783-422a-a8cf-ec9b7d19ba85)] Call to lookup service failed; uri:https://<Platform_Services_Controller_FQDN>/lookupservice/sdk [(vmodl.fault.SystemError) {

   faultCause = null,
   faultMessage = null,
   reason = Invalid fault
}]

YYYY-MM-DDTHH:MM:SS:MS-04:00 [pool-14-thread-1  ERROR com.vmware.cis.services.cm.service.ServiceManagerImplTemplate (46db3ac0-a783-422a-a8cf-ec9b7d19ba85)] search v1: Failed to search

(vmodl.fault.SystemError) {
   faultCause = null,
   faultMessage = null,
   reason = Invalid fault

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

Cause

This issue occurs when the Local System user overrides the Local Machine‘s Path registry key and prevents the VMware Secure Token Service (STS) from starting properly.

Resolution

This is a known issue affecting VMware vCenter Server 6.0.

Currently, there is no resolution.

To workaround this issue, use any one of these options:
  • Rename the Path Registry Key

    Note: Use this method if you do not need this Path registry key for the Local System and can use the system wide path from Local Machine, you can remove this path.

  • Include Addition Values to the Path Registry Key

    Note: Use this method if you require the Local System Path registry to remain unique for you Windows system.

Rename the Path Registry Key (Simple)
If you do not need this Path registry key for the Local System and can use the system wide path from Local Machine, you can remove this path.

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393.

  1. Connect to the external Platform Services Controller or the vCenter Server with Embedded Platform Services Controller remotely as a local administrator.
  2. Click Start > Run, type regedit, and click OK. The registry editor window opens.
  3. Navigate to the Environment registry key for Local System:

    HKEY_USERS\S-1-5-18\Environment

  4. Right-Click on Path and select Rename.
  5. Set the name of the registry key to Old_Path.
  6. Restart the VMware Secure Token Service. For more information, see Stopping, starting, or restarting VMware vCenter Server 6.0 services (2109881).
Including Addition Values to the Path Registry Key (Advanced)
If you require the Local System Path registry to remain unique for your Windows system.

Note: This procedure modifies the Windows registry. Before making any registry modifications, ensure that you have a current and valid backup of the registry and the virtual machine. For more information on backing up and restoring the registry, see the Microsoft Knowledge Base article 136393.

  1. Connect to the external Platform Services Controller or the vCenter Server with Embedded Platform Services Controller remotely as a local administrator.
  2. Click Start Run, type regedit, and click OK. The registry editor window opens.
  3. Navigate to the Path registry key for Local Machine:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment

  4. Right-click Path and click Modify….
  5. Locate and copy the MIT\kerberos path contained with the key.

    By default, MIT\kerberos this path should be:

    c:\Program Files\MIT\Kerberos\bin

  6. Navigate to the Environment registry key for Local System:

    HKEY_USERS\S-1-5-18\Environment

  7. Right-click Path and click Modify….
  8. Append the the MIT\kerberos path from Step 5 to the registry key’s Value data field.

    Use the following as a model:

    C:\Program Files\System Center Operations Manager 2007;c:\Program Files\MIT\Kerberos\bin

  9. Click OK.
  10. Restart the VMware Secure Token Service. For more information, see Stopping, starting, or restarting VMware vCenter Server 6.0 services (2109881).

Mark as helpful. 0

Setup Barracuda Journaling via SMTP

Register each Exchange Server as a Trusted SMTP Server

To ensure that journaled message archiving begins as soon as your Exchange Servers are configured to send them, register each Exchange Server as a Trusted SMTP Server with the Barracuda Message Archiver (on the MAIL SOURCES > SMTP page) prior to configuring your Exchange Servers. Also see Understanding SMTP Forwarding and Trusted Servers.

Once the Barracuda Message Archiver is configured to receive SMTP traffic, you must complete the following from the Exchange Management Console (EMC) of each Exchange Server that will be journaling directly into the Barracuda Message Archiver:

  • From Recipient Configuration – Create a Mail Contact that is to act as the recipient of all journaled messages.
  • From Organization Configuration > Hub Transport– Create the following items:
    • a (non-routable) Remote Domain, to act as the recipient domain for journaled traffic
    • a Send Connector, for routing journaled messages
    • a Journaling Rule to actually enable journaling on your Exchange Server

Configure the Barracuda Message Archiver

On the Barracuda Message Archiver, use the the following steps to enable SMTP forwarding:

  1. Go to the MAIL SOURCES > SMTP page.
  2. In the Trusted SMTP Servers section, enter the IP address of each Exchange Server that is to journal directly to the Barracuda Message Archiver.

Create a Remote Domain

The Remote Domain must be a non-existent or externally non-routable and unresolvable domain, from either inside or outside your organization, and must match the Mail Contact that is the recipient of journaled messages as it is used by the Exchange Server for routing all SMTP Journal traffic. Use the following steps to create a remote domain:

  1. Open the EMC, expand Organization Configuration, select Hub Transport, and click the Remote Domains tab in the center pane.
  2. In the Actions panel in the right pane, click New Remote Domain. The New Remote Domain dialog displays.
  3. Enter a Name to describe the domain, and the actual Domain name you want to use. In this example, bma.int is the “fake” domain name that is used. You will use this domain name later when creating the Mail Contact:
    newremotedomain.png
  4. Click New to verify the domain settings, and click Finish to save your settings. The newly created domain displays in the Remote Domains list.
  5. Double-click on the newly created domain to open the Properties dialog for the newly created domain, and:
    • In Exchange 2007, select Format of original message sent as attachment to the journal report.
    • In Exchange 2010, select the Message Format tab in the Properties dialog box.
  6. Select the following options to ensure journal messages sent to this domain are MIME Plain Text format (rather than the unsupported Exchange Rich Text format):
    • In the Message Format Options section, turn on Allow automatic forward.
    • In the Exchange rich-text format section, select Never Use:
      bmaproperties.png

      Verify that only Never use and Allow automatic forward are selected in the dialog box.

  7. Click Apply to save your settings, and click OK to close the Properties dialog.

Create a Mail Contact

The Mail Contact is the account that is to act as a “holding location” for journaled messages. The email address associated with this account is the designated recipient, and should be associated with a non‑routable, “dummy” domain name. Use the following steps to create a Mail Contact:

  1. In the EMC, expand Recipient Configuration, select Mail Contact, and in the Actions panel, click New Mail Contact:
    newmailcontact.png
  2. In the dialog, select New Contact, and click Next.
  3. Enter a First name and Last name; the Name field automatically populates based on the entered values. Enter an Alias:
    newmailcontact2.png
  4. Click Edit to the right of the External e-mail address field, and in the SMTP Address dialog, enter the delivery email address, for example, BMA_Journal@bma.int:
    smtp address.png

    The account name can be anything you want, but the domain name must match what you created in the preceding section, Create a Remote Domain.

  5. Click OK to close the dialog box. In the Wizard, click Next to verify the information:
    newmailcontact3.png
  6.  Click New to create the Mail Contact. The newly-created contact appears in the Mail Contact list. Click Finish to close the Wizard.

Create a Send Connector

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Send Connector tab. In the Actions panel, and click New Send Connector. The New Send Connector dialog displays. Enter a Name to identify this send connector, e.g., Barracuda Message Archiver:
    newsendconnector.png
  2. From the Select the intended use for this Send connector menu, select Custom, and click Next.
  3. In the Address Space section, click Add; the SMTP Address Space dialog box displays:
    smtpaddressspace.png
  4. In the Address space field, enter the domain created earlier, e.g., bma.int, and click OK. The SMTP connector is added:
    newsendconnector2.png
  5. Click Next. Select Route mail through the following smart host:
    newsendconnector3.png
  6. Click Add. In the Add smart host dialog box, select IP address, and enter the IP address of your Barracuda Message Archiver:
    add smart host.png
  7. Click OK to add the IP address. Click Next, then click Next again.
  8. In the Source Server page, if your Exchange server is not already listed, click Add to search for and add the server to this list. Click Next to verify your configuration, and click New to create the Send Connector. Click Finish to return to the Send Connectors tab; the newly-created Send Connector displays in the list.
  9. Right-click on the new Send Connector, and click Properties.
  10. In the Properties dialog box, clear Maximum message size (KB):
    send connector properties.png
  11.  Click Apply, and then click OK to save your changes and close the dialog box.

Create a Journaling Rule

Both the Standard and Enterprise versions of Microsoft Exchange Server 2007 and 2010 support Standard and Premium Journaling. Open the EMC, and complete the following steps to add a journaling rule:

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Journal Rules tab.
  2. In the Actions panel, click New Journal Rule; the New Journal Rule dialog displays.
  3. Enter a Rule name, and for the Send Journal reports to e-mail address, click Browse and navigate to and select the mail contact created in the section Create a Mail Contact; e.g., BMA_Journal@bma.int:
    newjournalrule.png
  4. Select the Scope for archiving; the recommended setting is Global – all messages for the most complete coverage.
  5. Turn on Enable Rule, click New to create the Journaling rule, and click Finish to return to the Journal Rules tab where the newly-created rule displays in the list.

Mark as helpful. 0

Setting Max Send and Receive size using Exchange Powershell 2010

Before you run the commands you should check the Transport settings config and check the individual mailbox settings also.

This command is to check the transport config
get-transportconfig | ft maxsendsize, maxreceivesize

This command is to check the send and receive max for individual or all users
get-mailbox “Administrator” |ft Name, Maxsendsize, maxreceivesize
Put an individual user in the quotation or to see all users remove the user and quotations.

This command will set the transport
Set-TransportConfig -MaxSendSize 15MB -MaxReceiveSize 15MB

This command will set all the individual users
Get-Mailbox “Administrator” | Set-Mailbox -MaxSendSize 10MB -MaxReceiveSize 10MB
You can use it on an individual user or remove the user and quotation so it runs on all users.
Change the number accordingly.

Mark as helpful. 0

Active Directory – Find Last Password Set Date and if Password expires

Open up Powershell

import-module activedirectory (This loads active directory into powershell so you can run the commands below)

Get-ADUser -identity username -properties *
(This command gives you all the properties on 1 account)

PasswordLastSet and PasswordNeverExpires are the properties that give you the necessary output.

Get-ADUser -identity username -properties passwordlastset, passwordneverexpires
(This command gives you the two properties on one user

Get-ADUser -filter * -properties passwordlastset, passwordneverexpires | sort-object name | select-object Name, passwordlastset, passwordneverexpires | Export-csv -path c:\userpasswordinfo.csv
(This command gives you the two properties on all the users and exports it to an excel CSV document)

 

Mark as helpful. 0

Get rid of “Do you trust this printer” popup

Below is the popup in question – (Warning this doesn’t work on Windows 2012 from my testing but it works on Windows 2008)

Group Policy / Local Group Policy (just on one server) with this setting called Point and Print Restrictions and it exists under User and Computer Configurations:

Computer Configuration > Policies > Administrative Templates > Printers
User Configuration > Policies > Administrative Templates > Control Panel > Printers

Enable it and  under Security Prompts you want to select “When installing drivers for a new connection” and “When updating driver for an existing connection” to say “Do not show warning or elevation prompt” like here:

How_to_get_rid_of_Do_you_trust_this_printer_dialogue_2

Either restart the machine or run gpupdate /force

Mark as helpful. 0

Manually Purge Exchange Log Files – Exchange 2010

This KB is great for purging log files on Exchange 2010 especially if you don’t have time to run a backup and can’t afford any downtime. Also works great if you have a DAG setup.

Note: If you have separated your log files and database file in different drives, or you want to include additional databases in the “backup” you must include the additional drives in the process, so in the example below, you will “Add volume e:” after “Add volume drive d:” and so on…
1.Open Command prompt
2.Launch Diskshadow 1.Add volume d:
2.(optional, add one line for each additional drive to include) Add volume X:
3.Begin Backup
4.Create
5.End Backup

3.At this step you should notice the following events in the application log indicating that the backup was indeed successful and logs will now be deleted.

Here’s some screenshots from the process:

Diskshadow commands for the example

The Diskshadow example screenshot.

ESE Event ID 2005

ESE – Event ID 2005 – Starting a Full Shadow Copy Backup

MSExchangeIS Event ID 9811

MSexchangeIS – Exchange VSS Writer preparation.

ESE Event ID 224 – Logs being Purged

ESE Event ID 224 – Logs are now purged

MSExchangeIS Event ID 9780 – Backup complete

MSExchangeIS Event ID 9780 – Backup is now complete.

side note: although this example was tested against Exchange 2010, it should work just as fine with Exchange 2013 & 2007.

Mark as helpful. 0

Bulk NTFS Fix Utility

This utility works great to bulk change folders on your workstation or server

http://www.wisesoft.co.uk/software/ntfsfix/default.aspx

 

NTFSFix

System Requirements

  • Windows 2000, XP or 2003 Server
  • .NET Framework version 1.1 (Download from Microsoft or Windows Update)
  • A user account that has full control permissions on the work areas, or has ownership of the folders.

Overview

This tool is used to fix the permissions on user work areas. Specify your custom permissions and select the root folder where your user work areas are stored. A user account with the same name as the folder is given full control permissions by default.

Product Tour

  • Select Mode (Add or Replace)

NTFSFix - Welcome

  • Add custom permissions to the work area (Default permissions shown below)

NTFSFix - Wiz1

  • Select the root folder. (UNC or local path supported) You can also exlude folders here.

NTFSFix - Wiz2

  • Confirm the selection & start the permissions change.

NTFSFix - Wiz2

In the above screenprint two folders were not configured properly. This is because no users exist in the domain with the same name as the folder.

Mark as helpful. 0

All Changes Revert Back After Reboot/Shutdown And BSOD (CtxMcsWbc.sys) in XenApp 7.11

Symptoms or Error

  1. VDA will randomly crash with BSOD.
  2. All changes in master image machine (with local HDD) will revert back after reboot/shutdown.

Solution

Cause 1: 
“PvsVmBoot” is missing from below mentioned registry location
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
Name: BootExecute
Type: REG_MULTI_SZ

Solution 1:

  1. Shutdown the VM.
  2. Boot the VM with Hiren’s Boot ISO (http://www.hirensbootcd.org/download/)
  3. Launch Mini XP
  4. Edit registry with Registry Editor PE (Step 3: https://www.wintips.org/how-to-edit-and-modify-registry-offline/)
  5. Expand below mentioned registry location and edit “BootExecute” registry string HKEY_LOCAL_MACHINE\REMOTE_SYSTEM\ControlSet001\Control\Session Manager

User-added image

 

  1. Verify the same under HKEY_LOCAL_MACHINE\REMOTE_SYSTEM\ControlSet002\Control\Session Manager
  2. Close Registry Editor
  3. Remove Hiren’s Boot CD from boot order and reboot the VM.

 

Cause 2:
CtxMcsWbc.sys Driver is not behaving as expected

 

NOTE: The workaround provided below with effectively disable this driver and leave the VDA in a state that is inconsistent.

This workaround may be used for troubleshooting, but will leave the VDA in an inconsistent state. This driver controls the MCS I/O  Optimization feature The full effect of disabling this driver is not clear at this point.

Workaround

  1. Shutdown the VM.
  2. Boot the VM with Hiren’s Boot ISO (http://www.hirensbootcd.org/download/)
  3. Edit registry with Registry Editor PE
  4. Disable the Citrix MCS cache service by changing the Start value from 0 to 4 from the following sub key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CtxMcsWbc
  5. Delete the “CtxMcsWbc” entry in the “UpperFilters” value in the following sub key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}
  6. Unload the System hive from the mounted VHD.
  7. Detach the mounted VHD.
  8. Start the VM  normally.

Recommendation
Upgrade to XenDekstop 7.15


Problem Cause

Issue with CtxMcsWbc.sys Driver.


Additional Resources

This is a known issue and has been fix in XenDesktop 7.14 [LC6488]

Affected version: XenDekstop 7.9 & 7.11

Mark as helpful. 0

ENABLING FILE AND FOLDER ACCESS AUDITING ON WINDOWS SERVER 2008 AND 2008 R2

Step 1: Enable File and Folder auditing

Enabling File and Folder auditing

It can be done in two ways :
a) Through Group Policy (for Domains, Sites and Organizational Units)
b) Local Security policy (for single Servers)

Step 2: Enable auditing for object access

To enable auditing for object access on a MS Windows Server 2008, follow these steps :

A) Open Group Policy Management Console.
B) Go to the concerned domain and expand the node against it
C) Go to the Group Policy Objects and right – click on it
D) Select New from the popup menu
E) In the New GPO dialog box, enter the name of the new GPO and click ‘Ok’
F) Right-click on the newly created GPO and select ‘Edit’ from the pop-up menu
G) The Group Policy Management Editor window opens up
H) Go to Computer Configuration ? Policies ? Windows Settings ? Security Settings ? Local Policies ? Audit Policies
I) In the right-pane, the list of all policies is displayed

(i) Audit Account Logon Events
(ii) Audit Account Management
(iii) Audit Directory Service Access
(iv) Audit Logon Events
(v) Audit Object Access
(vi) Audit Policy Change
(vii) Audit Privilege Use
(viii) Audit Process Tracking
(ix) Audit system Events

J) Go to the policy for which you want to define settings. If you define settings for all policies, a lot of logs will be generated
K) Double-click on the policy for which you want to define the settings
L) In the Properties dialog box that opens up, select Success/Failure or both
M) Click on ‘Ok’ to close the window
N) Next, you need to apply this policy on the DC. Go to RUN command and type: gpupdate/force/boot/logoff and click ‘Ok’
O) Gpupdate command prompt opens up and a message is displayed: “Updating Policy …”

Step 3: Select specific Folder and define Users

After the policy has been applied, the next thing is to select Files and Folders and which Users’ actions are to be audited

To select specific Folder and define Users, follow these steps :

a) Go to Windows Explorer
b) Right-click on it and select Properties
c) In the Properties dialog box, select the Security tab and click on ‘Advanced’
d) In the Advanced Security Settings dialog box, select the Auditing tab
e) Click on the ‘Add…’ button.
f) In the Select User or Group dialog, enter names of Users whose accesses are to be audited
g) Select ‘Everyone’ to audit access attempts by all Users. Click on ‘OK’
h) Auditing Entry for Accounts dialog box opens up
I) Select the type of accesses to be audited. Successful access/Failed access or both can
be selected
j) Click ‘Ok’ and ‘Apply’ to save the settings

From this point onwards, all the access attempts to this particular folder by all Users would be recorded on the DC. To view these event logs use Windows event viewer.

https://community.spiceworks.com/how_to/122828-how-to-enable-file-and-folder-access-auditing-on-windows-server-2008-and-2008-r2

https://support.solarwinds.com/Success_Center/Log_Event_Manager_(LEM)/Enable_File_Auditing_in_Windows

Mark as helpful. 0

WINDOWS VM BLUE SCREEN “CRITICAL_STRUCTURE_CORRUPTION”

On a Windows Server Virtual Machine that is running VMWare ESXi 5.0.x, you receive a “CRITICAL_STRUCTURE_CORRUPTION” Stop error code that begins as follows:

Bugcheck code 00000109
Arguments a3a01f58`92797517 b3b72bde`e4f976b6 00000000`c0000103 00000000`00000007

To resolve this problem, go to the following VMWare website:

Windows 8.1/Windows Server 2012 virtual machines fail with a blue screen and report the error: CRITICAL_STRUCTURE_CORRUPTION (2060019)

This is a known issue that affects ESXi 5.0.x. For more information, contact VMWare.

To work around this issue, manually create a CPUID mask for the affected virtual machines. To do this, follow these steps:

  1. Turn off the virtual machine.
  2. Right-click the virtual machine, and then click Edit Settings.
  3. Click the Options tab.
  4. Under Advanced, click CPUID Mask.
  5. Click Advanced.
  6. In the Register column, locate the edx register under Level 80000001.
  7. In the Value field, enter the following character string exactly:

    —-:0—:—-:—-:—-:—-:—-:—-

  8. Click OK two times.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

https://support.microsoft.com/en-us/help/2902739/stop-error-0x109-critical-structure-corruption-on-a-vmware-virtual-mac
https://kb.vmware.com/s/article/2060019?sliceId=1&dialogID=158133794&docTypeID=DT_KB_1_1&stateId=0+0+158145165

Mark as helpful. 0

Update Firmware on HP ESXI Host

You want to run a HP CPxxxxxx.scexe firmware update file on your ESXi Host and it doesn’t work?

Follow the steps below to make it happen – most problems are caused by the missing executable permission:

  • enable SSH on your ESXi host (configuration tab, Security Profile, Properties)
  • copy the CPxxxxxx.scexe file to /tmp on your ESXi Host using eg. WinSCP
  • logon as root at your ESXi host and change to /tmp
  • check with “ls” if your CP file is there
  • change file permission to executable: “chmod +x CPxxxxxx.scexe”
  • now run the file: “./CPxxxxxx.scexe”

update_HP_CP

Once complete reboot the ESXi host – done!

 

Mark as helpful. 0