Windows Stuff

Sharing the various little things I have learned to do with Microsoft Windows.  Such as:

Change Window's "register" User/Org

When fixing a corporate or personal laptop, I sometimes like to do little extra tweaks.  Often it is the little, yet visible things that can make a good impression.  A good example is the User / Organization Microsoft Windows remembers from initial installtion and uses going forward. 

Sometimes employees purchase their laptops from their employer when they leave or company's sell of their outdated equipment to employees, friends and family.  So I like to reset that registered User and Organization value in Windows to something more friendly.  You can find the registry key to update here:

HKLM\Software\Microsoft\Windows NT\CurrentVersion

Just update the RegisteredOwner and RegisteredOrganization key values to something more personal, or more generic depending on the situation.

Changing Windows RDP port

Sometimes it's nice to change the default listening port of the Remote Desktop Protocol (RDP) service. Running standard services on non-standard is a simple way to avoid scripted attacks against your systems. Turns out changing the RDP port is as simple as a registry setting and a reboot.

Look here:
HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

Reference: http://support.microsoft.com/kb/306759

Exchange2010 Installtion Issues

I have had a very busy time consulting of late and have not been able to update much on the blog.  However I did want to document this one issue that drove me BERSERK for so long.

Scenario

Deploying a Virtualized Exchange 2010 Testing Environment.  I installed all the pre-requisites but the install failed.  An error similar to this may be shown...

Error:
The following error was generated when "$error.Clear(); if (get-service MSExchangeServiceHost* | where {$_.name -eq "MSExchangeServiceHost"}) { restart-service MSExchangeServiceHost }" was run: "Service 'Microsoft Exchange Service Host (MSExchangeServiceHost)' cannot be started due to the following error: Cannot start service MSExchangeServiceHost on computer '.'.".

It had issues starting some of the services.  The Exchange Services would just hang.  I found entries like the following in the Event Viewer...

Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1348). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.

I found numerous articles about disabling IPv6 via the registry, or if you un-checked IPv6 on the network adapter properties to re-enable it.  That seemed to help me get my first Front-End and Back-End servers installed.  However I was adding a second Front-End and Back-End server when this same fix did not help.

After uninstalling and reinstalling, or at least attempting to install, Exchange 2010 numerous times I noticed my original servers also stopped working and the Event Viewer had errors like above indicating it could not talk to AcitveDirectory.  I really dug into the network connectivity piece but could not find and issue.

I eventually found one person who mentioned GPO objects that preventing some access to AD.  One of the Exchange services requires the right to manage the security and audit log, obstensibly to be able to write to it.  If you have the following group policy setting using a specific user/group it fails.  In the Default Domain Policy, the GPO Object is:

Computer Configuration>Windows Settings>Security Settings>Local Policy>User Rights Assignment>Manage auditing and security log.

The author of the post mentioned setting it back to "not defined", but in my environment I added the computer accounts of my new virtual Exchange 2010 servers.  I ran "gppdate /force" on each host and rebooted.  That seemed to correct all my issues for now.

How To Replicate Public Folders Recursively in Exchange 2007 / 2010

Thanks to Clint Boessen's Blog article, I saved quite a bit of time in configuring Public Folders to replicate from the Exchange 2003 environment to the Exchange 2010 Public Folder Databases.  Microsoft has a handy powershell script just for this purpose.  You can replicate an entire folder heirachry to another server database.

Command Syntax:

C:\path\AddReplicaToPFRecursive.ps1' -TopPublicFolder "\" -ServerToAdd Servername

Quick note that you will receive an error about the "top level" which cannot be replicated which is to be expected.  Hopefully MS will design a better DAG / Replication for Public Folders in the future.

Fix - EventID 4007 DNS Server Error

The DNS Server Event Log was throwing the Event ID: 4007 error for "domain.com" and "_msdcs.domain.com". When I investigated it seemed to be throwing it for an old AD integrated domain that was no longer in use. I was not the original creator of the environment, but was just trying to create some good clean living.

The DNS server was unable to open zone _msdcs.domain.com in the Active Directory from the application directory partition ForestDnsZones.domain.com. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

I hunted around to try to find any remaining evidence of this domain. After looking all over, I decided I should just remove it with a little brute force. To do so, remove the offending zone entries from this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zone

WARNING: Export a copy of the registry key if you are unsure.

Fix - GotoMeeting Could not Connect

Had a very odd issue with GotoMeeting client on a Laptop PC.  The client refused to connect so the user could attend an online meeting.  It was acting like it had no network connection.

However, the system clearly had a working network connection.  Browsers pulled up webpages, email clients worked, and I could ping/nslookup various sites.  Later I noticed the system complaining about the AV being out of date, but the definitions listed were the most recent ones.

I looked for signs of a virus and/or spyware and found none.  Then I noticed the clock was slightly off so I thought maybe a CMOS battery.  Voila... the clock was set nearly one year ahead.  Once I adjusted the date to the correct time, some of the odd systems behaviours went away and GotoMeeting connected without issue.

Fix - Internal CA Certificate issues on Server 2003

In one environment, I noticed various security certificate symptoms that caused problems on a particular Windows 2003 Server x64 Workstation.

Some of the errors mentioned included text like "The signature of the certificate cannot be verified" and "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered". I had ripped out all the internal certificates and re-added them.

Looking at one email that came through with a digital signature that did not have any errors, I saw it had a different certification path. The CA was the same, but an intermediate certificate was different and appeared older. Also other newer OS's (aka Server 2008, Windows7) did not seem to have any issues.

I found this MS KB article/hotfix. Once installed and after a reboot, the issue went away.

http://support.microsoft.com/kb/938397
Applications that use the Cryptography API cannot validate an X.509 certificate in Windows Server 2003

Fix - Vsphere Client System.Reflection.TargetInvocationException

The Windows Server 2003 x64 workstation I was using for the vSphere 4.1 client recently stopped working. Was working fine for quite awhile, but recently I had installed and demo'd a few various software packages. I tried the usual uninstall and reinstall without success.

Thought it was most likely a .NET issue (aren't they usually?) and ripped all that off and tried again. Still the client would load, but the main panel would not display correctly. Started digging through the vSphere client logs in C:\Documents and Settings\username\Local Settings\Application Data\VMware\vpx and found this error:

[viclient:Error :M:16] 2011-03-03 17:01:01.028 System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.

Some back and forth with VMware technical support did not make any progress. A rebuild / repair was not really an option and I had another workstation I could use for the vSphere client for now. Eventually this thread was discovered:

http://communities.vmware.com/thread/279463

I looked up what the "nx" option specified did. "Enables, disables, and configures Data Execution Prevention (DEP), a set of hardware and software technologies designed to prevent harmful code from running in protected memory locations." Sounded plausible so I followed the instructions for disabling DEP for an individual program from Microsoft and selected the vpxclient.exe program.

Problem solved... no reinstall of vSphere or Reboot needed.

Fix - WMI Error EventID 10

On two new 2008R2 Servers I noticed an error similar to:

Log Name: Application
Source: Microsoft-Windows-WMI
Date: 1/18/2008 2:37:27 PM
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Doing a little research led me to the MS KB article below where you need to run a small vbs script to correct the issues.

http://support.microsoft.com/kb/950375


strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\subscription")

Set obj1 = objWMIService.Get("__EventFilter.Name='BVTFilter'")

set obj2set = obj1.Associators_("__FilterToConsumerBinding")

set obj3set = obj1.References_("__FilterToConsumerBinding")



For each obj2 in obj2set
                WScript.echo "Deleting the object"
                WScript.echo obj2.GetObjectText_
                obj2.Delete_
next

For each obj3 in obj3set
                WScript.echo "Deleting the object"
                WScript.echo obj3.GetObjectText_
                obj3.Delete_
next

WScript.echo "Deleting the object"
WScript.echo obj1.GetObjectText_
obj1.Delete_

Fix - Windows KMS Activation failure

In a lab environment, we run a Microsoft KMS server. We had built out an initial group of clients to meet the 25 minimum for KMS. Time passed and some engineers built out another group of clients, but everytime a client attempted to activate:
0xC004F038
The Software Protection Service reported that the computer could not be activated. The count reported by your Key Management Service (KMS) is insufficient. Please contact your system administrator.

The server did not show any errors and I could see the entries in the KMS log. I made sure the SRV record was in place, forward/reverse DNS was clean, and the system clocks were in sync. After some head banging, started digging into the Event details using the info below:


EventID: 12290
Logged by: KMS
Message:
An activation request has been processed.%nInfo:%n%1

HRESULT Return code 0x0
N-Policy Client product minimum count needed to activate 25
Machine Client computer name kms03.site5.contoso.com
CMID Client Machine ID e5c98033-aab6-4d0b-9af9-1d399597dd56
Client Time Request timestamp 2006/1/14 22:36
VM Info Client OS is running in a virtual machine 1
Licensing Status License status:

0 - Unlicensed
1 - Licensed (Activated)
2 - OOB grace
3 - OOT grace
4 - NonGenuineGrace
5 - Notifications
6 - Extended Grace

2
Time to Expiration Time remaining (minutes) 40123
ActID Activation ID - identifies the license cf67834d-db4a-402c-ab1f-2c134f02b700

That is when I noticed the "CMID" was the same for the different "Machines" attempting to activate. This was a result of the engineers spinning up copies of their VMs. The fix was simple enough, execute the following command on each KMS client, reboot, and try again:

      slmgr -rearm

How To - Moving Google AppSync Outlook Mailbox Data

With the release of Google's Outlook AppSync Connector, many users and organizations have used this tool to connect Microsoft Outlook to GoogleApps email.  One of the most painful parts of the AppSync Connector is the initial synchronization process.  Having a large mailbox means this process could take quite a long time.

Recently, a user with a 6+ GB mailbox had a major system crash.  The harddrive was fine but the system was not bootable.  It was important to get the user restored ASAP.  It was also critical to retrieve the data in Outlook "notes" and "tasks" .  Unfortunately that data is NOT sync'd via the AppSync Connector to GoogleApps so it was not available via the GoogleApps Gmail interface.

I grabbed a freshly built laptop and created a new profile.  I then rebooted in safe mode and logged in as Administrator.  Using a USB sled, I connected the old harddrive and copied the profile data over from the original harddrive. 

I thought I was golden when I saw the mail profile for GoogleApps listed there, but when I launched Outlook it complained it could not open my default folders.  Next I used the GoogleAppSync "Setup a New User" Start Menu item to create a new mail profile.  There is no need to "import" any data from any existing profile or PST.  After launching Outlook and watching it start the synchronizationprocess, I shutdown Outlook.  

I then opened the "C:\Documents and Settings\username\Local Settings\Application Data\Google\Google Apps Sync" folder and created a "backup" folder.  Sorting by date, you should see the "sets" of data files for each mail profile, one "new" set created a few minutes ago and the older set with larger file sizes.  Move the "new" data files in backup folder and you may also want to create a "copy" of the old files to put into the folder as well.

Now the trick... Copy the magic ID code that is part of the NEW file names.  Then replace the old ID code in the OLD files with this new code.  The file names will look like one of these...

Just replace the "01ca17ad-a586e986" string from the old files with the string from the NEW files.  Essentially renaming the old files to the new file names. 

Now simply cross your fingers and open the appropriate Outlook profile.  The old profile will have to synchronize the latest updates, but that is 6GB less of data to download from GoogleApps.  I verified the task and note data from old profile is present.

End result was ~1 hour to get the mail profile back to good working order instead of several days of synchronizing 6GB of mail and importing tasks and notes from the PST file and/or restoring from backup.

How To - Uninstall Software Update Manager

Recently I have had several laptops deployed that have experienced severe lag and performance issues as well as application hangs/crashes.  Upon investigation, it seemed to consitantly relate to the following two executables:

Both files have info relating them to the "MacroVision Software Manager".  In the Start Menu, there was a shortcut to "Software Manager".  It periodically pops up the "water droplet" icon asking users to update some software.  On our DELL laptops in house, I believe this is tied into the Roxio software package that comes with the DVD burner on our standard laptops.  Annoyingly there is no Add/Remove Software option for this software via the Control Panel.

From doing a little research:

FLEXnet Connect is a solution that Acresso sells to software vendors that is designed to help you stay connected with your customers after they install your applications.  Keeping software updated is one of the many benefits of FLEXnet Connect, but Acresso also recommends that software vendors build in an option to disable automatic update checking. If you are using an application that uses FLEXnet Connect, your application may have a configuration option to disable update checking. Please check your application’s menu options.
If your application does not have this option, Acresso has created a tool called the Software Manager that can disable automatic update checking. The Software Manager utility lists all applications currently using FLEXnet Connect on your computer and the FLEXnet Connect's status with that application.

You can disable the service's autorun key:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Look for the ISUSPM.exe entry and simply rename/modify the key to ISUSPM.ex_ (I'm a fan of disabling / intentional breaking vs. deleting keys).  Alternatively export the key to make a backup.  Also remove the shortcut from the program menu as it will recreate the key if you launch the program.

Note that this could conceivably break certain software applications from updating.

 

HowTo - Turn Off Autoplay

I often find it wise and practical to disable AutoPlay.  To disable AutoPlay on CD/DVD and removable drives, you can simply edit the local policy.  In an AD environment, you can also push this setting via GPO.

 

XP Professional

 

Windows 7 Professional

Note: This setting appears in both the Computer Configuration and User Configuration folders. If the settings conflict, the setting in Computer Configuration takes precedence over the setting in User Configuration.

XP Home

In XP Home, you need to make a change directly to the registry...

 

Microsoft Exchange Server Version/Build Nubmers

This handy table has the version numbers for Exchange's different versions, service packs, and update rollups. Very handy.

http://social.technet.microsoft.com/wiki/contents/articles/240.exchange-server-and-update-rollups-build-numbers.aspx

Here's a quick summary...

Microsoft Exchange Server 20036.5.6944233
Microsoft Exchange Server 2003 SP1 6.5.7226
Microsoft Exchange Server 2003 SP2 6.5.7638
Microsoft Exchange Server 20078.0.685.24
Microsoft Exchange Server 20078.0.685.25
Microsoft Exchange Server 2007 SP1 8.1.240.6
Microsoft Exchange Server 2007 SP2 8.2.176.2
Microsoft Exchange Server 2007 SP3 8.3.083.6
Microsoft Exchange Server 2010 14.0.639.21
Microsoft Exchange Server 2010 SP1  14.1.218.15
Microsoft Exchange Server 2010 SP2 14.2.247.5
Microsoft Exchange Server 2010 SP3 14.3.123.4
Microsoft Exchange Server 201315.0.516.32

Perl Script - Active Directory Password Expiration

There are alot of reasons to use Active Directory (AD) for your central authentication needs.  On a corporate AD network though, there may be some non-windows users that will not get the friendly password expiration reminders when they login to their systems.  Subsequently these users will get locked out when their password exipres.

Obviously this is a pain for IT Support and can prevent users from accessing all those AD integrated services (VPN, web-portals, etc).  I found this nice little perl script that will query AD and can email the users who have passwords that are about to expire.  Those users then can RDP into a dummy little system I built to easily reset their password.

I tweaked the script a little to fit our specific needs.  Besides the actual password checks, it can easily be tweaked to do alot more.  I will attach my default script and configuration file so others can have some fun.

AttachmentSize
Perl_AD_PasswdExpire.txt9.6 KB
Perl_AD_PasswdExpire_ini.txt1.56 KB

RealTek HD Audio and Windows7

I finally got around to rebuilding my primary desktop PC.  In addition to adding the second harddrive and creating a RAID1 configuration, I took the leap to Windows7.  Now my main desktop and my new Aspire Aspire Nettop media PC (review to come) run Windows7 on my home LAN.

After completing the upgrade, everything seemed to work out of the box fine.  Mind  you, my hardware is about 2.5yo so there shouldn't have been much issues or so I thought.  I noticed one item in device manager that was "unknown", but a Windows Update with the optional hardware updates resolved that.

Then I decided to setup my new Hauppauge HD PVR (review to come) and do some test recordings.  That's when I noticed I had no sound.  Windows7 told me there were no speakers connected, even though I did have a simple pair of Harmon Kardon's connected until I get my Logitech Surround system wired.

So I tried removing and reinstalling the hardware without success.  Then I decided to search for specific drivers for the Realtek HD Audio that is built into my Asus motherboard.  I found the manufacturer website and HD codecs here: http://www.realtek.com.tw/downloads

However multiple attempts to download files just timed out or were crawling at a few K/sec.  Eventually one finally did download.  I installed it, rebooted, and VOILA!  Sound restored.

I have also attached a link to download the 32bit Vista/Windows7 driver from my server to spare other people the pain of downloading it from overseas.

Download Windows7 32bit Realtek HD Audio Driver here.

SQL Server Version Numbering

I wanted to create a little reference table for SQL server versioning to at least tell me which service pack I was running. So here it is...



SQL Server 2012 Service Pack 111.00.3000.00
SQL Server 2012 RTM11.00.2100.60
 
SQL Server 2008 R2 Service Pack 210.50.4000.0
SQL Server 2008 R2 Service Pack 110.50.2500.0
SQL Server 2008 R2 RTM10.50.1600.1
 
SQL Server 2008 Service Pack 310.00.5500.00
SQL Server 2008 Service Pack 210.00.4000.00
SQL Server 2008 Service Pack 110.00.2531.00
SQL Server 2008 RTM10.00.1600.22
 
SQL Server 2005 Service Pack 49.00.5000.00
SQL Server 2005 Service Pack 39.00.4035
SQL Server 2005 Service Pack 29.00.3042
SQL Server 2005 Service Pack 19.00.2047
SQL Server 2005 RTM9.00.1399
 
SQL Server 2000 Service Pack 48.00.2039
SQL Server 2000 Service Pack 38.00.760
SQL Server 2000 Service Pack 38.00.760
SQL Server 2000 Service Pack 28.00.534
SQL Server 2000 Service Pack 18.00.384
SQL Server 2000 RTM8.00.194

Reference: http://support.microsoft.com/kb/321185

Script - Restart Service on ALL Hosts

After pushing some registry tweaks via GPO, it turned out I needed to restart the service on every host.  Rebooting and/or logging into each host was not a convenient option.  I figured there must be a way to do it.  This is the solution I came up...

Requirements

What It Does...

Uses the "net view" command to get a list of available servers.  Then the "psservice" command is used to connect to each system and execute the action for the service specified.  It also creates a log file in C:\TEMP

Usage:  <filename.bat> <servicename> <action>

<servicename> = The name of the serivce as it appears in the properties of the Services Control Panel.

<action> = any action that is supported by psservice (see "psserivce /?")

My Batch Script

@echo off  
REM Created by MWalker@Techadre.com - 20090402  
REM -- initialize global variables -- 
set Tnow=0 
set Today=0 
set DEBUG=1 
set Service=%1 
set Action=%2 
set Server=0  
REM *** DISCLAIMER *** 
echo Are you sure you %Action% %Sevice% on ALL servers? CTRL-C now to bail.  
pause  
REM *** Pre-Execution Stuff ***
for /f "tokens=1,2,3 delims=,-/" %%a in ("%date:~4%") do set Today=%%c%%a%%b
set Tnow=%time::=%
set logfile=C:\temp\service_restart_script_%Today%-%Tnow%.log
echo Logfile for this script is... %logfile%

REM *** Cleanup Old List File ***
if exist "C:\TEMP\SERVER.LIST" (
    ECHO *** DEBUG *** Deleting Old SERVER.LIST file >> %logfile%
    del /F "C:\TEMP\SERVER.LIST"
)

REM *** Create the Server List ***
IF %DEBUG% EQU 1 net view |find "\\" >> C:\TEMP\SERVER.LIST.%Today%-%Tnow%
ECHO - Getting Server List >>%logfile%
net view |find "\\" >> C:\TEMP\SERVER.LIST

REM *** For Each Server Listed, Do Something ***
ECHO - Starting process at %Today%-%Tnow% >> %logfile%
for /f "tokens=1 delims= " %%i in (SERVER.LIST) do (
    IF %DEBUG% EQU 1 ECHO *** DEBUG *** Processing %%i
    ECHO - Processing "%%i" >>%logfile%
    IF %DEBUG% EQU 1 ECHO *** DEBUG *** Executing - psservice %%i %Action% %Service% >>%logfile%
    psservice %%i %Action% %Service%
)
ECHO - Ending process at %Today%-%Tnow% >> %logfile% 

Modifications

An idea for tweaking this script would be to add more command line options to pass server names or patterns to be found in names.  For example if you have a server name convention for SQL servers that use "sql" in the servername, you could restart a service on only SQL servers.

Also one could right a more complex script to issue commands and track the status and report if any server fails to restart correctly.  Feel free to comment and submit your ideas and tweaks.

Tip - DSADD and DSMOD Commands

Problem

Adding a large group of new Active Directory (AD) users and add them to a group.

Solution

Using DSADD and DSMOD command line options in a batch script.

Knowing the command syntax and having a Excel Spreadsheet of the User information, I created a bulk list of commands I executed by "batch" script.

Using the following single command line, you may add users to your AD environment.

dsadd user "CN=Firstname Lastname,CN=Users,DC=domain,DC=local" -samid userid -upn "userid@domain.local" -fn "Firstname" -ln "Lastname" -display "Firstname Lastname" -pwd password123 -email "username@domain.com"

Using the following single command line, you may add a user to a group.

dsmod group "CN=GroupName,CN=Users,DC=domain,DC=local" -addmbr "CN=Firstname Lastname,CN=Users,DC=domain,DC=local"

Note - There additional command line parameters that may be available to meet your needs, so take a look yourself.

Windows 2008 DHCP Server in Workgroup

I was recently reminded of an issue we had with our small office LAN.  Periodically, the small server we had serving basic network services like DHCP and DNS would crawl to a halt or crash.  Upon investigation, I discovered it was due to the system running out of memory.  After rebooting, the system seemed to run just fine.

To help diagnose, I added NSClient++ to the system and monitored system resources via Nagios.  Sure enough, over time you could see the memory usage slowly increase.  I discovered it was the DHCP server process causing the issue.  A little googling led me to the "A Windows Server 2008-based DHCP server that is configured in a workgroup environment may consume too much memory" Microsoft KB article.

Sure enough, after performing the suggested registry change we have not seem the same memory utilization issue that lead to the server crashing.  To spoil the lovely KB article, you just need to execute the following command (one-line):

reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DHCPServer\Parameters 
/v DisableRogueDetection /t REG_DWORD /d 1

XP Install Blank Black Screen

Recently I had to rebuild several desktops for redeployment for some summer interns.  I grabbed the manufacturer OS install CD and booted up, hit any key to boot from the CD, started initializing and ... Black Screen.  

Well, I thought it was maybe a video issue since I had a pretty new LCD hooked up to a older desktop.  I pulled an older monitor down from the shelf and tried again.  Same behaviour when starting the WindowsXP install I ended up in a black screen.  I rebooted again and missed the "hit any key" and then I saw GRUB appear.

Grub is a linux bootloader.  So the previous incarnation of this system was apparently a CentOS linux OS.  I pulled out one of my handy boot utility CDs and booted into a prompt and used an FDISK tool to reset the MBR and define a single primary/active NTFS partition.  Rebooted off the XP install CD and all was good.