Saturday 13 December 2008

Communicator 2007 Automatic Sign-in Failure

In my case this was caused by lack of DNS entries.
Just creating a sip CNAME to my OCS 2007 server was enough, but there are others you can create.

I found a tool that helps you troubleshoot DNS issues here.

A\CNAME records:

SRV Records:

Communicator 2007 Fails to download corporate address book

In my case, this was caused by https certificate problems. The certificate had been generated during the install, but had not been applied to the IIS server.
Can also be caused by firewall issues with ports or IIS MIME issues for dabs (application\dabs) or lsabs (application\lsabs).

OCS 2007 Activation Problem

Failure to activate OCS 2007 during installation.
This can be based by having a space ( ) or quote (") character in the service account passwords.
Looks like the setup program does not quote the password correctly, so fails when either of these two charaters are used.

Saturday 29 November 2008

DPM 2007 SP1 Real Soon

Launched at the start of December 2008 apparently.
I'm not clear as to how the Hyper-V protection will work though - Will we have to pause Hyper-V guests or not during protection?

More details here:

Sunday 12 October 2008

Unable to complete configuration wizard for System Center Essentials 2007

The confugration wizard was generating the following error:
Date: 12/10/2008 00:23:47
Application: System Center Essentials
Application Version: 6.0.1251.0
Severity: Error
: Verification failed with [1] errors:
Error 1:
: Failed to verify Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f].
Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f] is a duplicate to Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServere2f7dfce1adc45e0adbcbf63664743af] defined within the same ManagementPack. Please remove any one of the duplicate overrides.
Failed to verify Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f].Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f] is a duplicate to Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServere2f7dfce1adc45e0adbcbf63664743af] defined within the same ManagementPack. Please remove any one of the duplicate overrides.
: Failed to verify Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f].
Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f] is a duplicate to Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServere2f7dfce1adc45e0adbcbf63664743af] defined within the same ManagementPack. Please remove any one of the duplicate overrides.
: Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServer6c1cc55796f6477f97fbe53bcdb1154f] is a duplicate to Override [OverrideForRuleMicrosoftSystemCenterEssentialsInternalScheduledDiscoveryForContextMicrosoftSystemCenterRootManagementServere2f7dfce1adc45e0adbcbf63664743af] defined within the same ManagementPack. Please remove any one of the duplicate overrides.
I found this closed bug:
(Didn't help)

Then I found this, which did...

System Center Essential OpsMgr Error 0x80004005

After an install of SCE 2007, the OpsMgr service would not start and kept throwing an 0x80004005 error.

Found another blog with a fix:

It was a little different in my case, I had to remove LMIRfsClientNP from the registry key:

Saturday 27 September 2008

D-Link DCS-6620G - HTTP 400 Bad Request

After the install of Silverlight - My D-Link DCS-6620G camera started returning HTTP 400 Bad Request errors.

After a bit of investigation, I found this:

Locating the key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents, I removed a couple of XML document type I figured that I would never use.
Everything now works fine.

Monday 25 August 2008

Kaspersky Internet Security 7 will not install

I'd forgotten this one... Something gets left in the registry so that the Kaspersky install keeps giving you this error:
"You must restart your computer before proceeding with the installation."

Download and apply this registry fix from Kaspersky.

More details here:

Thursday 14 August 2008

Network connection keeps stopping in Windows Vista Ultimate x64

I've recently had an issue with my main desktop machine losing network connectivity overnight. No other machines are affected, only my desktop one. The problem computer is connected via wired ethernet to a Netgear GS105 Gigabit switch. The lights on the switch stay on, so there appears to be nothing wrong with the physical connection but the system still can contact nothing on the network.

What has worked as a fix, was to go into the network connections, disable and then enable the LAN connection. The computer will then work fine for another 24 hours.

After some searching, I read this:

Which then led to this:

Now, each time the connection has stopped working, I have had my Windows Mobile 6.0 phone plugged in, synchronising and charging. I wondered if this was the same as Internet Connection Sharing as the phone is given an IP and can access the network via my desktop computer. When I had network problems with my network camera, I do remember switching on RSS (receive side scaling) as part of the changes made to the IP stack.

I've disabled RSS for now using the command:
netsh interface tcp set global rss=disabled

I'll followup with any further lockups or not!

Tuesday 29 July 2008

Poor performance with D-Link DCS-6620G and Microsoft Windows Vista - Solved

I recently bought a D-Link DCS-6620G IP camera to replace a failed Panasonic one. I found the performance to be terrible. After running a network capture I discovered the following:

My Vista desktop would send two TCP SYN requests with ECN and CWR flags set.
The camera would resond to each of these with a TCP RST.
My Vista desktop would then send a TCP SYN request without ECN and CWR flags and the camera would then respond normally.

This problem also meant that I could not add the camera to D-Link D-ViewCam Monitor as the request to add a camera failed with an unable to connect message.

After a bit of reading, I discovered the CWR and ECN flags were being set because I had ECN enabled in my IP stack. I verified this by running:
netsh interface tcp show global
Querying active state...
TCP Global Parameters
Receive-Side Scaling State          : enabled
Chimney Offload State               : disabled
Receive Window Auto-Tuning Level    : disabled
Add-On Congestion Control Provider  : none
ECN Capability                      : enabled
RFC 1323 Timestamps                 : disabled
Running the following, disabled the setting:
netsh interface tcp set global ecncapability=disabled
netsh interface tcp show global
Querying active state...
TCP Global Parameters
Receive-Side Scaling State          : enabled
Chimney Offload State               : disabled
Receive Window Auto-Tuning Level    : disabled
Add-On Congestion Control Provider  : none
ECN Capability                      : disabled
RFC 1323 Timestamps                 : disabled
The camera is now working very well.

Saturday 12 July 2008

Microsoft DPM 2007 - Enable colocation of data on tape

If you have multiple storage groups with the same data retention policies, you can now colocate the data on the same tapes as long as you have installed theDPM 2007 feature pack. Most useful if you have a single drive rather than a library.

It's not settable in the GUI, but the following Powershell command turns it on:
Set-DPMGlobalProperty -DpmServer -OptimizeTapeUsage $true

More details here

Thursday 10 July 2008

Update Rollup 3 for Exchange Server 2007 Service Pack 1

This (KB949870), was applied by Windows Update last night, and I woke up to no incoming email. On investigation, I found that there was no smtp (25) port open, and that the Microsoft Exchange Transport hadn't started after the reboot.

I attempted to manually start the service, but no joy as it timed out after 30 seconds. I reviewed the event logs, nothing there, tried again and it worked. Did a trawl back through the event logs when the server restarted, and again nothing. There were some eventid 3001\3003 from the EvntAgnt (log file not at end) so I may be missing some logs.

The only other issue I can think of, is that this is a single server Exchange 2007 installation - I.e. The transport service is running on the same server as the mailboxes rather than on a separate edge server. I would think this receives no testing by Microsoft!

I will have to monitor this the next time I reboot. Is anyone else having this issue?

DPM 2007 Feature Pack - Out!

The feature pack that is supposed to fix quite a few issues was released on the 1st July. I seemed to have missed it even though my DPM server is subscribed to Windows Update.

Found out about it here:

Details from Microsoft here:

Saturday 5 July 2008

Configure Server 2008 Time

I used the command:
"w32tm /config /manualpeerlist:"" /syncfromflags:manual /reliable:yes /update"

More details here:

Friday 20 June 2008

Active directory permissions inheritance being cleared

I've been having an issue for some time where certain users and groups were having thier AD inheritance flag cleared and an arbitary set of permissions made.

It turns out that this is by design. Because the users belonged to a group, which belonged to Print Operators, thier permissions were being set to match the System\AdminSDHolder object. The PDC emulator runs an hourly process which copies the permissions from AdminSDHolder to these protected objects.

The following article describes how to remove Print Operators from this protected list of groups. The article talks about a hotfix, but this is only relevent for Windows 2003 SP1. Windows 2003 SP2 already has this change.

You can find the article here:

Sunday 15 June 2008

A couple of great Media Center addons

Just wanted to share a couple of excellent Media Center addons I have found recently
The first, called WebGuide4, allows you to access your Media Center PC through a web interface, including mobile:

The second allows access to BBC iPlayer, ITV Catch Up and Channel 4 Catch Up from within Media Center:

DPM 2007 Agent failing to protect Windows Vista SP1

I recently modifed my DPM 2007 installation to backup my local users folder on Windows Vista Ultimate x64. This would not work and kept producing the following event logs when I attemted to manually sync the share:
Log Name:      Application
Source:        Application Error
Date:          15/06/2008 08:50:37
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Faulting application DPMRA.exe, version 2.0.5820.0, time stamp 0x46f990f7, faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791ada5, exception code 0x80070002, fault offset 0x000000000002649d, process id 0x1ff8, application start time 0x01c8cebaac1ac7c8.
After some research I found the following fix:

You have to create the following DWORD registry key with a value of 1:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\obcaseinsensitive

Saturday 14 June 2008

Windows Vista Ultimate x64 Component Registration Problem

My Media Center PC randomly decided to stop working. After a lot of searching and trying I finally found this:

The steps were:

  1. Close Media Center
  2. Click on the Start menu, choose run and type cmd
  3. Execute the command regsvr32.exe atl.dll
  4. Execute the command C:\WINDOWS\eHome\ehSched /unregServer
  5. Execute the command C:\WINDOWS\eHome\ehSched /service
  6. Execute the command C:\WINDOWS\eHome\ehRecvr /unregServer
  7. Execute the command C:\WINDOWS\eHome\ehRecvr /service
  8. Execute the command C:\WINDOWS\eHome\ehRec.exe /unregServer
  9. Execute the command C:\WINDOWS\eHome\ehRec.exe /regserver
  10. Execute the command C:\WINDOWS\eHome\ehmsas.exe /unregServer
  11. Execute the command C:\WINDOWS\eHome\ehmsas.exe /regserver
  12. Restart Media Center

Thanks so much guys!

Sunday 25 May 2008

DPM 2007 DPMRA Error 10048 (0x2740)

After rebooting my Exchange server because of DNS issue, the DPM protection stopped. Further investigation found this in the event log:
The DPMRA service terminated with service-specific error 10048 (0x2740).

Google found this:

Essentialy you use 'netstat -oan' to find the PID of the process using port 5718 or 5719, which are both required by DPMRA.
Then use 'tasklist' and 'tasklist /svc' to discover which process it is. In my case, it was the MS Exchange Information Store.

I fixed it by stopping all Exchange services, starting DPMRA and then restarting Exchange.

It's kind of weird that MS Exchange can use the DPMRA ports when DPM is speciffically for protecting Exchange (amongst other things).

Thursday 22 May 2008

How to re-create the Show Desktop icon on the Quick Launch toolbar

Create a text file called Show Desktop.scf containing:


More details here:

How to enable user environment debug logging in retail builds of Windows

I've found this quite useful in debugging slow logins or incorrect application of group policy.

Create the following DWORD value:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserEnvDebugLevel

0x00030002 - Masses of debug info
0x00010001 - Normal

It logs to:

More details here:

DPM 2007 Internal error code: 0x80990A93

When changing the PG (Protection Group) that my server belongs to, I normally get this error message:
DPM cannot protect \\\Optical Drive\. The recycle bin, the System Volume Information folder, non-NTFS volumes, DFS links, CDs, Quorum Disk (for cluster) and other removable media cannot be protected. (ID: 38)

Today, it suddenly changed to:
DPM cannot access the path \\\Optical Drive\ because part of the path has been deleted or renamed.
Check the path and enter it again.
ID: 36
Details: Internal error code: 0x80990A93

It took me a little while to realise that this was because I had removed the DVD from the drive! I thought I'd broken something by reinstalling the DPM client!

Tuesday 20 May 2008

SQL Database missing from DPM 2007

Having fixed my SQL 2005 issues with DPM 2007, I found my main production SQL database was missing from the list of resources available to be protected. When attempting a normal SQL backup, I got an error message telling me that the Full Text Index was missing.

I recreated the Full Text Index, (got lost when changing SQL versions - No backup, that's what DPM was supposed to do!), and everything worked great.

The thing I learned here was, if DPM is having problems protecting a resource, try another backup type for more information on the error!

DPM SQL Issues

I had the following scenario:
  • DPM 2007 Running on Windows Server 2003 R2 SP2 (x86)
  • SQL 2005 Standard (x86) running on Windows Server 2008 (x64)
DPM would not protect the SQL databases, and kept giving errors that the protection was "inconsistant". There were lots of SQLVDI errors in event viewer, including a BADMEM error.
To cut a long story short, I found the fix was to replace the x86 version of SQL 2005 with an x64 version.

Windows Vista SP1 x64 - Multiple Taskeng processes consuming resources

I think I've found the cause, with not a little help, of all my multiple taskeng processes that have been plaguing my x64 SP1 Vitsa box:
  1. Open Task Scheduler from Administrative Tools
  2. Delete any User_Feed tasks
  3. Type 'msfeedssync enable' at the command line to recreate

Thanks guys!

Saturday 16 February 2008

Blog Tags were not working

I've added the following to web.config to allow these to work:

I added it just before the  tag.

How-to Enable antispam updates on a single Exchange 2007 server

There is a handy little script that you can run from the Exchange Management Shell:

To update manually:

To update automatically:
Enable-AntispamUpdates -UpdateMode Automatic

How-to Allow a distribution group to receive mail from the internet

Found the answer here:

Use the following command in Exchange management shell:
Set-DistributionGroup "Group Name" -RequireSenderAuthenticationEnabled $false

Moved to new server

We are now running on Server 2008.

Let me know of any issues please!

Virtual Server on Server 2008

You must remember to add the CGI service role to IIS 7.0:

How-to Create antispam reports

There are a number of reports avaiable in Exchange Management Shell.

You must first change into the scripts directory (cd C:\Program Files\Microsoft\Exchange Server\Scripts) and then try the following:

Tuesday 12 February 2008

How-to grant Sendas for Distribution Groups

Found the answer here:

Run the following in Exchange Management shell:
Add-AdPermission "Distribution Group Name" -user "Mailbox Name" -AccessRights extendedright -ExtendedRights "send as"

Sunday 10 February 2008

How-to Backup Exchange 2007 on Server 2008

After all the hassle of getting Exchange 2007 setup yesterday, I found that I had no way to backup my Exchange 2007 server running on Server 2008. For whatever reason, Microsoft do not supply NTBackup and there is no in-built way of backing up Exchange 2007 when run on Server 2008.

Now, I could opt for a third party backup program or use Microsoft DPM, but for my 4 user network, this is a little bit of an overkill.

After some research, I found this article on how to install NTNackup on Vista:

I followed this by copying the following binaries from my old server (C:\Windows\System32\) to my new server (C:\Program Files\NTBackup\):
  • ntbackup.exe
  • ntmsapi.dll
  • vssapi.dll
I installed the removable storage manager from server manager:
  • Start Server Manager
  • Click Features
  • Click Add Features
  • Select Removable Storage Manager
  • Click Install
When NTBackup starts, you will see an error regarding removable storage, but I just ignored this and clicked "Do not show this again"

Upon running NTBackup, I could see drives and system state, but no Exchange!

I then found this:

I copied esebcli2.dll from my old server (C:\Program Files\Exchsrvr\Bin) to my new sever (C:\Program Files\NTBackup)

I ran regedit and changed the esebcli2 key from C:\Program Files\Micrsoft\Exchange Server\Bin\esebcli2.dll to C:\Program Files\NTBackup\esebcli2.dll.

I ran NTBackup and backed up my Exchange store to disk!

Saturday 9 February 2008

Exchange 2007 on Server 2008

What a day!

I've learnt a hard lesson today. Never unbind IPv6 from Server 2008 if its running Exchange 2007.

I had some problems adding some Vista laptops to a Server 2008 domain today. I couldn't determine if it was SP1 RC1, UAC being turned off or IPv6. The computers would not join the domain using the GUI. I had to manually extract the XP SP2 version of netdom and use that, after manually creating the computer accounts in the domain.

All was well until I restarted the Server. The Exchange Transport Service hung in "starting" and I could not connect to the Exchange server using the Power Shell or Console. I kept getting AD errors from these tools, and lots of errors about the Exchange AD Topology service not being able to contact AD.

To cut a long story short, I flattened the server and started again - Only to discover that IPv6 wasn't the problems with the workstations joining the domain, but it was the problem for Exchange 2007!

I never did get to the bottom of the problem joining the domain though. At least I have a work round now - Use XP SP2 Netdom!

Saturday 2 February 2008

Problems installing and using Exchange 2007

I'm upgrading my Exchange 2003 organisation to Exchange 2007 this weekend, as a reinforced learning experience for when I begin to deploy Exchange 2007 for a major customer.

I had a couple of problems:
  1. A setup error occured: "[ERROR] Access to the path 'D:\Setup\ServerRoles\Common\64' is denied"
  2. When I re-ran setup, it installed, but there were no routing group connectors between the old routing group "First Administrative Group\First Routing Group" and the new routing group "Exchange Administrative Group (FYDIBOHF23SPDLT)\Exchange Routing Group (DWBGZMFD01QNBJR)".
  3. I created the routing group connectors, and moved a mailbox, but mail would not flow. Kept getting 5.7.1 Relay Denied errors from the new organisation.
I found a few references:
Setup error:
How to install Exchange 2007 into an Exchange 2003 organisation:
How to remove Exchange 2007 roles:
For some reason, my new Action Pack came with Exchange 2007 SP0 and not SP1.
I've downloaded Exchange 2007 SP1 and will reinstall this when I have removed Exchange 2007 from the server.

Exchange 2007 SP1:

Exchange 2007 SP1 Release Notes:

NB:Just what does FYDIBOHF23SPDLT and DWBGZMFD01QNBJR mean?They are shifts of "EXCHANGE12ROCKS". First one, add 1 to each character, second one, deduct 1 from each character.

Thursday 24 January 2008

Server 2008 Hyper-V Service vmss failing to start

With the latest RC1 refresh, you have to install Server 2008 with the default language settings in order for the vmss service to start properly.

Details here:

Running Windows Server 2008 under Xen on OpenSuse 10.3

I've just bought a 2xQuad Core Zeon, Dell Poweredge 1900, with 16GB RAM. This is for some heavy duty Hyper-V testing in Windows Server 2008 but I thought it'd be fun to run it under OpenSuse 10.3 first.

The result:

Click the above image for a full size one.

Thursday 10 January 2008

How-To Create an Outlook Profile Automatically

We need a way of creating users Outlook profiles automatically. They can run this the first time they login, or at any other time to recreate thier profile.

First download the files here.

The files are stored in a shared directory.
We created a directory in SYSVOL so that all users could access them.
The path would be something like \\YourDomainName\SYSVOL\YourDomainName\Scripts\OutlookFirstRun.
They could be stored in a standard shared folder if you prefer, just edit the path in the scripts.

This is an AutoIT script that you need to edit and compile to an .EXE using Auto IT (Freeware).
It can be found at

The outlook icon for compiling OutlookFirstRun.exe.
We used this so that the program looked the same as Outlook.

This is a VB script that writes the users display name to a file.
We write it to F:\Display.txt, as F:\ is the users home directory.
Again, you can change this.

This is a file that contains settings to be imported into outlook.
It sets up the users profile for them.

Functional description:
Instead of launching Outlook.exe, the user launches OutlookFirstRun.exe. You have to arrange for this to happen. We use Ericom to publish this as a terminal server application but you could create an MSI or use the RunOnce registry key. The program could be included in your build Ghost image for example.
OutlookFirstRun.exe calls DisplayName.VBS.
DisplayName.vbs reads the users display name from AD and creates as an Environment Variable %DISPLAYNAME%.
OutlookFirstRun then launches Outlook.exe and imports Outlook.prf.
Outlook.prf must be edited to contain your Exchange server name and any additional changes.
We don’t use cached PSTs for example, as we’re running in a terminal server farm environment.

Feel free to use these files - Distributed under GPL-v3.

Tuesday 8 January 2008

Event ID 1058 and 1030

On several AD installations with multiple domain controllers I have seen servers continuosly logging event 1058 and 1030.

Running "dfsutil /PurgeMupCache" followed by "gpupdate /Force" always seems to fix it.

You obtain DFSUTIL from the support tools (SUPTOOLS.MSI) from the server installation CD located in \Support\Tools I think