Categories
blog exchange howto server windows

Outlook 2013 sync problems and message that Administrator has made a change

This post describes a problem I recently experienced when migrating from Exchange 2007 to Exchange 2013. Outlook 2013 clients would pop-up a message about the administrator making changes that require a restart of Outlook continuously. Also the folder synchronization fails and you see new messages arrive in your Inbox only to dissapear again after 1 second and then come back again and so forth.

The Microsoft Exchange administrator has made a change that requires you quit and restart Outlook

outlook error synchronizing folder [0-0]

These problems started occurring right after the old public folder database was deleted on the Exchange 2007 server. I only noticed it after I had already uninstalled the Exchange 2007 server completely. Why only Outlook 2013 has this problem I don’t know, but here is what’s wrong.

On the Mailbox database on your new Exchange server there is still a value pointing to the OLD public folder database that is now deleted.
You need to fix this using Adsiedit.msc:
Go to:

Configuration >CN=Services > CN=Microsoft Exchange > CN=Your Organisation > CN=Administrative Groups > CN=Exchange Administrative Group > CN=Databases

For each mailbox database, right click and check the attributes for “MSEXCHHomePublicMDB”. You will see that the value for this attribute points to “CN=Public Folder Database*,CN=Deleted Objects,CN=Configuration,DC=YourDomain,DC=com” the old object for the public folder database that has been deleted. You must clear this value using the clear button, so it changes to “not set”, just emptying the value won’t work. Restart the Information store service or reboot the Exchange server and the problem should be solved.

Categories
blog howto windows

Citrix client receiver error AllowHotkey

This problem can be solved by either disabling lockdown on the client or adding a registry key on the client for allowhotkey.

—————————
Error number 2320
—————————
Citrix online plug-in Configuration Manager: No value could be found for (AllowHotkey) that satisfies all lockdown requirements. The lockdown requirements in force may be conflicting.
—————————
OK
—————————

option 1 (disable lockdown)
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions
Enablelockdown change to 0

option 2 add reg key for AllowHotkey with empty value
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Client Engine\Hot Keys
“AllowHotkey”=””

Categories
blog

Windows 10 Download ISO Live

Today it’s launch day for Windows 10. Below are the options to download the Windows 10 OS from Microsoft.
– Using the Windows 10 upgrade notification program.
You have no clear control over this, as it’s scheduled to download in the background and spread these downloads in waves.

– Using the Microsoft Partner Portal
The ISO of roughly 3.5GB is available for download for Microsoft Partners, on the Microsoft Partner portal.

– On the download site of Microsoft
Luckily, the download site seems to be live.
https://www.microsoft.com/en-us/software-download/windows10

Update: 11:20 CEST
You can track the download of the Windows 10 upgrade notification and reservation program in your task manager on the network adapter (wifi or LAN)
When you’re confident it has finished and there is no activity for a significant amount of time you can trigger the setup of Windows 10 manually using:
C:\$Windows.~WS\sources\Windows\setup.exe

Categories
blog

VCENTER database SQL express too large 10GB+ and service crashes

VCENTER 5.1 with SQL Express 2008 R2 (default installation) with 4 hosts and no more than 12 VM’s, should be fine on Express but the database was too big anyway and crashed.

Check the size of your tables in the database by executing this query in the SQL Management Studio:
Create Table #Temp(Name sysname, rows int, reserved varchar(100), data varchar(100), index_size varchar(100), unused varchar(100))
exec sp_msforeachtable 'Insert Into #Temp Exec sp_spaceused ''?'', ''true'''
Select * From #Temp Order by rows DESC
Drop Table #Temp

Some maybe helpfull information from VMWARE about database cleaning:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1025914

Changing the parameter from 120 days to less and running the Stored Procedures did not succeed for me, the procedure was running for hours but no size change.

I decided to drop the entire log tables (all events), I did not care about losing this, I wanted the vcenter up & running again. I read about this on this forum post: https://communities.vmware.com/message/2376663
Execute the following SQL query if you’re sure you want to do this:
alter table VPX_EVENT_ARG drop constraint FK_VPX_EVENT_ARG_REF_EVENT, FK_VPX_EVENT_ARG_REF_ENTITY alter table VPX_ENTITY_LAST_EVENT drop constraint FK_VPX_LAST_EVENT_EVENT
truncate table VPX_TASK
truncate table VPX_ENTITY_LAST_EVENT
truncate table VPX_EVENT
truncate table VPX_EVENT_ARG
alter table VPX_EVENT_ARG add constraint FK_VPX_EVENT_ARG_REF_EVENT foreign key(EVENT_ID) references VPX_EVENT (EVENT_ID) on delete cascade, constraint FK_VPX_EVENT_ARG_REF_ENTITY foreign key (OBJ_TYPE) references VPX_OBJECT_TYPE (ID)

alter table VPX_ENTITY_LAST_EVENT add constraint FK_VPX_LAST_EVENT_EVENT foreign key(LAST_EVENT_ID) references VPX_EVENT (EVENT_ID) on delete cascade

source:

Categories
blog howto windows

Windows 10 upgrade reservation notification icon not showing

Can’t See the Windows 10 Upgrade Notification?

How to display the Windows 10 upgrade icon if it is not visible:

I have seen the windows 10 upgrade notification appear on Windows 7 SP1 & 8.1 computer just fine.

Let me start out by saying this: “When the computer is joined to an active directory domain the icon will not show”. Not matter how hard you try to manually get it started by triggering the tasks or runing the GWX.EXE or GWXUX.EXE applications. It won’t work (for now?) on domain joined computers. Not even if you logoff and logon using a local administrator account.

When you remove your active Directory domain membership and put the computer in a workgroup you will see the icon after the reboot. You can then make your reservation, but I don’t think it will actually download the upgrade on July 29th if the computer is joined to the domain again, not sure about that.

If you’re a home user not connected to an active directory domain there are some things to check:
– You need to be on Windows 7 SP1 or Windows 8.1 Update1
– You need to have the KB3035583 update installed

If you still have trouble getting the icon you can try the BAT file created by a Microsoft Answers forum moderator.
https://www.dropbox.com/s/0u0au9xgy6ss18p/win10fix_full.zip?dl=0 (no need to register at dropbox just skip,
download and unzip the BAT file in the C:\TEMP directory (create dir if needed).
Open a CMD with administrative rights.. (right click on CMD icon in start menu and choose Run as Administrator)
CD c:\TEMP
win10fix_full.bat
Follow the instructions …

Categories
blog exchange server windows

Outlook Web Access OWA error 500 when logging in

When you fill in your credentials on the login screen of Outlook Web Access or OWA (2010) and click submit you receive an Internal Server Error 500 and the URL shows /owa/auth.owa

There are no events logged in Application or System log that explain this problem.

IISreset does not help.

The problem and solution could be very simple.
Check the the service “Microsoft Exchange Forms-Based Authentication service” is started. If not, start the service and try to login to OWA again. Problem should be solved.

If the service doesn’t start or fails frequently you’ll have to investigate that further.

Categories
blog howto server windows

printer driver installation error 0x00000057

note: This is a technical article meant for system administrators or advanced users. Make backups of files or registry keys that you manipulate. Use caution and proceed at your own responsibility.

I ran into this problem after cleaning up printer drivers and manually cleaning up in the c:\windows\system32\spool directory.
When trying to connect to a printer on the printserver the error 0x00000057 would show. This error occurs when windows tries to install the printer driver.

If the driver is already present on the system, first try to remove the printer driver using the printserver properties (printui.exe /s /t2). http://support.microsoft.com/kb/2771931 After remove try again to install. If that didn’t work, or like me this particular driver was not installed on the system, read on.

If you have another computer or server that does install the printer without problem, than you can try this.
1) On the working computer open the registry editor and navigate to: (note for 32bit systems its slightly different)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows x64\Drivers\Version-3\
2) Find the key with the driver you need. Export this driver key to a REG file. Copy the file to the problem computer.
3) On the problem computer open the registry editor and check for the presence of the key, delete if present.
4) Import the REG file made in step 2 on the problem computer.
5) In the key note the value of the Infpath item. It’s the location of the INF file. We need the whole containing folder and items in it.
Should be something like: c:\windows\system32\DriverStore\FileRepository\xxx.inf-yyyyyy-zzzzz\
6) We need to copy this folder and its content to the problem computer. Not an easy task because of the permissions.
But you can do it like this from the working computer:
– Open an elevated command prompt (run as administrator CMD.exe)
– execute the following command: xcopy C:\Windows\System32\DriverStore\FileRepository\xxx.inf-yyyyyy-zzzzz\ \\problemcomputer\c$\Windows\System32\DriverStore\FileRepository\xxx.inf-yyyyyy-zzzzz\ /E /C /F /H /R /K /O
7) Now we have the registry key and the files present on the problem computer.
8) Restart the print spooler on the problem computer and try to connect the printer again or try to install the driver again.

0x00000057 printer driver installation error
source: https://social.technet.microsoft.com/Forums/itmanagement/en-US/a225d71c-be8b-4530-bf50-63001559a978/windows-can-not-connect-to-the-printer-0x00000057?forum=itmanager

Categories
blog network server windows

FreeRadius.net service doesn’t work

The FreeRadius.net package built for windows uses the XYZservice.exe wrapper tool to start a normal application as a service. However on Windows 2008 and higher the service starts but RADIUS is not listening on the configured ports. You can check if it is listening with netstat.
netstat -an | findstr 1812

The Debug mode of FreeRadius.net (using the provided batch file) however works fine. It seems the built radiusd.exe will not start with the default options on Windows 2008 and higher. You can check this by manually starting from a command prompt:
C:\FreeRADIUS.net\bin\radiusd.exe -f -d C:/FreeRADIUS.net/etc/raddb
So that is the reason why the service doesn’t start.

Solution: COnfigure the XYZservice to start the application with the debug parameters.
Edit C:\FreeRADIUS.net\bin\XYZservice.ini
change:
CommandLine = C:\FreeRADIUS.net\bin\radiusd.exe -d C:/FreeRADIUS.net/etc/raddb -AX

Now if you start the FreeRadius.net service and check with netstat you will see the RADIUSD.exe listening

Categories
blog network server windows

RAS or NPS forward RADIUS request to same server different port

The address of the remote RADIUS server x.x.x.x in remote RADIUS server group yyyyy Resolves to local address x.x.x.x.
The address will be ignored.

Use case scenario: You want to forward RADIUS requests incoming on the server to some software, possibly for setting up OTP authentication.

My scenario: Extra security for PPTP vpn tunnel to Windows server with RAS (Routing and Remote Access) by using VASCO Identikey OTP (One-Time-Passkey) software (the same applies for other software such as RSAid). Normally the recommended setup is using two servers, one for the RAS connection and one with the VASCO Identikey middleware software on it. When you deploy like this you will not face the problem I’m about to describe. However if you have only 1 Windows server at your disposal and you install the VASCO Identikey software on the same server as the RAS and NPS (Network Policy Server) role you will run in to this problem.

Problem description: You have configured RAS correctly for PPTP MSCHAP v2 connections. In NPS you have configured a connection policy to forward the RADIUS requests (authentication and accounting) to a remote RADIUS server group. The authentication fails, VASCO audit viewer does not show any attempt to authenticate to the VASCO Identikey Radius server. In the eventviewer application log there is an event ID 25 with the following error:
The address of the remote RADIUS server x.x.x.x in remote RADIUS server group yyyyy Resolves to local address x.x.x.x.

The problem is that NPS cannot forward RADIUS requests to the same IP address as itself. Even if the software is listening on another port, or you configure 2 IP addresses on the same network card. NPS insists that the IP address of the remote RADIUS server is the same as it’s own IP address and ignores your configuration to forward the RADIUS requests.

The solution is to use the loopback IP address range. For example 127.0.0.2. Unfortunately VASCO Identikey is licensed on IP address and as such you can’t change it to listen to the loopback IP address without also requesting a new license. I have not tried this, so even with the new license I’m not sure VASCO Identikey will listen on loopback IP address. Maybe other OTP software can do this, check with your vendor or manual.

What can you do? Use a RADIUS proxy to sit between the NPS and VASCO Identikey. If you have a linux server around you can use opensource FreeRadius software on that linux box to proxy the RADIUS requests between RAS/NPS and VASCO Identikey.
If like me you had nothing but this 1 windows server, you can use the FreeRadius.net software, this is a prebuilt binary of the opensource FreeRadius software made for windows versions. The software is quite old and not updated but it still seems to work for our simple setup.

I have installed the FreeRadius.net software in C:\FreeRadius.net
I have configured it to accept RADIUS requests on interface 127.0.0.2 port 11812 and forward them to a RADIUS server on IP x.x.x.x on port 18120 (I changed the default RADIUS ports for VASCO and FreeRadius to avoid conflicts with NPS/RAS).

configuration file c:\FreeRadius.net\etc\raddb\clients.conf
I have put all the default things in comment (#) and add
client 127.0.0.2 {
secret = testing123
shortname = localhost2
}

configuration file c:\FreeRadius.net\etc\raddb\radiusd.conf
I have put the default listen directive in comment (#) but you must leave the bind = * line and add
listen {
ipaddr = 127.0.0.2
port = 11812
type = auth
}
listen {
ipaddr = 127.0.0.2
port = 11813
type = acct
}

configuration file c:\FreeRadius.net\etc\raddb\proxy.conf
In this file I configured both the NULL realm for plain usernames and the DEFAULT realm for all others to forward to VASCO Identikey wich I have listening on the port 18120 & 18130 (auth & acct).
# This realm is for requests which don't have an explicit realm
# prefix or suffix. User names like "bob" will match this one.
#
realm NULL {
type = radius
authhost = 10.x.y.z:18120
accthost = 10.x.y.z:18130
secret = testing123
}

#
# This realm is for ALL OTHER requests.
#
realm DEFAULT {
type = radius
authhost = 10.x.y.z:18120
accthost = 10.x.y.z:18130
secret = testing123
}

You can now start the FreeRadius.net in debug mode, using the supplied batch file you can test your configuration.

Below I will attach screenshots of my configuration for NPS, RAS and VASCO.
RAS settings (EAP can be enabled if you like)
NPS RADIUS client
NPS configure remote RADIUS server group
NPS connection policy screenshot
NPS Network Policy
VASCO port settings

With thanks to:
http://bent-blog.de/vasco-identikey-server-auf-microsoft-forefront-tmg-2010/

Categories
blog

CentOS 6 kernel panic selinux config file error

If you get a kernel panic on CentOS or RedHat as shown below and you recently changed the selinux config, then there might be an error in the config file.

None of the kernels in the GRUB boot menu will boot, you get a kernel panic:

Kernel panic - not syncing:  Attempted to kill init! Pid: 1, comm: init Not tainted 2.6.32-504.3.3.el6.x86_64 #1 panic+0xa7/0x16f do_exit+0x862/0x870 fput+0x25/0x30 do_group_exit+0x58/0xd0 sys_exit_group+0x17/0x20 system_call_fastpath+0x16/0x1b
Kernel panic – not syncing: Attempted to kill init!
Pid: 1, comm: init Not tainted 2.6.32-504.3.3.el6.x86_64 #1
panic+0xa7/0x16f
do_exit+0x862/0x870
fput+0x25/0x30
do_group_exit+0x58/0xd0
sys_exit_group+0x17/0x20
system_call_fastpath+0x16/0x1b

Booting in single user mode doesn’t work either.

Here’s how to fix this:
1) Reboot, and go in the GRUB menu. You have 3 seconds to strike the arrow keys before it will automatically boot the default kernel.

GRUB boot menu
GRUB boot menu

2) Select the first line, the default kernel, and press the E key on the keyboard to edit the parameters. You will then see the following.

Edit GRUB boot options
Edit GRUB boot options

3) Use the arrow keys to select the 2nd line, that starts with kernel. Press the E key to change this line, use the arrow keys to go to the end and type a space followed by enforcing=0

GRUB edit kernel line
GRUB edit kernel line

4) Press enter to conform and then press B to boot the system.
It should boot up fine now.
Now edit the selinux config file (/etc/sysconfig/selinux) and correct your mistake.
In my case I set disabled for the SELINUXTYPE variable, that’s wrong it has to be set for the SELINUX variable. In the screenshot below I show you the correct settings in the config file to disable SELINUX.

SELINUX disabled correctly
SELINUX disabled correctly

5) Now reboot and everything should be fine!