Friday, December 9, 2005

IE Security Settings Problem

If there are problems with ie security

eg activex won't install regardless of level, run this command:

regsvr32 softpub.dll

Wednesday, October 19, 2005

Outlook Web Access Form Based Authentication

This is not always as easy to setup as one would think!

First thing to do is check System manager; navigate to the server, then protocols, then http
Right click on Exchange Virtual Server and go to properties.
On the settings tab, make sure you have ticked enable form based authentication.

Next thing to check is whether or not you have an SSL Certificate installed for your Outlook Web Access. Make sure that the cert corresponds to the name your using to get to web access. eg www.webaccess.com

LAstly in IIS Manager go to the properties of exchange virtual dir and enable SSL then 128 bit.

You may then need to restart IIS (not always though)

and lo and behold you have web access using forms...

Friday, September 9, 2005

Syntax error in Update command

This .net error is a pain, but so simple when you know how!

I was using oledb to update access (I know it shouldn't ever be used as a web database!)

However when running the query

'update users set password = 'value' where userid = 1'

.NET through up Syntax error in Update command, yet the query works in access

However password is a reserved word, so to get the query working using .NET change it to:

'update users set [password] = 'value' where userid = 1'

A full list of reserved words can be found here

Thursday, September 8, 2005

Re-Installing Outlook Web Access

Hi,

I recently had a client who could not get Outlook Web Access working, as someone had changed some IIS settings. To reinstall web access, do the following:

1. Back up your IIS Metabase. To do this, follow these steps: a. Start IIS Manager. b. Right-click "Default Web Site", point to "All Tasks", and then click "Save Configuration to a File".

2. Delete the virtual directories for Outlook Web Access. To do this, right-click "Exadmin" in the left pane of IIS Manager, and then click "Delete". Click "Yes" when you are prompted with the question of whether you want to delete this item. Repeat this step for the following virtual directories:
  • Exchange
  • ExchWeb
  • Microsoft-Server-ActiveSync *only for 2003
  • OMA * only for 2003
  • Public

3. Quit IIS Manager.

4. Click "Start", click "Run", type "cmd" (without the quotation marks), and then press ENTER.

5. Change to the following folder. In this example, is the hard disk drive where Windows is installed: :\inetpub\adminscripts

6. Type "adsutil" (without the quotation marks), and then press ENTER. Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click "Yes" if you are prompted to register CScript as you default host for VBscript, and then click "OK". Note If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript.

7. Type "adsutil delete ds2mb" (without the quotation marks), and then press ENTER. Note To set the default scripting host to WScript, type "WScript //H:WScript" (without the quotation marks) at the command prompt, press ENTER, and then click "OK".

8. Click "Start", point to "All Programs", point to "Administrative Tools", and then click "Services".

9. Right-click "Microsoft Exchange System Attendant", and then click "Restart". Click "Yes" if you are prompted with the question of whether you want to the restart other services. The Microsoft Exchange Information Store service will probably be listed as one of the services that restarts.

Monday, September 5, 2005

Event Id 1054, Event Id 15 problems part 3!!

OK,

despite my earlier posts on this subject:

Event Id 1054 and 15

Userenv Tool

Gigabit Networks and Event Id 15


I have still had some clients with errors of Event Id 1054 and Event Id 15. I'm getting Deja vu here, but I have actually found the solution!

To fix the errors you need to turn off the autoenrollment of Certificates in Active Directory. To do this, you must edit your domain group policy (you should have created one..never use the default one; if you don't have one, then create a new one.)

You want to edit the following entries:

1) Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Autoenrollment Settings

2) User Configuration > Windows Settings > Security Settings > Public Key Policies > Autoenrollment Settings

For both entires, double click on autoenrollment settings and click 'Do not enroll certificates automatically'

If this doesn't fix the problem and the earlier posts don't, then please let me know!

Tuesday, August 23, 2005

Server Administration From XP

I've found a really useful tool from Microsoft that enables you to administer the Active Directory from your XP machines using custom consoles.

To do this, you need to first of all install the Windows Server 2003 Service Pack 1 Administration Tools Pack

Then simply create custom consoles (using MMC) and add in the Active Directory snap ins you require. This tool allows you to:

  • Add/Modify Users and Groups
  • Modify Group Policy
  • Modify Ad Objects
and a whole lot more!

Monday, August 22, 2005

Event Id 1054, Event Id 15 and Gigabit problems...continued!

After thinking I managed to combat these errors

Event Id 1517

Gigabit Network Problems

The error still came up on some machines and I've cracked it!

First thing to do is edit your group policy for all the computers in the domain (hopefully you've created one for this and are NOT using the default policy (NEVER mess with the default policy!))

and change this setting:

Computer Configuration\Administrative Templates\System\Logon

Always wait for the network at computer startup and logon ---- Enable this policy!

  1. Secondly on the problematic machine:
  2. type msconfig at the run prompt
  3. On Services, click hide all microsoft services, then click disable all
  4. On Startup, disable all

Now reboot the machine and fingers crossed there should be no instances of event id 15 or 1054

If this is the case, then relaunch msconfig and selectively re-enable the services and startup programs until you locate the problematic services or prog. If however you have had errors, then try using one of the links shown earlier as they should fix the issues.

Please note this fix ONLY applies to computers in an Active Directory environment

M3ckon

Monday, August 8, 2005

ntrights - one hell of a tool

Just found ntrights from the resourse kit for 2003 and is one hell of a good tool!

I was unable to change log on locally permission on specific machines as their settings were comming from the active directory. Anyway after some digging I found ntrights which allows you to change user permissions on specific machines from remote locations....nice!

To see the full list of permissions, look
here

For a sample command, check this:

ntrights -u ftpuser -m backup +r SeInteractiveLogonRight

Monday, August 1, 2005

2003 member server MSDTC issues

Even after SP1 the following event log can still occur on a 2k3 member server:

53258MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\srvrtm\com\complus\dtc\dtc\adme\uiname.cpp:9280, Pid: 576No Callstack,CmdLine: C:\WINDOWS\system32\msdtc.exe

By all acounts it seems to be a known, yet undocumented bug and has a fairly srtraightforward fix:

  1. Got to component services
  2. Properties on my computer
  3. MSDTC
  4. click security settings
  5. click ok

This seems to restart the MSDTC security settings back to their defaults. Then restart the service:

net stop msdtc
net start msdtc

The error will then go away!!!

Thursday, July 28, 2005

Gigabit Network problems with 2003 Server

Gigabit networks and 2003 do not always work together first time. Quite often an error will apear in the event log which is detailed below. This error has a major affect on the active directory and will also slow down the network; negating the point of having gigabit!

Event Id: 1054

Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Microsoft have put this problem down to having Media Sense enabled on your nics. To fix this problem you need to disable Media Sense and to do that, you need to modify the following registry value:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters

Add in a new DWORD value called DisableDHCPMediaSense

Give it the value of 1 to disable Media Sense


Hope this works!

Event Id 1517 User Profile Problems

Windows saved user Domain\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This error is all down to user profiles and rather than play with the registry, Microsoft have issued a very nice fix called the User Profile Hive Cleanup Service. The file can be downloaded from here http://www.microsoft.com/downloads/details.aspx?FamilyID=1b286e6d-8912-4e18-b570-42470e2f3582&displaylang=en

Tuesday, July 26, 2005

Eraser

This tool is once again very useful, it allows deletion of files and machines to military standards and is free.

It's very useful if you ever need to hide anything

http://www.heidi.ie/eraser/

Monday, July 11, 2005

RIS

Remote Installation Services

Feature of win2k server and win2k3 server
Allows remote install of operating systems and full images
Uses PXE compliant Nics or a special boot disk
Full images need to use Risprep

Server needs:
  • 2 Partitions one for Os and one for images
  • DHCP Server
  • Active Directory

Friday, July 8, 2005

Netsh

Just discovered the joys of netsh

This is a tool to allow changing network settings on local or remote computers via the command line. I just did a small sample script to change DNS settings on the local adapter:

netsh interface ip add dns "local area connection" xxx.xxx.xxx.xx1
netsh interface ip add dns "local area connection" xxx.xxx.xxx.xx2

More info on this can be found here:

Microsoft Link

http://www.computerhope.com/netsh.htm