Stuck in WinPE when converting P2V

In this case I got stuck in WinPE when I was converting physical server with installed Windows Server 2003 R2 SP2 operating system using VMM 2012 SP1 P2V method for creation of virtual machines. P2V process has successfully started, and source physical server has started into WinPE, but copying of source hard drive never started because of missing RAID drivers. So, now I was stuck into WinPE. Restarting the physical server was booting again into WinPE because P2V conversion was unable to finish, so modified boot sector was still in place.
Escaping from this (loop) situation was using installation media of Windows Server 2003, and booting into recovery console. Using fixboot has returned the default boot sector to the system partition, and I was able to boot again into source Windows Server 2003 R2 SP2 operating system.

End of socket stream data on Lotus Protector for Mail Security

In this case I was experiencing very strange behavior of Lotus Protector for Mail Security with latest firmware 2.8.1, some emails sent to specific domains were successfully delivered, but from some reason LPfMS was treating those emails as unsuccessfully delivered and were parked into resend queue. The sender was receiving report for temporary delivery error and after few hours a report that maximum number of delivery attempts has been reached, even though the email was successfully received by the email recipient ! Smtp server on LPfMS is based on XMail smtp server.
Following error was logged for those emails:
"End of socket stream data (2) No such file or directory - 417 Temporary delivery error"

I have opened a case for this kind of behavior, and the support engineer has recommended to change the time out value for LPfMS to send the command and to wait for getting the response back from the foreign SMTP server. The default value is 30 seconds. After raising the time out value, this strange behavior of LPfMS was gone. This parameter is smtp.send_dialog_timeoutms and can be set on Mail Security -> Policy -> Advanced Parameters. The parameter is accepting values in milliseconds.  

Windows Security Update for Windows XP (KB2862330)

In this case, a colleague of mine was complaining that his old XP client pc was installing updates every day and was requesting to reboot the machine every day in last 30 days. Fortunately, there was a single problematic update KB2862330 that was trying to install every day and requesting to reboot the pc every day. According from KB article http://support.microsoft.com/kb/2862330/en-gb there are known issues regarding installation of this update. In this case the update was installing successfully, requesting for reboot, and after the reboot same update was offered as available update for installing in endless loop.
I tried to uninstall and install the update, but it didn't help the situation.
According from KB article Scenario 3, I have disabled all the USB Enhanced Host Controllers from device manager before installing the update, and enable them after the reboot, but same update was on list for available updates for installation again.
I've decided to check the update log (KB2862330.log) for this update, I've found a lot of error events:
.........................
SetupVerifyInfFile failed with error 0x490 for usbstor.inf of device USB\VID_058F&PID_6387\28197C13 
SetupVerifyInfFile failed with error 0x490 for usbstor.inf of device USB\VID_058F&PID_6387\2RNGA2U1 
SetupVerifyInfFile failed with error 0x490 for usbstor.inf of device USB\VID_058F&PID_6387\4H5SLQD0 
SetupVerifyInfFile failed with error 0x490 for usbstor.inf of device USB\VID_058F&PID_6387\5742D984 
 ....................... 

So, cryptographic service was set to run automatically, and I've decided to rebuild the catroot2 folder. Stopping the Cryptographic service, renaming the %systemroot%\System32\Catroot2 into catroot2-old, and restarting the Cryptographic service will regenerate new Caroot2 folder.

Now with disabled USB Enhanced Host Controllers, I ran the update KB2862330 again. The update log (KB2862330.log) was generating completely different lines. Something like :
............ 
C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem3.CAT trusts inf c:\windows\inf\oem3.inf of device PCI\VEN_8086&DEV_24C2&SUBSYS_00C50E11&REV_01\3&61AAA01&0&E8 
.............. 
After the requested rebooted, I've enabled the disabled USB host controllers, and the update was not offered as available update for installation again anymore, and was finally successfully installed.

DPM encountered a retryable VSS error

In this case I was trying to backup P2V converted VM using DPM 2012 SP1. The VM was hosted on Hyper-V 2012 cluster. DPM Replica Creation Job was failing with following description:
DPM encountered a retryable VSS error. (ID 30112 Details: VssError:The writer experienced a transient error.  If the backup process is retried, the error may not reoccur. (0x800423F3))

The VM had Windows Server 2003 SP2 operating system installed. I've decided to check the VSS writers, and the vssadmin has returned empty list of VSS writers available on the VM:



According from following Microsoft article http://support.microsoft.com/kb/940184/en-us , I've re-registered the following dlls:

  • cd /d %windir%\system32
  • net stop vss
  • net stop swprv
  • regsvr32 ole32.dll
  • regsvr32 oleaut32.dll
  • regsvr32 /i eventcls.dll
  • regsvr32 vss_ps.dll
  • vssvc /register
  • regsvr32 /i swprv.dll
  • regsvr32 es.dll
  • regsvr32 stdprov.dll
  • regsvr32 vssui.dll
  • regsvr32 msxml.dll
  • regsvr32 msxml3.dll
  • regsvr32 msxml4.dll

  • Now, running the vssadmin list writers again, has successfully listed all the available VSS writers. I was hoping that DPM will successfully finish Replica Creation Job, but I was wrong. VM was having ISA Server 2006 installed with local MSDE. Someone has changed ISA Logging destination from Database into flat files, and to free some space on disk deleted the mdfs and ldfs files from logging directory. Now, VSS was failing with error event id 6013 with following message:

    Error message: Database 'ISALOG_.....' cannot be opened due to inaccessible files or insufficient memory or disk space. See the SQL Server errorlog for details
     
    Now I was looking for a way to dismount those old databases with deleted mdf and ldf files. Thankfully, Microsoft has publish a vbscript for dismounting old databases from MSDE, and here is the link from the source of the script http://technet.microsoft.com/en-us/library/cc302448.aspx .
    After running the script, the old databases were dismounted, and finally I was able to backup the VM using DPM 2012.

    AD user password expiration

    This is quick one for reference, here is an example how to find out when will expire password for some AD user using powershell single liner (replace username with your AD user of interest):

    PS C:\Temp> [datetime]::FromFileTime((Get-ADUser username -Properties "msDS-UserPasswordExpiryTimeComputed")."msDS-UserPasswordExpiryTimeComputed")

    Outlook 2013 gets Contacting the server for information ...

    In this case some Outlook 2013 users were complaining that sometimes their favorite email client was going into non responsive state, whenever they were replying to some email message. The Outlook 2013 was not responding with following message:
    Contacting the server for information ...
    They all had in common, that they were replying to same external contact with faulty picture (icon) in his(her) signature, even though Automatic Download Outlook settings were set not download pictures.
    One way to resolve this behavior was to ask this external contact to change this faulty signature, but this was not an option.
    Another way to resolve this situation was to change the email formatting when replying to emails to this contact into plain text, but this option is available only when email message is popped out from outlook causing again numerous "Contacting the server for information ..." messages.
    And finally the last, and I guess the easiest way was to block the access to this faulty link. The faulty link was on Internet, and after denying the access to this faulty URL, replying to email messages to this external contact with faulty signature was not a problem anymore.

    Internet Explorer 11 opens Exchange OWA Light

    By default, Internet Explorer 11 will open OWA Light when accessing Exchange (2013,2010,2007) environment. The reason for this behavior is that Internet Explorer 11 does not include MSIE token in user-agent string.
    In order to avoid this behavior and let the Internet Explorer 11 to open OWA Premium by default, for Exchange 2013 there is CU2, and for other versions of Exchange the workaround is from client side:
    • Open Internet Explorer 11 in private mode
    or
    • Add OWA site in compatibility view list
    Microsoft has published KB for this Internet Explorer 11 behavior. For more info check http://support.microsoft.com/kb/2866064 .

    SecureBoot isn't configured correctly

    After installing Windows 8.1 on my workstation, I have experienced following watermark on my Desktop:


    And, YES I'm aware that SecureBoot is not enabled, but I do not want that watermark to be present on my Desktop. Microsoft has responded on complains with following update http://support.microsoft.com/kb/2902864, which removes the watermark from desktop. After installing the update you will be prompted for restart, and after the reboot the watermark will disappear.

    Where is Group Policy Preference for Internet Explorer 11 ?

    After joining the Windows 8.1 enterprise into domain environment, I was expecting that GPMC will introduce new GPP template for Internet Explorer 11, but the latest version was still the Internet Explorer 10.
    So, how to apply settings to Internet Explorer 11 via GPP ?
    Fortunately, GPP for Internet Explorer 10 will also work with Internet Explorer 11. Why ?
    I opened GPP for IE10 xml file, and saw that file version filtering for iexplore is between 10 and 99.
    Here is the filtering part from the xml file:
    path="%ProgramFilesDir%\Internet Explorer\iexplore.exe" type="VERSION" gte="1" min="10.0.0.0" max="99.0.0.0"
    My opinion is that with this kind of file filter versioning for iexplore, the GPP template should be named Internet Explorer 10 and higher, not just Internet Explorer 10.

    Microsoft virtualization certification exam for free

    Sign up for free MVA online training on November 19 & 20 – then receive a voucher to take the new Microsoft virtualization certification exam for free!

    For more info please check http://www.virtualizationsquared.com/ .

    KMS activation of Windows 8.1 and Windows Server 2012 R2

    In order to activate Windows 8.1 and Windows Server 2012 R2 using KMS hosted on previous generation of Windows operating system, Microsoft has published following kb article http://support.microsoft.com/kb/2885698/en-us .
    After installing the update, you will be able to install and activate your KMS key for Windows 8.1 and (or) Windows Server 2012 R2.
    Procedure for installing the KMS host key is the same as installing KMS host key from previous versions of Windows operating systems:
    cscript %windir%\system32\slmgr.vbs /ipk <KMS host key>
    You will experience following error if you are installing KMS host key on Windows operating system that is not associated with that host key:
    0xc004f015: The Software Licensing Service reported that the license is not installed. SL_E_PRODUCT_SKU_NOT_INSTALLED
     For example:
    • Windows 7 KMS host key install on Windows Server 2008 R2
    • Windows 8 KMS host key install on Windows Server 2008 R2, Windows Server 2012
    • Windows 8.1 KMS host key install on Windows Server 2008 R2, Win Server 2012 and R2
     Activate the KMS host key using:
    cscript %windir%\system32\slmgr.vbs /ato
    In my case the KMS server was using proxy for connecting to internet and the user activating the KMS host key was not having proper permission to access the Microsoft's Internet Activation Servers. The activation was failing with following error message 0x8004FE92:
    On a computer running Microsoft Windows non-core edition, run 'slui.exe 0x2a 0x8004FE92' to display the error text. Error: 0x8004FE92
    Running the 'slui.exe 0x2a 0x8004FE92' does not provide a lot of help:

     
    After providing proper Internet access for the user, activating the KMS host key has completed successfully. More about 0x8004FE92 error message can be found on http://support.microsoft.com/kb/2009934/en-us .

     

    Folder redirected offline folders out of sync

    A colleague of mine on his Windows 7 client workstation was complaining about his profile redirected offline folders that were out of sync with folders that were residing on file server. He tried almost everything to get those files and folders in sync, so finally last chance to rescue was to reset offline database and re-initialize the cache of offline files.
    In order to do that, following registry entry has to be created:
    FormatDatabase  DWORD (32 bit value) : 1
    in
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters

    After rebooting the client, redirected offline folders started to work as expected.

    Note: Before taking this action please make backup of your files, because unsynchronized changes will be lost.

    Unable to delete VHD from VMM library

    While browsing the VMM 2012 SP1 library, I found an obsolete VHD, and I wanted to delete it from there. But, when I tried to delete this obsolete VHD, VMM was complaining with following error message:

    The library object (Name of the VHD) cannot be removed because following objects are dependent on it:
    Virtual Hard Disk deployment configuration
    In order to delete this VHD from VMM library I have opened table tbl_WLC_VHDConfig from VM database using SQL Management Studio. In this table there is a column named "SourceLocation". In this column we can find the ID of the offending VHD. But how to find the ID of VHD ? Using Get-VirtualHardDisk cmdlet you can list all the VHDs with their IDs:
    Get-VirtualHardDisk | ft name,id
    Now when we have the ID of the VHD, we can create new query from SQL Management Studio to delete the row containing VHD ID in SourceLocation column:

    Delete From dbo.tbl_WLC_VHDConfig Where SourceLocation = 'VHD ID'


    Note: Make a backup of the VM database before changing (deleting) rows from database, and this operation is not recommended by Microsoft, so perform at your own risk.

    Creating Custom Queries For Searching TMG 2010 Logging Databases

    In this case I was trying to find out unique client IP addresses that were accessing TMG published web site in last 3 days. TMG server was having locally installed logging database. One way to achieve this task is using SQL Server Management Studio, another way is using powershell. In this article, I'll show how I have found the ip addresses using powershell.
    After importing the SQLServerCmdletSnapin100, Invoke-Sqlcmd cmdlet will be available for running:
    Add-PSSnapin SQLServerCmdletSnapin100
    Now it's time to create the SQL query using here-strings:
    $query=@"
    SELECT ClientIP as IPAddress from
    (SELECT DISTINCT ClientIP
    FROM [ISALOG_20130926_WEB_000].[dbo].[WebProxyLog] WHERE [WebProxyLog].[Rule] = 'TMG Rule Name'
    UNION
    SELECT DISTINCT ClientIP
    FROM [ISALOG_20130925_WEB_000].[dbo].[WebProxyLog] WHERE [WebProxyLog].[Rule] = 'TMG Rule Name'
    UNION
    SELECT DISTINCT ClientIP
    FROM [ISALOG_20130924_WEB_000].[dbo].[WebProxyLog] WHERE [WebProxyLog].[Rule] = 'TMG Rule Name')t1;
    "@
    The SQL query is simple, so I'm not going into details.
    Now it's time to execute the query using invoke-sqlcmd :
    Invoke-Sqlcmd -Query $query -ServerInstance localhost\msfw -QueryTimeout 300 | ft

    The result will contain IP addresses in unfriendly readable format, something like:
    C0A8018A-FFFF-0000-0000-000000000000 
    The reason for this kind of logging, is that TMG is using same field for logging IPv4 and IPv6 addresses. One way for converting CAA8018A into 192.168.1.138 is using Excel formula which looks like this:

    HEX2DEC(MID(A1,1,2)) &"."&HEX2DEC(MID(A1,3,2))&"."&HEX2DEC(MID(A1,5,2))&"."&HEX2DEC(MID(A1,7,2))


    Happy IP addresses hunting :)

    How to assign IP address in WinPE

    This is quick one, assigning static IP address (for example 192.168.0.10/24 and gateway 192.168.0.1) in WinPE is using netsh:

    netsh int ip set address "name of local area connection" static 192.168.0.10 255.255.255.0 192.168.0.1

    Install Windows Server 2012 on HP DL 380 G5

    Form HP compatibility matrix installing Windows Server 2012 on HP DL 380 G5 is not supported, but it does not mean that it doesn't work. After installing the OS, ILO and SAS P400 controller drivers were missing:
     
    In order to install the missing drivers, I've downloaded HP Service Pack for Proliant 2013.02 and started the installation. HP Smart Update Manager has detected missing drivers for ILO, but has reported dependency error for SAS/SATA event notification service and online rom flash component for P400 controller:
     
     
    After deselecting the "problematic" components that were dependent from P400 controller, HP SUM has successfully installed the other selected components.
    Driver for HP Smart Array P400 controller for Windows Server 2012 can be downloaded from here . The installation package will not allow you to install the driver automatically (from setup), so I have extracted the driver first and updated the Smart Array P400 controller "manually" from Device Manager. After updating the Smart Array P400 controller driver, I have started the HP SUM again and there were no dependencies errors for SAS/SATA event notification service and online flash component for P400, so those two were selected for installation and were installed successfully.
    Now, the system was having all components up to date:
     
     
     
     
    Note: For HP System Management Homepage to work properly with SNMP, install SNMP feature and enable public community name READ ONLY right for localhost.
     
     

    Unable to delete VHD from VMM library

    I had VM template associated with VHD from VMM library, and I wanted to delete both of them, since they were used for testing purposes. I deleted the VM template successfully, and after that I wanted to delete the VHD, but VMM was not allowing to delete the VHD because temporary VM template was dependent of it. Here is the error message when I tried to delete the VHD:



    And the dependencies from the properties of the VHD file:



    Easiest way to delete this temporary VM template is using powershell:
    Remove-SCVMTemplate -VMTemplate "Temporary TemplateName"
    After deleting the temporary VM template, there were no dependencies of the VHD, and I deleted the file from library successfully. 
     

    MSMQ error events in Failover Clustering Diagnostic Log

    I was checking Failover Clustering Diagnostic Log on Windows Server 2012 cluster nodes, and all nodes were having error events for MSMQ:

    [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQ returned 21.'
    [RCM] result of first load attempt for type MSMQ: 21
    [RCM] Failed to load restype 'MSMQ': error 21.
    [RHS] s_RhsRpcCreateResType: ERROR_NOT_READY(21)' because of 'Startup routine for ResType MSMQTriggers returned 21.'
    [RCM] result of first load attempt for type MSMQTriggers: 21
    [RCM] Failed to load restype 'MSMQTriggers': error 21.

    These events can be safely ignored, since during installation of Failover Cluster feature, MSMQ and MSMQ triggers resource types are registered with cluster service, but the MSMQ feature is not installed.

    More about these events check:
    http://blogs.msdn.com/b/clustering/archive/2013/04/05/10408075.aspx
     
     
     
     

     

    Failover Clustering Event 1196 and 1228

    In this case Hyper V failover cluster was installed on Windows Server 2012, and on one of the nodes that was hosting the "Cluster Group" started to log following error events in System event log:

    Event 1228:
    Cluster network name resource 'Cluster Name' encountered an error enabling the network name on this node. The reason for the failure was:

    'Unable to obtain a logon token'.
     

    The error code was '1326'. 

    You may take the network name resource offline and online again to retry.

    and Event 1196:
    Cluster network name resource 'Cluster Name' failed registration of one or more associated DNS name(s) for the following reason: DNS bad key.


    Ensure that the network adapters associated with dependent IP address resources are configured with at least one accessible DNS server.
    I moved the "Cluster Group" to another node, but same story and same events were logged. I tried to live migrate VMs between nodes, but unsuccessfully, the live migration was failing. Quick migration was working fine. Failover Clustering Diagnostic Log during live migration was showing following error messages:
    [RES] Network Name: [NNLIB] LogonUserEx fails for user 'Cluster Name': 1326 (useSecondaryPassword: 0)  
    [RES] Network Name: [NNLIB] LogonUserEx fails for user 'Cluster Name': 1326 (useSecondaryPassword: 1)  
    [RES] Network Name: [NNLIB] Logon failed for user 'Cluster Name' (Error 1326), DC \\dc.domain.name, domain domain.name  
    [RES] Network Name <Cluster Name>: Identity: Obtaining Windows Token for Name: 'Cluster Name', SamName: 'Cluster Name', Type: Singleton, Result: 1326, LastDC: \\dc.domain.name  
    … 
    [RES] Network Name <Cluster Name>: Initializing Identity module failed with error 1326  
    [RHS] Error 1326 from ResourceControl for resource Cluster Name.  
    [RCM] ResourceControl(NETNAME_GET_VIRTUAL_SERVER_TOKEN) to Cluster Name returned 1326.  
    [RES] Virtual Machine <Virtual Machine Name>: Live migration of 'Virtual Machine Name' failed.

    I've checked for the permissions of the CNO DNS record and CNO AD object, and everything was fine, but somehow the password was out of sync with AD. And here are the steps for remediation:

    Moved the CNO account to Computers container
    Logged on one of the cluster nodes with account that had Reset Password right
    Simulate multiple failures of the cluster Network Name resource until permanent failed state
    Once in failed state, right click on resource and in More Action chose Repair The last action will reset the CNO password in AD, and will bring the resource online. CNO DNS record was successfully updated, live migration of VMs started to work, and no error events were logged on 'Cluster Group' owner.

    For more info about CNO on Windows Server 2012 please check : http://blogs.technet.com/b/askcore/archive/2012/09/25/cno-blog-series-increasing-awareness-around-the-cluster-name-object-cno.aspx

    Microsoft Forefront TMG 2010 invalid certificate

    In this case Forefront TMG 2010 was installed on Windows Server 2008 R2, and for web publishing purposes (rule), server certificate from public CA was installed in local machine store. The certificate request was created with mmc using custom certificate request. Private key was successfully associated with certificate, but from TMG console this certificate was invalid with incorrect key type:


    The reason for this behavior is that during custom certificate create wizard on custom request page for template was chosen CNG key instead Legacy key. Forefront TMG does not support certificates created with CNG http://technet.microsoft.com/library/ee796231.aspx?lc=1031#dfg9o9i8uuy6tre.

    Another important worth to notice is that for Private Key (tab) options for the Key type usage must be selected Exchange instead the default one Signature :


    Step by step instruction how to create certificate request using mmc can be found on one of my previous posts http://vstepic.blogspot.com/2011/12/how-to-request-san-certificate-using.html .

    VSS Error Event 8194 on Windows Server 2012 Failover Cluster

    In this case I was running Windows Server 2012 Hyper V Failover Cluster with CSV, and I was trying to backup the nodes from cluster using DPM 2012 SP1 RU 2. I have scheduled BMR system protection to all cluster member nodes. The backup of nodes was finishing successfully without any errors on DPM server. But, on all cluster nodes application log was having error logs 8194 from VSS source :

    Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
    This is often caused by incorrect security settings in either the writer or requestor process.
    Operation:
    Gathering Writer Data
    Context:
    Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
    Writer Name: System Writer
     
    I have opened support case with Microsoft, and support engineer has confirmed that this behavior is bug. This behavior will probably not be changed, and should be ignored.

    Failover Cluster validation test on Windows Server 2012 with warning

    This case is connected with the previous post Unidentified network on teamed interface where Windows Server 2012 had teamed adapter in switch dependent / address hash / LACP mode. I had two identical server boxes configured the same, including network configuration. Both servers were planned to be part of failover cluster. Teamed adapter was having multiple interfaces with different VLAN ids. One of the interfaces was management interface with specified VLAN ID, and one interface with different id for internal cluster communication.
    Failover cluster validation configuration wizard was finishing successfully with warning on Network part for Validate IP configuration test. The Validate IP configuration test was complaining about duplicate physical address on management and "private" (cluster communication) interface on both nodes. This warning is expected since both servers were using teamed adapter, and interfaces for management and cluster communication were with different VLAN ID created from same teamed adapter.
    The configuration is valid and supported from Microsoft, and is published in following KB
    http://support.microsoft.com/kb/974264 .

    Unidentified network on teamed interface

    In this case I was configuring Windows Server 2012 with two network interfaces. Both network interfaces were added to a team interface. Team was configured in switched dependent / Address Hash / LACP mode. Server was connected on Cisco Catalyst 4507. Initial port configuration was like this:

    interface Port-channelX
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan Y
    switchport mode trunk

    interface GigabitEtherneta/b
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group X mode active


    interface GigabitEthernetc/d
    switchport trunk encapsulation dot1q
    switchport mode trunk
    channel-group X mode active


    After rebooting the server, Windows Server 2012 was unable to identify the network even though the server was properly configured, connected and domain joined. After disconnecting and connecting the network, the server was able to identify the network and apply the right domain firewall profile. The reason for this behavior was Network Location Awareness service, which was unable to test the network for connection type, since the network was not available during boot time. And, the reason why the network was not available, were spanning tree blocking and learning states. To change this kind of behavior, and to skip spanning tree blocking and learning states
    spanning-tree portfast trunk should be added to interface Port-channelX configuration.
    After adding the spanning-tree portfast trunk, the server was able to determine the network during boot, and applied the appropriate network profile, which in my case was domain firewall profile.
     
    If the server was connected on Cisco switch with NXOS, the port channel should be configured with spanning-tree port type edge which will skip the spanning tree blocking and learning states. More info on http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/l2/spanning-tree_port_type_edge.html .

    Unable to deploy Adobe Flash Player using GPO

    I was trying to deploy Adobe Flash Player 11 using Group Policy Object Software installation feature. The msi package of Adobe Flash Player was assigned to computer part of the GPO. GPO was applying successfully and Adobe Flash Player was installing successfully on start up on most of the computers that were in the scope for the GPO to be applied. On some workstations, GPO was failing to apply with following events in Application Log :

    Log Name:      Application
    Source:        MsiInstaller
    Event ID:      10005
    Task Category: None
    Level:         Error
    Keywords:      Classic
    User:          SYSTEM
    Description:
    ....

    Product: Adobe Flash Player 10 ActiveX -- Error 2753.The File 'InstallAX.exe' is not marked for installation.

    And in System Event Log couple of messages from Source Application Management Group Policy with Event ID 108,303,102, followed by:

    Log Name:      System
    Source:        Microsoft-Windows-GroupPolicy
    Event ID:      1085
    Task Category: None
    Level:         Warning
    Keywords:     
    User:          SYSTEM
    Description:
    ....

    Fatal error during installation.

    I tried to execute the msi package with administrative account and the setup was failing with following error message:


    From control panel, Programs and Features there were now signs for any Adobe Flash Player Installation. But, in registry HKEY_Classes_Root\Installer\Products\ there was info for some Adobe Flash Player 10 ActiveX component:

     
    After deleting the key from registry, Adobe Flash Player has installed successfully.
     
    

    The Parallel port driver service failed to start

    After migrating virtual machines from Virtual Server 2005 to Hyper-V, the following error message was prompted during start-up:

     
     
    In the system event log the following event is logged:
     
    Event Type: Error
    Event Source: Service Control Manager
    Event Category: None
    Event ID: 7000
    Description:
    The Parallel port driver service failed to start due to the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


    Same event is logged after P2V migration of servers, in my case it was Windows Server 2003.
    In order to prevent this error from showing, I have disabled Parport service from registry, by setting the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport\Start to 4.
     
    The following values for Start parameter are possible:
     
    2Automatic. This is the default setting.
    3Manual.
    4Disable.

     

    Outlook does not archive messages based on their received date

    A colleague of mine was complaining that his Outlook 2010 (auto)archive option does not work. He showed me that he wanted to archive all emails received before for example 01/11/2011 (dd/mm/yyyy). And, really all those emails that met the criteria, had received date older than 01/11/2011, were still sitting in his mailbox. But, that's the way how outlook works by default :)
    Outlook determines how old are the messages by using one of the following, whichever is later:
    • Sent date and time
    • Received date and time
    • Modified date and time
    Hmmm, modified date and time ... After adding the modified column on his view, all those messages that had met the criteria by received date, had modified date 04/08/2012 (dd/mm/yyyy), and that's why they were still sitting in mailbox. This kind of Outlook behavior can be changed. There is a registry key (dword) ArchiveIgnoreLastModifiedTime = 1 . This key should be created for:
    • Outlook 2010 in HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
    • Outlook 2013 in HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences
    Outlook 2010 requires hotfix 2516474, for changing the default archiving behavior.

    More about default Outlook archiving behavior and how to change it on following Microsoft KBs: http://support.microsoft.com/kb/295657 and http://support.microsoft.com/kb/2553550 .

    Installing VMware vSphere Client 4 on Windows 8

    My colleague was trying to install VMware vSphere Client 4 on his Windows 8 x64 workstation, but without success. The setup was failing with following error message :


    Windows 8 is above Windows XP SP 2, right ? :) Anyway, changing the compatibility setting of the setup VMware-viclient-all-4.1.0-258902-v4.1.exe to Windows XP SP2 or Windows XP SP3, didn't fix the problem, the setup was failing again.
    VMware-viclient-all-4.1.0-258902-v4.1.exe is self extracting archive, so I've extracted the archive to a folder. Extracted folder contains bin and redist subfolders. In bin subfolder there is VMware-viclient.exe setup. Running this setup using compatibility settings was without success, setup was failing with same error message.
    In order to extract the .msi from setup, I ran :
    vmware-viclient.exe /a /s /v" /qn TARGETDIR=C:\viclient"
    In the viclient folder there was VMware vSphere Client 4.1.msi. I have adjusted the compatibility mode to be for "Previous version of Windows". The VMware vSphere Client 4.1.msi was failing again, but with another type of error message complaining about J# redistributable package. The Windows 8 x64 was missing J# redistributable package. Redistributable package of J# can be obtained from Microsoft http://www.microsoft.com/en-us/download/details.aspx?id=15468 or from previously extracted folder redist. After installation of J# redistributable package, the VMware vSphere Client 4.1.msi setup has completed successfully.

    Unable to install DPM 2012 SP1 Agent

    I was trying to install DPM 2012 SP1 agent using push method from DPM server and installation job was failing with following error on DPM server:

    Agent operation failed. (ID 370)
    An error occurred when the agent operation attempted to create the DPM Agent Coordinator service on protected server. (ID 347 Details: The service did not respond to the start or control request in a timely fashion)

    On protected server two sidebyside events with event ID 33 were logged in Application Log:

    Activation context generation failed for "d:\fbe53baf0ccc85b5405e430f\1033\SetupLaunchScreen.DLL". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.

    Activation context generation failed for "d:\fbe53baf0ccc85b5405e430f\1033\SetupLaunchScreen.DLL". Dependent Assembly Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis.
     
    Manual installation of DPM agent is failing with following error message and same two SidebySide events were logged on protected server's application event log:

     
    

    To resolve this behavior, first I've installed Microsoft Visual C++ 2008 Redistributable Package on protected server and then re-run the setup for DPM 2012 sp1 agent. After installing the Visual C++ 2008 redistributable package, DPM 2012 SP1 agent has installed successfully.

    DPM 2012 SP1 Scheduled jobs disapear without starting

    In this case DPM Server 2012 SP1 installed on Windows server 2012 with remote database on SQL Server 2012 SP1 installed on Windows Server 2012, scheduled jobs for protection groups were disappearing without starting job. Dedicated instance of SQL Server was installed just for DPM 2012 as required. This instance of SQL Server was prepared using DPM Remote SQL Prep. Setup of DPM 2012 SP1 has finished successfully without any issues.
    Manually triggering backup was successfully finishing, but scheduled jobs were just disappearing without starting the task.
    Following event 208 is logged in application log on SQL Server from source SQLAgent$InstanceName :
    The job failed. The Job was invoked by Schedule 13 (Schedule 1). The last step to run was step 1 (Default JobStep).

    From Job Activity Monitor can be seen that non-sysadmins have been denied permission to run CmdExec job step:

     
     
    SQLAgent for DPM instance was running under Local System account, so adding the sysadmin role to the Local System account has solved the problem.

    SCCM provider is missing read, write, or delete privilege

    During migration of SCCM 2007 to SCCM 2012 SP1, I have created migration job to migrate driver packages from the old to new SCCM organization. Migration job was failing with following error for each driver package :
    SCCM Provider is missing read, write, or delete privilege .

    Checking the NTFS/Share permissions for source path of the driver package, the SCCM 2012 computer account was having delegated Modify permission, but the driver package migration was failing with same error that SCCM Provider is missing read, write or delete privilege. After granting Full Control permission, migration job has finished successfully.
    There is published KB from Microsoft regarding this issue http://support.microsoft.com/kb/2741405 .
     

    How to delete printer driver using WMI and powershell

    In this case a new network printer was installed on network with ip address w.x.y.z. Unfortunately, this ip address w.x.y.z was belonging to some previously installed network printer that was decommissioned. On network there were client workstations that were using printer driver from the decommissioned printer pointing to w.x.y.z ip address. This situation was causing old spooled documents from clients for the decommissioned printer to print garbage on this new different type of printer with ip address w.x.y.z. The network administrator has provided list of client computers that were trying to empty their spool with old printer driver to the w.x.y.z ip address.
    One way to delete this old printer driver pointing to w.x.y.z ip address from clients is using wmi with powershell.
    First cancel old print jobs:

    PS C:\Temp> (Get-WmiObject win32_printer -computer client1,client2... -filter "Portname = 'IP_w.x.y.z'").cancelalljobs()

    Then, delete the print driver :

    PS C:\Temp> (Get-WmiObject win32_printer -computer client1,client2... -filter "Portname = 'IP_w.x.y.z'").delete()
     

    Cannot add send as permission for public folder on Exchange 2010


    In this case Exchange Administrator was trying to delegate send as permission to a mail enabled public folder on Exchange 2010. Wizard for delegating Send As permission was failing with following error message:
    Error:

    Active Directory operation failed on domain.controller.name. This error is not retriable. Additional information: Access is denied.
    Active directory response: 00000005: SecErr: DSID-03151E07, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
     
    The user has insufficient access rights.
    Click here for help...
    http://technet.microsoft.com/en-US/library/ms.exch.err.default(EXCHG.141).aspx?v=14.1.338.0&t=exchgf1&e=ms.exch.err.Ex6AE46B
     
    This public folder was migrated from previous Exchange organization, and the admin user was having permission to manage public folders. When Exchange admin was creating new mail enabled public folder, he was able to delegate Send As permission. Checking the owner for public folder using ADSIedit (Default naming context->DC=Domain,Dc=name->CN=Microsoft Exchange System Objects), was showing SYSTEM for the "migrated" public folder, and for the newly created public folder it was Computername$ of the Exchange Server.
    So, one way to fix this issue is to change the owner of the "migrated" public folder to Computername$ of the Exchange Server.

    Reminder: User(s) will not be able to send on behalf of mail enabled public folder even if they have send as permission, if mail enabled public folder is hidden from address list.

     

    Unable to connect to ASP.NET web service using web application

    In this case web developer has created web application installed on IIS 7.5, and this web application was trying to access to asp.net web service which was requesting for client certificate for authentication. Client certificate was issued by publicly trusted certificate authorities. This certificate was installed in machine personal certificate store. Web application's pool identity was delegated access to the private key of the client certificate. During import of the client certificate all intermediate certification authorities were imported into machine personal store.
    When the web application was trying to access the web service the following error was returned :
    The remote server returned an error: (403) Forbidden.
    For testing purposes same client certificate was imported into user's personal certificate store, and same web service was successfully accessed using web browser.

    Tracing was enabled, and following lines were into log file:
    .... 
    System.Net Information: 0 : [4184] SecureChannel#45901694 - We have user-provided certificates. The server has specified 8 issuer(s). Looking for certificates that match any of the issuers.
    System.Net Information: 0 : [4184] SecureChannel#45901694 - Left with 0 client certificates to choose from.
    ..... 

    Finally, the resolution for this kind of behavior was to place intermediate certificate authorities certificates from machine personal store into Intermediate Certification Authorities store. After removing Intermediate Certification Authorities Certificates from machine personal store and installing them into Intermediate Certification Authorities Store, the web application was able to connect to the web service.

    Adobe Reader XI breaks indexing of pdf files on Windows 8 x64

    After installing Adobe Reader XI on Windows 8 x64, I was unable to search the content of the pdf files. After checking the Indexing options for file types for pdf files was showing: Registered IFilter is not found.



    The resolution for this behavior is to return the registry setting for native IFilter. Open the registry editor and go to HKEY_CLASSES_ROOT\.pdf\PersistentHandler, and change the value to 1AA9BF05-9A97-48c1-BA28-D9DCE795E93C . Adobe reader overwrote the setting with F6594A6D-D57F-4EFD-B2C3-DCD9779E382E .
    After changing the registry key value, restart the Windows Search service, and you will be able to search the content of pdf files.

    The event log is corrupt

    In my case I was unable to see events in Application event log on Windows Server 2003. The following error message was popping out :


    Simple resolution for this error is to clear affected event log, and new events will start to log in.
     

    How to convert string to Base64 and vice versa using Powershell

    For debugging purposes I needed a quick way to convert Base64 encoded string. My opinion is that  the easiest way to achieve is to use Powershell.

    Here is the example how to convert string "Hello World" to Base64 using ToBase64String method:

    PS C:\Temp>$b  = [System.Text.Encoding]::UTF8.GetBytes("Hello World")
    PS C:\Temp>[System.Convert]::ToBase64String($b)
    SGVsbG8gV29ybGQ=

    And here is the example how to decode Base64 string using FromBase64String method:

    PS C:\Temp>$b  = [System.Convert]::FromBase64String("SGVsbG8gV29ybGQ=")
    PS C:\Temp>[System.Text.Encoding]::UTF8.GetString($b)
    Hello World


    More about using ToBase64String and FromBase64String methods check:
    http://msdn.microsoft.com/en-us/library/system.convert.frombase64string.aspx
    http://msdn.microsoft.com/en-us/library/system.convert.tobase64string.aspx
     

    Preparing WSUS for Windows 8 or Windows 2012

    In order to provide updates to Windows 8 or Windows Server 2012 from local WSUS, Microsoft has released an update KB2734608. This update is prepared for WSUS 3.0 SP2.
    More info on how to install the update check http://support.microsoft.com/kb/2734608 .

    Installing .NET Framework 3.5 on Windows 8 or Windows Server 2012

    If you try to install .NET Framework 3.5 which includes .NET 2.0 and .NET 3.0 on Windows 8 or Windows Server 2012 from Windows Update, you may experience error message with following error code 0x800F0906 .

     
     
    To resolve this problem you can install .NET Framework 3.5 from OS installation media. From elevated command prompt execute:

    Dism /online /enable-feature /featurename:NetFx3 /All /Source:<drive>:\sources\sxs /LimitAccess
     
    Where <drive> is the the drive letter for DVD drive, for example F:

    Dism /online /enable-feature /featurename:NetFx3 /All /Source:F:\sources\sxs /LimitAccess
     

    More on how to resolve errors when installing .NET Framework 3.5 on Windows 8 or Windows Server 2012 on http://support.microsoft.com/kb/2734782 

    Outlook 2013 changes

    I was deploying unified company signature files for Outlook for company employees using logon script. Until Outlook 2013 was deployed, signature outlook files were properly deployed. For users with deployed Outlook 2013, signature files were not applying. The reason for this kind of behavior is that Outlook 2013 does not store profile information under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles  anymore, instead it uses HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles .

    More for other changes introduced in Outlook 2013 on http://msdn.microsoft.com/en-us/library/office/jj228679.aspx .

    Another change in Outlook 2013 is that it does not embed pictures in html signature files by default anymore. To force same behavior from previous Outlook version in Outlook 2013 following registry key has to be created:
    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Options\Mail
    Value type REG_DWORD
    Value Name: Send Pictures With Document
    Value: 1 .


     

    SCCM Client 2007 does not report hardware inventory data

    In my case desktop machine was based on HP Compaq pro 6300, Windows 8 x64 as client OS with latest patches and SCCM client 2007 sp2 with latest hotfix http://support.microsoft.com/kb/2750782 for Windows 8 support. SCCM client was not reporting the data from hardware inventory agent. Hardware inventory agent was not able to query data from CCM_SystemDevices, here is a part from inventory agent log:

    <![LOG[Collection: Namespace = \\.\root\cimv2\sms; Query = SELECT __CLASS, __PATH, __RELPATH, CompatibleIDs, DeviceID, HardwareIDs, IsPnP, Name FROM CCM_SystemDevices; Timeout = 600 secs.]LOG]!><time="15:47:12.788+-60" date="01-17-2013" component="InventoryAgent" context="" type="1" thread="4232" file="collectiontask.cpp:347">
    <![LOG[Failed to add an instance of class CCM_SystemDevices to historical store: 8004100A]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:452">
    <![LOG[Failed to AddReport() for CCM_SystemDevices class to historical store: 8004100A]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:458">
    <![LOG[Collection: (80040900) Failed to update Data Store]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="invcommon.cpp:190">
    <![LOG[Raising event:
    [SMS_CodePage(437), SMS_LocaleID(1033)]
    instance of CLIMSG_HINV_WARNING_QUERYFAILURE
    {
     ClientID = "GUID:9A76A26F-6A41-48D8-A094-41B897D61069";
     Data1 = "SELECT __CLASS, __PATH, __RELPATH, CompatibleIDs, DeviceID, HardwareIDs, IsPnP, Name FROM CCM_SystemDevices";
     Data2 = "";
     Data3 = "";
     DateTime = "20130117144712.851000+000";
     InventoryActionID = "{00000000-0000-0000-0000-000000000001}";
     MachineName = "machinename";
     ProcessID = 4876;
     SiteCode = "sitecode";
     ThreadID = 4232;
    };
    ]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="1" thread="4232" file="event.cpp:525">
    <![LOG[Failed to process instances of CCM_SystemDevices: 80040900]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:361">
    <![LOG[Collection: Cycle failed: 80040900]LOG]!><time="15:47:12.851+-60" date="01-17-2013" component="InventoryAgent" context="" type="3" thread="4232" file="collectiontask.cpp:271">

    In order to find out why the query does not successfully finish, I have started wbemtest and connected to \\.\root\cimv2\sms and enumerate classes recursively:


     
     

    Find the CCM_SystemDevices from top level classes (double click):
     
     
     
    Show Instances:
     
     
     
    There was empty row with <no key> which was causing SCCM client Inventory Agent to fail:
     
     
    Double click to see the properties, since everything is blank click on Show MOF:
     
     
     

    MOF will show unprintable character \n "new line" in the name:

     
    From the properties of the USB3.0 extensible Host Controller from device manager there was nothing suspicious:
     
     
    I tried to update the driver, but there were no new versions to download. I have also checked Intel to download driver for USB 3.0 eXtensible Host Controller, but there were no new drivers for Windows 8, but there was a version of this driver for Windows 7. So, I have applied the not recommended way and applied Windows 7 drivers. Check http://plugable.com/2012/12/01/windows-8-and-intel-usb-3-0-host-controllers/ .
     
    New version of the driver from Windows 7 looks like:
     

     

    After installing Windows 7 version of the driver, SCCM 2007 Inventory Agent has successfully finished and reported to SCCM server.
     

    How to check EMBG (Unique Master Citizen Number) using regex

    In this post, I will share my implementation of how to check if some number looks like EMBG or Unique Master Citizen Number. For those of yo...