Showing posts from July, 2013

Microsoft Forefront TMG 2010 invalid certificate

In this case Forefront TMG 2010 was installed on Windows Server 2008 R2, and for web publishing purposes (rule), server certificate from public CA was installed in local machine store. The certificate request was created with mmc using custom certificate request. Private key was successfully associated with certificate, but from TMG console this certificate was invalid with incorrect key type:

The reason for this behavior is that during custom certificate create wizard on custom request page for template was chosen CNG key instead Legacy key. Forefront TMG does not support certificates created with CNG

Another important worth to notice is that for Private Key (tab) options for the Key type usage must be selected Exchange instead the default one Signature :

Step by step instruction how to create certificate request using mmc can be found on one of my previous posts…

VSS Error Event 8194 on Windows Server 2012 Failover Cluster

In this case I was running Windows Server 2012 Hyper V Failover Cluster with CSV, and I was trying to backup the nodes from cluster using DPM 2012 SP1 RU 2. I have scheduled BMR system protection to all cluster member nodes. The backup of nodes was finishing successfully without any errors on DPM server. But, on all cluster nodes application log was having error logs 8194 from VSS source :

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context:Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer I have opened support case with Microsoft, and support engineer has confirmed that this behavior is bug. This behavior will probably not be changed, and should be ignored.

Failover Cluster validation test on Windows Server 2012 with warning

This case is connected with the previous post Unidentified network on teamed interface where Windows Server 2012 had teamed adapter in switch dependent / address hash / LACP mode. I had two identical server boxes configured the same, including network configuration. Both servers were planned to be part of failover cluster. Teamed adapter was having multiple interfaces with different VLAN ids. One of the interfaces was management interface with specified VLAN ID, and one interface with different id for internal cluster communication.
Failover cluster validation configuration wizard was finishing successfully with warning on Network part for Validate IP configuration test. The Validate IP configuration test was complaining about duplicate physical address on management and "private" (cluster communication) interface on both nodes. This warning is expected since both servers were using teamed adapter, and interfaces for management and cluster communication were with different …

Unidentified network on teamed interface

In this case I was configuring Windows Server 2012 with two network interfaces. Both network interfaces were added to a team interface. Team was configured in switched dependent / Address Hash / LACP mode. Server was connected on Cisco Catalyst 4507. Initial port configuration was like this:

interface Port-channelX switchport trunk encapsulation dot1q switchport trunk allowed vlan Y switchport mode trunk
interface GigabitEtherneta/b
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group X mode active

interface GigabitEthernetc/d
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group X mode active

After rebooting the server, Windows Server 2012 was unable to identify the network even though the server was properly configured, connected and domain joined. After disconnecting and connecting the network, the server was able to identify the network and apply the right domain firewall profile. The reason for this behavior was Network Location Awareness service, whic…

Unable to deploy Adobe Flash Player using GPO

I was trying to deploy Adobe Flash Player 11 using Group Policy Object Software installation feature. The msi package of Adobe Flash Player was assigned to computer part of the GPO. GPO was applying successfully and Adobe Flash Player was installing successfully on start up on most of the computers that were in the scope for the GPO to be applied. On some workstations, GPO was failing to apply with following events in Application Log :

Log Name:      Application
Source:        MsiInstaller
Event ID:      10005
Task Category: None
Level:         Error
Keywords:      Classic
User:          SYSTEM

Product: Adobe Flash Player 10 ActiveX -- Error 2753.The File 'InstallAX.exe' is not marked for installation.

And in System Event Log couple of messages from Source Application Management Group Policy with Event ID 108,303,102, followed by:

Log Name:      System
Source:        Microsoft-Windows-GroupPolicy
Event ID:      1085
Task Category: None
Level:         Warning