• Windows Server 2012 and Windows 8 Component Store

    So a few times now I’ve come across a system that had a corrupted component store, usually by trying to run SFC /ScanNow and failing, whether it be by power loss, hard drive crash or other. I’ve found some good commands on how to attempt to repair the component store and thought I would put them here so I could find them easily.

    First is how to manage and clean up your component store:

    Dism.exe /Online /Cleanup-Image /AnalyzeComponentStore
    Dism.exe /online /Cleanup-Image /StartComponentCleanup /ResetBase
    Dism.exe /online /Cleanup-Image /SPSuperseded

    The first command analyzes your store and tell you if a cleanup is needed, the second command does the cleanup (/ResetBase blocks the uninstallation of all SP’s and updates), and the third command removes all updates that are superseded by the latest installed SP.

    Now to scan and repair the component store:

    Dism /Online /Cleanup-Image /CheckHealth
    Dism /Online /Cleanup-Image /ScanHealth
    Dism /Online /Cleanup-Image /RestoreHealth

    CheckHealth checks to see if a corruption marker already exists in the store, ScanHealth scans the store for corruption and RestoreHealth TRIES to fix the corruption.

    Eightforums has great write ups on these commands and I recommend looking at them for more information:

    DISM – Fixing Component Store Corruption in Windows 8

    WinSxS Folder (Component Store) – Analyze in Windows 8.1

    WinSxS Folder (Component Store) – Clean Up in Windows 8.1


  • Lync 2013 installs

    So I’ve played around with Lync 2013 in my home lab. I previously had it installed and running internally but due to lack of resources, yes I need more hardware, I removed it from my lab. Will with logmein now not offering a free service my friend and I decided to relook at Lync and see if we can get it working externally also and leverage screen sharing. During the reinstall I found a couple of issues/shortcuts that I want to keep track off.

    First, installing the pre-requisite roles and features for a Lync 2013 Standard install on Server 2012. I found this nice PowerShell command line that will install the roles and features that are needed:

    Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Windows-Identity-Foundation, Telnet-Client, BITS -Source D:\sources\sxs

    Next was an error when trying to publish the topology. Looks like I didn’t correctly decommission the Central Management store from the original implementation so I had to clear it out by running this PowerShell command:

    Remove-CsConfigurationStoreLocation

    Followed by an error on the lync share when installing the server. I had to add the following groups to the SHARE permissions with full control:

    RTCHSUniversalServices
    RTCComponentUniversalServices
    RTCUniversalServerAdmins
    RTCUniversalConfigReplicator

    And then there was the certificate issue. I ran through the setup, requested and assigned the certificates but it wouldn’t let me continue stating that not all certificates usages were assigned. Well I did the old windows 3 finger salute and restarted the server and voilà, no more error message.

    Now onto the Edge server which installed with no issues but it seems that I can’t use it for external connectivity without purchasing a UC SSL cert which runs over $200/yr. That’s a kick in the head right there so basically no external Lync access. 🙁


  • Error access Certsrv site from 2008 server to 2003 CA

    So we recently had to request a certificate from a Windows 2008 R2 Server from our internal Windows 2003 Enterprise Certificate Authority. When we hit the https://server/certsrv site we got this error:

     

    Microsoft Active Directory Certificate Services  —   
    Error
    The certificate enrollment page you are attempting to access cannot be used with this version of Windows. To enable Web certificate enrollment for clients running Windows Vista, your administrator must update all Windows CA Web enrollment pages. To learn more about this issue and the steps needed to update Web enrollment pages to support all versions of Windows, see:

     

    Well after doing some searching, http://en-us.sysadmins.lv/Lists/Posts/Post.aspx?ID=53, I found that you need to do some uninstalling and re-installing of patches for the CA server.

    Here are the steps to get it working:

    To work around this issue you must follow the steps described below:

    1. Uninstall KB2518295 from Add or Remove Programs applet.
      Note: by default security updates are not shown in Add or Remove Programs applet. Mark Show Updates check-box.
    2. Install KB922706 update. Use the links below to download appropriate update:
      Download link for Windows Server 2003 x86
      Download link for Windows Server 2003 x64
    3. Install MS11-051 security patch. Use the links below to download appropriate update:
      Download link for Windows Server 2003 x86
      Download link for Windows Server 2003 x64

    After update installation you may need to restart web site that serves enrollment web pages. To do that, do the following:

    1. In the Start –> Administrative Tools select Internet Information Services (IIS) Manager.
    2. In the opened console, expand Computer Name\Web Sites node.
    3. Select Default Web Site entry.
    4. In the Actions menu, select Stop and then click Start from the Actions menu.

  • Cleaning up AD DN’s

    Ok, I often have to extract and attribute from AD that returns objects in a DN format. Then I have to clean it up to only get the CN of the object and i re-create what I do every time so I figured I’d post it here so I don’t forget 🙂

    So you have a list of DN’s, here’s how to clean it up.

    1. Paste the list into Excel
    2. Do a search/replace on CN= and replace with blank
    3. Punch this formula into an adjacent cell and expand down, "=LEFT(A1,(FIND(",",A1)-1))". This will return all the characters to the left of the first ","
    4. You now have a list of only the CN’s from the full DN 

    I hope this helps 🙂


  • How to Enable Remote Desktop Remotely using PSEXEC

    If you’re like me, you’ve probably tried to connect to a remote Windows system and found that the "Allow Remote Connections" setting is disabled. Well I found this great little article, Ben O’Sullivan’s Blog, that will allow you to enable it remotely. 

     

     

    • Download and install PSExec. This is an offical tool from Microsoft to emulate a remote command prompt. 
    • Enter the following command to enable remote desktop in cmd
      psexec \\machinename reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
    • Enter these commands enable RDP traffic through the windows firewall
      psexec \\remotecomputername netsh firewall set service remoteadmin enable
      psexec \\remotecomputername netsh firewall set service remotedesktop enable

      psexec netsh

       

       


  • BlackBerry Google Maps app continuously prompts for permission change

    I recently deployed version 4.2 of Google Maps via our BES infrastructure in order to support BlackBerry Device version 5. As soon as it was deployed we got the prompt stating that Google Maps is requesting a permissions change.

    We went through, looked at all the application permissions and they were all set to allow. But Google Maps still wanted to change permissions. The application still ran find if we choose the option to "Proceed Anyways" but on startup the app would ask for permission change again.

    I found the answer after going through every one of our IT Policies one by one. 

    It seems that the "Allow Third Party Apps to Use Serial Port" IT Policy must be set to default or Allow in order for the Google Map application to work without constant prompting to change permissions.

     

    The question still remains why does Google Maps need to use the Serial Port, IrDA or USB ports? Previous version where ok with this setting being set to no and this has recently changed with Version 4.x.


  • VMWare and Server 2008 R2 = Jumpy mouse

    This is a known issue to VMware now and they are in the process of creating a new KB for the workaround.
     

    Here is how to fix jumpy mouse for Windows 2008 R2:
     

    After you install VMware Tools, reboot, login and your screen will be jumpy.
     

    The VMware Tools install should have created the folder: C:/Program Files/Common Files/VMware/Drivers/wddm_video
     

    browse to your Device Manager, choose your video adapter, right click, and "Update Driver". Browse to the folder listed above, reboot. At this point it should be fixed. If it is not fixed, shutdown your VM, go to edit settings, click on Video, and verify is has 8MB of Memory for Video. You may also need to verify this in the BIOS.