Monday, December 31, 2007

Dealing with a corrupt local XP profile

If you find that a local profile is corrupt when trying to open it and it opens a temp profile, try this.

Log in as an administrator (not the user with the problem). Go to My Computer Properties -> Advanced -> User Profile Settings and copy the profile to some folder somewhere on the computer. Then delete the corrupt profile from c:\docs and settings (including the temp profile) and then re-log on as the user with the corrupt profile. Restart the computer. Log in as an administrator and copy the copied profile to the newly created profile in c:\docs and settings.

Thursday, December 27, 2007

Adobe programs trials install fails with error 1327

I found a strange error when users were installing trials of Adobe Photoshop (or Acrobat) in Vista. They were getting "Error 1327 : Invalid drive H:"

As per the information here:
http://www.adobeforums.com/webx/.3bc28a5e?14

1. Right click on Command Prompt in the Start Menu and selected Run As Administrator.
2. Typed "Net Use h: \\servername\sharename"
3. Exit out of the command prompt


It's something ridiculous about the user's home folder on the server not having full administrative permissions which I guess it needs as a temporary folder.

Friday, December 21, 2007

Shutting down a computer remotely

shutdown \\computername /l /a /r /t:xx "msg" /y /c

\\computername: Use this switch to specify the remote computer to shut down. If you omit this parameter, the local computer name is used.

/l (Note that this is a lowercase "L" character): Use this switch to shut down the local computer

/a: Use this switch to quit a shutdown operation. You can do this only during the time-out period. If you use this switch, all other parameters are ignored.

/r: Use this switch to restart the computer instead of fully shutting it down.

/t:xx: Use this switch to specify the time (in seconds) after which the computer is shut down. The default is 20 seconds.

"msg": Use this switch to specify a message during the shutdown process. The maximum number of characters that the message can contain is 127.

/y: Use this switch to force a "yes" answer to all queries from the computer.

/c: Use this switch quit all running programs. If you use this switch, Windows forces all programs that are running to quit. The option to save any data that may have changed is ignored. This can result in data loss in any programs for which data is not previously saved.

For example:

Shutdown /r /m \\server2

Thursday, November 29, 2007

Implementing IMAP over SSL on Exchange

Last night, I put in IMAP over SSL for the first time. It was surprisingly easy.

More or less, it went like this:
Open up port 993 on the firewall to your Exchange server.
Make sure the IMAP service is set to automatic.
Then go to the Properties of the IMAP virtual server:
ESM -> Servername -> Protocols -> IMAP4 -> Default IMAP Virtual Server
Go to the Access tab
Hit Certificate -> Assign existing certificate -> and then you choose your SSL certificate (same one you have for OWA)

Then you need to turn off regular IMAP by requiring secured connections. Go to the properties of the Default IMAP Virtual Server and click on the Access tab. Click on Communication. Check the box for Require Secure Channel.

And really that was it. Then I was able to connect to IMAP over SSL. Of course client configurations are necessary, but that's relatively easy.

Installing a Turbo SSL Certificate from Godaddy on an SBS box

This is from my own notes (combined with Godaddy's) on how to install a Godaddy Turbo SSL Certificate on a Windows SBS box.

buy certificate from godaddy.com web site

log in to godaddy site

click on My Account

Under My Products, click on "Manage SSL Certificates"

Click "Set up Certificate"

Select certificate you purchased

Click "activate account"

if you've created a cert before with this account, log in, if not, create a new SSL account with a more secure 8 character password and the same username

click "request certificate"

Select certiticate again and click "request certificate"

Create your CSR request for IIS using these instructions:
# Go to Internet Information Services (IIS) Manager on your Exchange server
# Go to Servername -> Web sites -> Default web site . . . and Right mouse-click to select Properties.
# Click the "Directory Security" tab.
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Remove the existing certificate
# Click the "Server Certificate." button (located in the "Secure communications" area)
# Click "Next" in the Welcome to the "Web Server Certificate Wizard" window.
# Select "Create a new certificate"; then click "Next."
# Select "Prepare the request now, but send it later" and click "Next."
# In the "Name and Security Settings" window, fill in the name field for the new certificate; then select the bit length (1,024 or higher). Click Next.
# For organization unit, you can put in "na" without quotes
# Verify the information in the request and click "Next."
# On the "Completing the Web Server" screen, click "Finish."
# Open the generated CSR file; then, using a plain-text editor, such as Windows Notepad, copy and paste the CSR into the online enrollment form.

godaddy will send an email to the administrative contact for the domain and if approved, the certificate will be sent via email.


then when you have the email with the link to the certificate, follow these instructions:

Installing SSL Certificate and the Intermediate Certificate Bundle (gd_iis_intermediates.p7b)

Before you install your issued SSL certificate you must download and install our intermediate certificate bundle (gd_iis_intermediates.p7b)on your Web server. You may also download the bundle from the repository.

Once you have downloaded and saved the certificate bundle, please follow the instructions below to install it.

Installing Intermediate Certificate Bundle (gd_iis_intermediates.p7b):

1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Intermediate Certification Authorities folder is visible.
8. Right-click on Intermediate Certification Authorities and choose All Tasks; then click Import.
9. Follow the wizard prompts to complete the installation procedure.
10. Click Browse to locate the certificate file (gd_iis_intermediates.p7b).
11. Choose Place all certificates in the following store; then use the Browse function to locate Intermediate Certification Authorities. Click Next.
12. Click Finish.

Installing SSL Certificate

1. Select the Internet Information Service console within the Administrative Tools menu.
2. Select the Web site (host) for which the certificate was made.
3. Right mouse-click and select Properties.
4. Select the Directory Security tab.
5. Select the Server Certificate option.
6. The Welcome to the Web Server Certificate Wizard windows opens. Click OK.
7. Select Process the pending request and install the certificate. Click Next.
8. Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type all files).
9. When the correct certificate file is selected, click Next.
10. Verify the Certificate Summary to make sure all information is accurate. Click Next.
11. Select Finish.

NOTE: If the Go Daddy root certificate is currently installed on your machine you will need to disable it from the Trusted Root Certification Authorities folder. Please follow the instructions below to do this:

1. Select Run from the start menu; then type mmc to start the Microsoft Management Console (MMC).
2. In the Management Console, select File; then "Add/Remove Snap In."
3. In the Add/Remove Snap-In dialog, select Add.
4. In the Add Standalone Snap-in dialog, choose Certificates; then click the Add button.
5. Choose Computer Account; then click Next and Finish.
6. Close the Add Standalone Snap-in dialog and click OK on the Add/Remove Snap-in dialog to return to the main MMC window.
7. If necessary, click the + icon to expand the Certificates folder so that the Trusted Root Certification Authorities folder is visible..
8. Expand the Trusted Root Certification Authorities folder.
9. Double-click the Certificates folder to show a list of all certificates.
10. Find the Go Daddy Class 2 Certification Authority certificate.
11. Right-click on the certificate and select Properties.
12. Select the radio button next to Disable all purposes for this certificate.
13. Click OK.

NOTE: Do not disable the Go Daddy Secure Certification Authority certificate located in the Intermediate Certification Authorities folder. Doing so will break the server, causing it to stop sending the correct certificate chain to the browser.

Monday, November 26, 2007

Control F5 to refresh and reload

Interesting tidbit I learned today about clearing the cache on a page. You can press Control F5 and it will reload a page an all its component parts:

http://blog.httpwatch.com/2007/10/19/using-ctrlf5-in-ie-7/

Wednesday, November 21, 2007

Revision data removed error in Word 2002 and Word 2003

It had been a while since I came across this error, but I just did, and I had to dig deep to remember the very simple solution.

Sometimes when a document is passed between Word 2002 and Word 2003 and track changes are used, you get this weird "revision - data removed" error. And then you can't open the document in Word 2002. But you can this weird window when opening the document in Word 2003.




















I don't know what the user does necessarily to cause this (because I have lots of users exchanging documents between Word 02 and Word 03 with track changes) - but when you see it, the simple fix is to select all and past the entire document into a new blank document. And then resave it. Whatever code that is causing the problem is eliminated.

Saturday, November 17, 2007

Making the Intelligent Message Filter (IMF) download updates.

  1. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange
  2. Add a key of “ContentFilterState” and give it a DWORD value of 1.

Thursday, November 15, 2007

Outlook 2007 crashing because of Acrobat add-in

I had an issue with Outlook checking its data file each time it opened, so I researched it and found it was Outlook not closing properly. Anyway, lots of opinions pointed to the PDFMOutlook add-in from Adobe Acrobat. I tried to disable the add-in from:

Tools | Trust-Center | Add-ins

but it gave me an error, so I went here and changed the LoadBehavior from 3 to 0 from the PDFMOutlook add-in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins

disable autotune on vista for better network performance

I have found network performance awful with Vista. To make matters worse, it tells you the transfer speed while it's copying data on your network. How in the hell I am getting 500 KB/s transfer speed on a 100 Mb/s wired network?

I read that you can run this command:
netsh int tcp set global autotuninglevel=disable

and it will disable autotune which is the cuplrit here. As with most things, I found a great description at Daniel Petri's site:

netsh int tcp set global autotuninglevel=disable

update - Vista does copy files slowly, but after this I noted that it was copying over the wireless and not the wired connection. I'll never understand why, but some computers have the wireless connection prioritized above a wired connection. My next blog post will be about how to switch those settings.

Wednesday, November 7, 2007

Slow performance on a Vista computer after you establish a VPN connection

I've had complaints from some of my Vista users about speed of network connections over PPTP VPNs.

Here is a KB article from Microsoft about that issue:

http://support.microsoft.com/kb/934202

Vista Business from an OEM vendor that does not let you rename files or folders on network drives

Cause : Possibly the way the OEM vender packaged the OS.

Resolution : Create the parameters key in the following location :

HKLM/system/currentcontrolset/services/csc/parameters

Then within the parameters key, create a DWORD Value named FormatDatabase with a value of 1 (hex) then reboot the machine.

A slightly less esoteric solution is to disable offline folder caching.
The OEM version seems to come with it enabled, but not configured.
Disable it.
Reboot.


Go to the control panel, open the "offline files" control, disable or enable as you wish and then reboot.

Here is a screen shot of the error:












Microsoft covers this issue here:
http://support.microsoft.com/kb/934160

Tuesday, November 6, 2007

Connecting a Mac to a Windows 2003 file server (update)

After I finished yesterday's post, I thought about the File Services/Server for Macintosh. That is to enable the Mac to see the UAM volume via AFP, which is not helpful. I want the user to see the actual shares that the regular PC users see.

And then I came across this:
http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x

It talks about the change you need to make to the Windows server to allow SMB access, which is of course what we want. I guess the reason that I was able to make it work in Windows 2000 and not able to make it work in Windows 2003 is this requirement for digitally sign communications.

I haven't tried this out yet, but I will be able to this afternoon and not update this post if it is successful.

Monday, November 5, 2007

Connecting a Mac to a Windows 2003 file server

In the last couple of months, I've had the displeasure of trying to attempt to connect two Macs to Windows 2003 servers. No success either time. This is a record of what I've tried and what I think.

Let's start with where I started - a typical Windows 2003 server (in each case the AD controlled by an SBS 2003 box). No modifications for Macs at all.

You can try connecting via AFP (Apple Filing Protocol), but you can't connect. If you choose go -> Connect to Server and just put in the IP address or type AFP://123.123.123.123 - it won't be able to get to the server. If you try to connect via cifs://123.123.123.123 or smb://123.123.123.123 - it will give you a login screen with username, password, and domain/workgroup - but when you put in your info, it says that your login info is no correct. Interestingly enough, in the servers security event log (in my experience today at least) says that the user was authenticated successfully. And if you put in invalid credentials, the security event log will see your invalid login attempt and say so in the security event log.

So that's where we start. The first thing I tried was adding File Services for Macintosh:
http://technet2.microsoft.com/windowsserver/en/library/6f3ef0f8-b358-43b0-bbd3-6fbeba43d4d61033.mspx?mfr=true

But what that gets you is the ability to connect to the Microsoft UAM volume on the server using AFP, not any worthwhile shares which is what you probably want to get to. So that is no good.

One thing I came across was a reference to authentication type. Right click on My Computer. Go to manage. Right click on Shared folders from Computer Management/System Tools/Shared Folders. Choose "Configure File Server for Macintosh." In the Security section under Enable Authentication, the drop down box has "Microsoft Only" by default. Switch it to "Apple Clear Text or Microsoft" and hit Apply. Then restart the File Server for Macintosh service.

Unfortunately, for me, this did not help in today's issue. I'm still getting an error on the Mac when I - and error when I input the login credentials on the Mac, I get the error from the Mac about credentials being invalid - though the security event log still says that the login succeeded.

So my temporary solution has been to set up FTP for the Mac users - which works in the short term, but I'd love to get this solved.

One other thing I tried was this:
http://www.macdevcenter.com/pub/a/mac/2003/12/09/active_directory.html

It added the Mac to domain. But even still, Go -> Connect to Server - it still doesn't connect.

You would think that everything you'd need would be here:
http://technet2.microsoft.com/windowsserver/en/library/04ee8e17-bd60-4a9f-bd8a-eb5d4e2cfec01033.mspx?mfr=true

It was written in January 2005, so it must take Server 2003 into account. I will play more with this tomorrow.

Increasing the size of the private information store

  1. On the computer that is running Exchange Server, open a registry editor such as Regedit.exe or RegEdt32.exe.
  2. Navigate to: HKLM\ System\ CurrentControlSet\ Services\ MSExchangeIS\ ServerName\ Private-
  3. Right-click MailboxStoreGUID, point to New, and then click DWORD Value.
  4. For the new DWORD value, type Database Size Limit in Gb.
Double-click Database Size Limit in Gb. In Value data, type an appropriate value for maximum database size in GB (decimal value - less than 75). Click OK.

Also can be seen here:

Saturday, November 3, 2007

Adding a Vista PC to an NT 4 domain

1. SRVMGR.EXE on the PDC and add the computer name of the Vista PC.

2. On Vista PC run, secpol.msc then Under Local Policies > Security Options, Change the following two settings

- Domain Member: Digitally Encrypt sign secure channel data (always) - change to disabled

- Network Security: LAN Manager authentication level - change to "Send LM and NTLM - use NTLMv2 session security if negoitated"

Thursday, November 1, 2007

Inserting sounds and media into PowerPoints

By default, all files over 100 KB are linked and not embedded. To increase the limit to greater than 100 KB:

Tools -> Options -> General Tab

You cannot embed MP3 files, only WAV, AU, and AIFF files.

Wednesday, October 31, 2007

Recycling IT components

As an environmentalist, I often run up against the problem of clients who want to dispose of things but don't want to pay to have them recycled or disposed of properly. Unfortunately, we're not at a point in this country where we have free electronics recycling, but there are some things that HAVE TO BE recycled. One example is rechargeable batteries. As an example, I have one client who has an old APC UPS. It's nonfunctional, but it has a 10 pound battery inside that cannot be thrown away. As of the last time I investigated this, I had to pay for APC to take back one of their batteries unless I wanted a replacement. As such, I did then what I'm doing today. I looked up local places that take recycled batteries. Here is the site:

http://earth911.org/

and here is the link to battery recycling:

http://www.earth911.org/master.asp?s=ls&serviceid=126

Tuesday, October 30, 2007

Sharepoint 3.0 broken by Microsoft patch

It's so absurd when a Microsoft patch breaks a Microsoft program/component. It happens from time to time. In Oct0ber 2007, Microsoft released a patch that broke one of my client's Sharepoint 3.0 servers. After some brief research, I found the answer here:

http://www.vladville.com/fixing-sharepoint-30-with-kb932091

The suggested fix here solved the issue.

Best practices for a wireless network

I was looking through a manual for a device and I came across Belkin's best practices for placement of a wireless router. I thought it was helpful enough to post it:

Try to avoid placement of wireless devices near:
• 2.4GHz cordless phones
• Microwave Ovens
• Refrigerators
• Washer/Dryer
• Metal Cabinets
• Metallic-based UV tinted windows

Implementing a Change Password button in OWA

http://www.petri.co.il/enable_password_changing_through_owa_in_exchange_2003.htm


and if you have ISA:

http://forums.techarena.in/showthread.php/showthread.php?t=442474

which says The change password functionality uses a different URL, and there's no ISA
Rule that covers granting access to it, ergo ISA says "403 Forbidden" and
blocks it.

You need to add /iisadmpwd/* to the OWA Web Publishing Rule in the paths
tab, using the same format as the existing entries.

Monday, October 29, 2007

Vista flaws found so far

I wish I could like Vista. I started rolling it out to my clients a couple months after it came out. For the most part, it's ok, but here are my main complaints:

1) it is slow - there are too many instances where the computer should just do something and the screen goes white while that damn circle just keeps rotating. These are times when I'm just navigating folders or going from one folder to another within Outlook. And not all the time, but sometimes - on several computers. Also, it can take so long for folders and their contents to come up. Why the hell does it take 10 seconds to display the control panel? If it was just slow consistently, that would be one thing - but when it's inconsistently slow, that speaks to a flaw in the programming.

2) Display settings don't retain. When a laptop goes to sleep, it will often lose all or part of its display settings on an external monitor. I have several clients with an external display and extended desktops (using the laptop screen). Settings do not remain the same after going to sleep or restarting. This happens with and without docking stations.

3) Believe it or not, I think Vista is more crash prone than XP. I find more illegal program messages in Vista than XP.

Saturday, October 27, 2007

Reformatting Dell Computers

Norton Ghost™ is available on Dell™ Dimension™ and Inspiron™ systems that shipped on or after Oct. 18, 2005 in the Americas. If your system does not have Norton Ghost available, please refer to the Dell Reinstall Wizard: 291641 - "Microsoft® Windows® XP Reinstall Guide"

Ctrl F11 upon bootup should start Norton Ghost recovery

Friday, October 26, 2007

Dell Latitudes and disabled NICs

One thing I've had trouble with off and on is that Dell laptops with Broadcom network cards disable the NIC when you unplug the power cord and a network cord is not in. This can create problems when you have users who work on a wired connection at their office and then take their laptop home and work wirelessly on battery and then bring their laptops back in. When you clod boot a computer, the NIC comes back on, but if the laptop was asleep, in my experience it does not.

Personally, I've always preferred to just disable that power saving feature. The Broadcom applet in the Control Panel doesn't do it, so I have found the best way to do it is to do this:

Unplug the network cable
Unplug the power cable
For about 3 seconds a Broadcom window will come up that will say "your internal network card has been deactivated. Click here to change preferences"
And then you tell it to "always activate on battery"

You can do this in the dock or not in the dock.

Thursday, October 25, 2007

recycling used cell phones

I was very pleased today to see that Palm offers free cell phone recycling.

http://www.palm.com/us/support/contact/environment/recycle.html

I guess with the size of cell phones, it's trivially easy to dispose of them in an environmentally friendly way - or they may be usable somewhere else. I've long been dissatisfied with the options for recycling computers. The options are not widely known and so many computers end of landfills. Personally, my clients and I end up recycling computers by donating them to The National Cristina Foundation.

Tuesday, October 23, 2007

reformatting a Toshiba Portege R205

Reformatting a Toshiba Portege R200 or R205

Hold down 0 (zero) while starting the laptop

Point of this blog

I have been keeping my own notes on things I have learned as an IT consultant. I'm making these notes publicly available and adding my own opinions as I gain experience with different things in an effort to help people.