Tuesday, December 22, 2009

Installing, Administering, and Using the Microsoft Exchange Server ActiveSync Web Administration tool

A client asked me today if I could delete her Outlook data from her iphone if it was stolen. The answer is yes - though I advised her that a password to access the iphone is the best protection she can have. To remotely wipe an Exchange Activesync device, you need to use the Exchange Server ActiveSync web administration tool.

Here's a good tutorial on installing and using that tool:

Monday, December 14, 2009

x2upBF.dll causes Office 2007 programs to crash

For the fourth time in a month, I've come across this same issue of Office 2007 programs (other than Outlook) crashing immediately upon opening. It doesn't matter if you start them in safe mode. In the application event log, you see:
Log Name: Application
Source: Application Error
Date: 12/10/2009 11:33:03 AM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: HP-6510B-BE.domain.local
Faulting application WINWORD.EXE, version 12.0.6514.5000, time stamp 0x4a89d533, faulting module x2upBF.dll, version 5079.500.0.0, time stamp 0x4831cc55, exception code 0xc0000005, fault offset 0x000578ca, process id 0x17d8, application start time 0x01ca79b66b555f89.

In each case, it's been Office 2007 SP2 running on Vista (three times on SP2, once on SP1) and in each case it's been on the same LAN running with a single SBS 2003 Premium server. I'm able to fix the issue each time by recreating the user's profile. In one case, the problem returned on one user's machine (happening first one SP1 then several weeks later after I had upgraded to SP2).

Today, I had my fourth instance of this error - but I got some new information. I had remoted into this user's machine over the weekend and updated his Acrobat Standard to 8.1.7 and installed 10 Windows updates:

After troubleshooting the latest computer, where I knew for sure what I had changed, I did a system restore to a couple days before I made these changes (Acrobat upgrade and 10 updates installed). I successfully upgraded the Acrobat Standard to 8.1.7 (the latest version) and Word and other Office 2007 programs seem stable. I'll install the Windows Updates one by one over the next couple of days to see if one of them is the cause of the trouble.

In each case before this, I guess I had not attempted a system restore (though I could have sworn I would have as that's a normal part of troubleshooting and my memory says I did). But as previously mentioned, I solved the problem by recreating the user's profile (as the problem seemed to be isolated to a certain user's profile) and copying all their data back and setting their profile up again.

EDIT: On the machine where I observed the error, I later installed just KB949810. Office progarms worked fine after that. On a different machine (also Vista SP2 with Office 07 SP2), I installed KB973917, KB976884, KB976325, KB970430, KB976416, KB890830, KB905866, KB974318, KB973917.

EDIT: 1/4/10 - On another machine - I got this same issue. Same client, never seen it anywhere else. This is a machine that has not had this issue before. However, the updates were last installed on this machine on 12/14/09. I did a system restore to 1/2/10 - when the problem was not occurrung - but Word and other Office apps still crashed complaining of x2upBF.dll. So I'll go about my standard process of deleting and recreating the user's profile.

Sunday, December 6, 2009

Word troubleshooting tips

Here's a page with troubleshooting tips for Word problems:


Wednesday, December 2, 2009

tool for checking email and DNS issues

I use lots of different tools for checking DNS and email issues. My favorite is www.dnswatch.info

But I came across a new one today which looks very helpful:


There are tons of tools there - but a great one is test an email address - which even shows you a the transcript of the conversation with the remote mail server.

Tuesday, December 1, 2009

Fixing the DNS poisoning patch (MS08-037) on SBS 2003

I found a server that had no ability to interact on the network after a reboot. The IPSec service was stopped and would not start (error 10048). After troublehsooting, I found this - which someone else referred to as the DNS poisoning patch. Making the registry changes solved the issue:


Add these items to:


Of note, on another server, without making any changes, I saw this superset list of ports in that registry key:

Thursday, November 19, 2009

adding blacklists to Exchange 2007

IMF in Exchange 2007 is more configurable than in Exchange 2003, but I find it more cumbersome than GFI Mail Essentials, which I love.

For this particular Exchange 2007 server (via SBS 2008), I had users complaining about Microsoft and Facebook spam. Since the IMF updates were not adjusting the content filtering to adjust for these messages, I decided to add black lists. I have hated black lists for years, as I occasionally find myself on them and it's a bitch getting off of them - but conceptually, if the blacklist is accurate with no false positives, it should be a very good tools.

OF NOTE - you should limit your number of blacklists to 3. See this post for more information

To configure it, I opened up Exchange Management Console -> Organization Configuration -> Hub Transport and went to the anti-spam tab. I went into IP block list providers and added these blacklists:


Here are some others I could have added:


Tuesday, November 17, 2009

Microsoft finally offers free anti-virus

Microsoft's free anti-virus option is now out of beta and publicly available. You can get it here:


I'm still evaluating it on Windows 7, but so far it seems ok. It is a free option for any geniune Windows that runs Win XP or later.

Wednesday, November 4, 2009

registering a blackberry on the network

Had a Verizon Blackberry that needed to be registered on the network. Went to options -> advanced options and the host routing table. Click the menu/blackberry button and hit register.

Thursday, October 29, 2009

SBS 2008 - not resolving some external DNS

Today, I found an SBS 2008 box that was not resolving a certain web site. The client had gone to that site before, but today they could not. The client was on-site with the server and set only with the SBS box as the DNS server. I couldn't run a tracert to the site (from a DOS prompt on the server) - it said unable to resolve target (I believe). After troubleshooting, all I did was stop and restart the DNS Server service. Very dumb.

Perhaps this article might have helped, I don't know.


But it was next on my list of things to try.

Monday, October 26, 2009

Blackberry Tour 9630 setup weirdness

I've recently gotten two Blackberry Tours lately and in both, the BB didn't have the web browser or the ability to establish a BIS account (this is found under the setup group in email settings). In each case, I had to do this:

Options-> Advanced Options -> Hosting Routing table -> Register Now

Very stupid, but at least it works.

Sunday, October 25, 2009

Configuring Trusted SMTP Relay in Exchange on SBS 2008

Here are instructions for creating an SMTP relay on SBS 2008 (remote clients who don't use Exchange that you want to send through the Exchange server via SMTP with authentication):


Thursday, October 22, 2009

Outlook "Cannot create [file attachment]"

I ran into a case today where a user was not able to open an attachment. It kept giving the error "cannot create [filename]" when trying to open the Outlook attachment. In this case, the file was called voicemail.mp3 and was caused by the fact that 99 other voicemail.mp3 files had been received as attachments previously. It was as simple as deleting all the attachments in the temporary store and then trying to reopen the attachment.

Instructions here:

Of note - an easy way to find the Outlook temp folder is to do a regedit and search for:

Saturday, October 17, 2009

updating Symantec Mail Security

Symantec Mail Security has links in it for updating it, and it has a LiveUpdate that only updates definitions. Anyway - the method for updating Symantec Mail Security v 6 is to go to licensing.symantec.com. Then log in, and click on "get software." Enter the appropriate serial number (obtained during your original install - you probably have an email from when you first installed it that has this). Then you can download the 300+ MB file and install it over the existing installation.

Wednesday, October 14, 2009

whitelisting IPs in Exchange 2007 to bypass content filter

There are two places to adjust the anti-spam filter in Exchange Management Console. One place is in Organization Configuration -> Hub Transport.

But that doesn't help if you want to whitelist an IP address. You have to use the other anti-spam location in Server Configuration -> Hub Transport.

It looks like this:

Saturday, October 3, 2009

Exchange 2007/2010 sending emails in RTF and winmail.dat attachments

Just corrected a stupid issue on an Exchange 2007 server where my users were sending emails to external recipients in rich text format (RTF) - even though the users were specifically choosingto send emails in HTML format. And part of what makes RTF a terrible format for email is that non-Outlook users receive all emails as winmail.dat files - which is how this problem presented itself. There is a setting in Exchange 2007/2010 where messages sent to certain external recipients in certain situations will always be converted to RTF no matter what the original format the message was sent in.

After investigating, I found this to be DEFAULT behavior in this scenario:
1) you are sending to an external contact defined in Exchange Management Console
2) the contact you are sending to does not use Outlook

To resolve it, you need to edit the properties of the contact. There is a field on the general tab for "Use MAPI rich text format." It should be changed from "use default settings" to "never"

You can also fix this universally for all users (by changing the default settings) in EMC > Organization configuration > hub transport.  On the Remote Domains tab, right click on Default and choose Properties.  Click on the message format tab and choose "Never use"

Friday, October 2, 2009

"Trust relationship between this workstation & primary domain failed" on network machines

I've seen a couple machines where when you try to log in and it says "Trust relationship between this workstation & primary domain failed." All you need to do is remove the computer from the domain and re-add it.

A couple different options:
1) disconnect the machine from the network and log in with a domain account (since you aren't talking to the server and you're using cached credentials, the trust relationship with the server is irrelevant)
2) log on as a local user

I spent a bunch of time trying to find a valid username and password of a local user today, but ended up going with option 1 after it occurred to me.

Wednesday, September 30, 2009

hard drive recovery software

I had a bad hard drive that didn't have a current backup, so I got a local repair ship to recover the data. I had tried to recover the data myself with one of those USB 2.0 to IDE/SATA devices, but Windows could see the drive, but not pull any data from it or see the file structure. It just wanted to reformat the disk.

The shop was able to recover the data, and they used File Scavenger and Disk Recoup made by Quetek here:


Good to note for future failed hard drives.

Tuesday, September 29, 2009

EXE files disassciated

Today, after running the anti-malware program here:


I'm not sure if was the malware itself, Windows Police Pro, or the fix - but afterward, no EXE files would run. Not Word, not regedit, not Windows XP SP 3. I fixed it with this:


removing fake alert malware

Found some good resources for removing some of the fake alert malware out there.



Who knows why Symantec, McAfee, and Avast are so far behind the ball on dealing with these fake alert things - but at least there's an automated option out there.

Even if there is a new piece of fake alert malware out there, I generally have good success trying a system restore first and then if not (usually because it deleted all the restore points) then you can usually go into safe mode and delete the registry keys, EXEs, DLLs, and stuff.

Sunday, September 13, 2009

scan to folder on Konica Minolta Bizhub series

Here's how to set up scanning to a folder on a Konica Minolta Bishub machine.

Go to the IP in either Firefox or IE (does not work in Chrome). It might go straight to a web interface. If so, hit log out. Then log in as administrator. The password is 12345678 (by default).

Then go to the store address tab.

Click Edit or New Registration and put in info as shown here . . . (this assumes you want to scan straight to a certain folder for each user and name the button for each user's folder). Note that the filepath begins with the share name and does not use the UNC path or the server name in it. For username and password, you can use the user's username and password or you can create a unique one just for the copier in AD.

Wednesday, September 9, 2009

Fix My Network Wizard in SBS 2008

The "Fix My Network" wizard in SBS 2008 is pretty well received. I used it when I built and SBS 2008 box alongside an older Windows 2000 box. The old Windows 2000 box was in charge of DHCP, so the SBS 2008 box wouldn't start or run DHCP server. I took that old DHCP server out of service, and I ran the Fix My Network wizard and it saw the issue and addressed it. More info here:

Monday, September 7, 2009

creating shared printers on SBS 2008

SBS 2008 is 64 bit, of course. So it needs to 64 bit printer drivers. But obviously, you need 32 bit printer drivers associated with the shared printer when installing them for 32 bit clients.

Apparently, that can't be done from the SBS box itself.

Instead, log on to any 32 bit machine as a domain administrator, go to \\servername and the go to printers and faxes (don't go to the printer shares you see there - go to the folder where printers are stored). Highlight the printer you want to add the 32 bit driver for and choose file -> Server Properties. Click Drivers and then Add. It's pretty self explanatory from there.

More info here:

Another option - which I have found easier and more effective . . .
Log on to a workstation as an admin with the opposite type of OS (with a 64 bit OS, log on to a 32 bit workstation or with a 32 bit OS, log on to a 64 bit workstation).
Download the driver and install it on the network printer.
Go to the printer properties.
Go to the sharing tab and click on additional drivers.
Check the box for the appropriate type of OS and it will upload your newly installed drivers to the server.

Friday, September 4, 2009

setting up BIS with OWA

Of course BIS can be set up to use POP or IMAP to retrieve mail from a mail server, but up until today, I had never successfully set up the option to use Outlook Web Access settings. You can set up BIS from either the 'email settings' application on the BB itself or from one of the web portals like:

But if you choose work email when presented personal or work account, you can enter your OWA settings there. Here are setting that work for this process:

enter the following info:

(of note, sometimes, you may need to use https://mail.domainname.com/exchange/MAILBOXNAME/inbox)


**your password**

your email address


Here's a screen shot of one that worked normally:

Wednesday, September 2, 2009

SBS 2008 backups limited to volumes 2 TB in size

In setting up an SBS 2008 box today, I was creating the backup routine - and got the error message "cannot configure backup schedule" - when creating the backup routine in the Windows SBS Console.

Long story short, apparently - there can be trouble if you have a Win32 formatted disk on your server. You can fix that with "convert d: /FS:NTFS" However, apparently, that error only exists when you use the SBS Console. If you use Windows Server Backup Console, you can back up Win32 formatted volumes.

But that wasn't my problem today. I got that error above, but when I ran the Windows Server Backup Console, it told me that my volumes had to be 2 TB minus 4 GB. Apparently, this is a universal limitation, not related to the fact that I have two 2 TB WD external HDs as backup for the server. But I had a 3.3 TB partition that came from the Dell factory.

So the solution was to use resize the partition, which was super easy. Go to disk management, right click on the drive that is too large and choose shrink volume. It'll let you reduce the size of the partition and allocate the space you got rid of as unallocated space and you can just create a new partition.

Tuesday, September 1, 2009

options for syncing Exchange public folders with mailbox folders

Mobile mobile email devices pretty much only sync with a mailbox's default calendar and contacts, which makes it difficult if you want to sync with public folders. Here are some options I found for syncing public folders with mailbox folders:

Monday, August 31, 2009

using group policy to make office 2007 programs save with office 2003 formats

By default Office 2007 programs save in the new Office 2007 format, which several years after its release is still a problem for clients/users who haven't installed the Office 2007 Compatibility Pack for the older Office programs.

So for years I've been manually setting up each program to save in the old format each time I logged into a laptop as a new user. Here's the method for using group policy to make office 2007 programs save with office 2003 formats:

open Group Policy Management
Expand the forest
expand domains
expand your domain
right click on default domain policy and click edit
right click on administrative templates and choose add/remove templates
add the templates that you downloaded and unzipped from here:
alter the save settings as necessary there in group policy

if necessary run gpupdate /force on the client machines

Friday, August 28, 2009

getting "access denied" when adding printers to Windows 2008 SBS

Mark this up as the dumbest thing I've seen in a while.

If you log in as an admin on a Windows 2008 SBS box and add a printer, you get an access denied. It looks like this:

Instead of clicking "add printer" - which is available to you - you HAVE TO right click in the open space in the printer window and choose run as administrator -> add printer. What a joke. So stupid.

XP downgrade process for Thinkpad T61

The ThinkPad T61 downgrade process isn't entirely clear, but here's the easy way to do it . . .

In my case, I received 8 CDs from Lenovo/IBM. Six were labeled as recovery CDs, one a supplemental CD, and one was a "rescue and recovery" CD.

I was able to do the downgrade from Vista to XP by this process:

Put in rescue and recovery CD (not disc 1 of 6)
Hold down F12 on bootup (this gets you the boot options screen)
Boot to the CD
From the rescue and recovery manu, choose "restore your system"
choose "restore my hard drive to the original factory state"
choose "I do not want to save any files"
Choose all the obvious options

It'll ask for each of your six CDs, and that's it. It takes forever, but it works.

instructions for sharing a calendar and viewing a shared calendar in Outlook (on an Exchange server)

For an employee to see another employee’s calendar the person sharing the calendar must set up permissions on his/her calendar. Then the person viewing the calendar must configure his/her Outlook to view the other employee’s calendar.

To share your calendar:

1. View your calendar, and on the Navigation Pane, under the Calendar folder, click Share My Calendar.

2. Next, add the name of the person you want to share with, and set permissions. Permission levels that you would be likely to use for calendar sharing include:

Reviewer—Can read calendar entries but cannot create, modify, or delete them.
Author—Can read or create calendar entries, and can modify or delete only entries that the author has created.
Editor—Can read, create, modify, or delete all calendar entries, whether or not the editor has created them.

To view another person’s calendar:

When viewing your calendar, you'll see a link in that pane called Open a Shared Calendar. To open the shared calendar, you would click this link, click the Name button, and select or type the name for the person sharing with you. Right away, you'll see the name listed under Other Calendars.

Thursday, August 27, 2009

Office 2007 Classic Menu Add-on

Here's an interesting free option I came across for adding the traditional menus to Office 2007.

storing product key in Office installation files

If storing the Office installation files on a network share - and using an open license for all your installs, it's prudent to store the product key in the install files so you don't have to enter it each time.

In Office 2003, it was stored in setup.ini - but in Office 2007, it's stored in config.xml in either a Enterprise.WW/ Standard.WW/ Pro.WW or ProPlus.WW folder - based on what version you're installing.

More info here:

mail enabled external contacts in SBS 2008

Adding mail enabled contacts in SBS 2008 is not the same than SBS 2003.

Here is the process in 2008:

Open Exchange Management Console.
Expand receipient configuration
Click Mail Contact
On the right click new mail contact

Tuesday, August 25, 2009

setting up shadow copy of folders to enable previous versions for users

One thing added to Windows 2003 was "previous versions" which allows users to retrieve old copies of files on network shares that they had deleted or saved over. In the old days, you had to go to backup (and still do if you haven't set up shadow copies on your network shares - which is not done by default).

Here's a good page on enabling shadow copies on network:

Monday, August 24, 2009

removing hard drive from Sony Vaio VGN-SZ series

Twice in the last month I've had to remove the hard drive from a Sony VGN-SZ series laptop. The user guide doesn't help, but this web site does - it's beneath the keyboard which is relatively tough to get to.

Saturday, August 22, 2009

creating new profile for existing user on Vista

Every now and then you want to create a new profile in Vista if the original has become corrupt or you feel it has become problematic. In XP, you just had to rename the folder with the user's name in c:\documents and settings.

With Vista, you also need to alter a registry record. You'll need to alter one of the S-15 entries from here:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

One of the folders there will be for the user profile in question. You need to reboot after making the registry changes.

Friday, August 21, 2009

removing metadata from Office documents

Metadata is information stored inside an Office document about the document's history. It includes data like who edited the document and for how long. It includes old file names, paths, and accepted track changes. You can see this metadata by clicking File -> Properties in Word 2003 or 2002. For a number of reasons, people like to remove metadata before sending files to clients - especially in the legal setting.

There are a number of pay tools that can remove metadata (you can just google metadata removal) in bulk from files, but Microsoft has a tool that can remove metadata from one file at a time. The Microsoft tool is free. You can obtain the free tool here:


Run the file your download and it will install an add-in to your Office programs. Here are Microsoft's instructions on using the tool:


After you install the Remove Hidden Data add-in, open the document you want to review then, on the File menu, click Remove Hidden Data.

Note: If you do not see the Remove Hidden Data command on the File menu, check the following:

1. On the Tools menu, point to Options, and then click the Security tab. 2. Under Macro Security, click Macro Security.
3. Click the Trusted Publishers tab.
4. Select the Trust all installed add-ins and templates check box, and then click OK twice.

Tuesday, August 18, 2009

fixing zip associations in Vista

I had a computer where the zip file got associated with some program other than the compressed file and folder thing. But I wanted it associated it back.

I found these good instructions:

which asked me to run this from a command prompt with admin privilages:
assoc .zip=CompressedFolder

but it didn't work, and then that link led me to these registry fixes, which did work.

Thursday, August 6, 2009

Thursday, July 9, 2009

Custom IMF weighting

IMF (Intelligent Message Filter) has its flaws, but it's free. Instead of rewriting all the steps, here is an excellent guide on IMF custom weighting:

Of note - it's possible I've never done this right until today, when I saw that you need to do this to make custom weighting work properly:

regsvr32 Drive_letter:\Program Files\Exchsrvr\bin\MSCFV2\MSExchange.UceContentFilter.dll

Also - it's CRUCIAL that you save the XML file as type Unicode and not ANSI. Afterward, restart the SMTP service.

Wednesday, July 8, 2009

Symantec Endpoint Protection LiveUpdate fails

I had an unmanaged SEP install that failed to update itself - even after I uninstalled and resintalled.

Turned out the answer was to update from LiveUpdate 3.3 to LiveUpdate 3.5 via this link:

Monday, July 6, 2009

SBS 2003 licenses disappear after reboot

A couple times, I have seen SBS 2003 licenses disappear after a reboot. You're only left with the original 5 licenses. The consensus seems to be that antivirus scanning the licensing files is the cause. However, in this case, the license files were already immune from scanning. Anyway, here is a way to fix this issue:

1. Look for licstr.cpa & Autolicstr.cpa files under c:\windows\system32 folder.
2. Exclude these two files from being scanned by Anti Virus.
3. Make a backup copy of both the files on a different folder.
4. Delete licstr.cpa from c:\windows\system32 folder.
5. Rename autolicstr.cpa file to licstr.cpa.
6. Restart the Licensing Service.
7. Goto Server Management Console -> Licensing & you will have the actual no. of CALS.

Wednesday, June 24, 2009

why am I getting spam from myself, do I have a virus?

Sometimes, you may see spam where the sender's address is your own. 99.9% of the time, this email did not come from you - but a spammer forging (also known as spoofing) your address. Forging/spoofing is popular among spammers because it can be difficult for some spam filters to deal with.

Unfortunately, email is insecure and very exploitable. The standard for email was designed in the late 60s and early 70s, long before spam and other types of abuse existed or were even thought of. Today, we live with the repercussions of the insecurity and exploitability of the original designs of the email standard. We can't fix the holes/problems without redesigning the email standard and necessarily upgrading every email server on the internet at the same time. It's a monumental and impossible task to upgrade every server at the same time, so we live with the problems.

So what can we do about emails with forged/spoofed senders? The short answer is to upgrade spam filters with those that are capable discering between spoofed and non-spoofed emails. Typically, these filters rely on SPF - but we'll never resolve this problem until SPF becomes required or the standard is redesigned. I'm not holding my breath for that.

Monday, June 15, 2009

steps on creating a new user

1) create user account (and if necessary, mail account if done separately)
2) adjust user profile script and home folder, if necessary
3) put user on appropriate distribution lists
4) log into computer as user
5) confirm drives mapped correctly
6) set up Outlook with appropriate archiving
7) add Bcc to view when composing new message
8) set up printers or confirm printers mapped correctly
9) make sure user has appropriate local permissions on computer (admin or standard/restricted)
10) confirm computer has latest updates/patches for OS and Office
11) confirm antivirus is up to date
12) configure default printer
13) configure VPN if needed
14) leave intro sheet for new user

Tuesday, June 9, 2009

dealing with Dell Control Point

On Dell's E series of Latitude laptops, Dell Control Point is installed.  It's designed to manage network connections and power settings.  Unfortunately, it blows.  When setting up an E series laptop yesterday, I found connecting to WLAN and WWAN networks more complex using DCP than traditional means.  And they were the only means of controlling WLAN and WWAN connections.

Here's what I did:

I uninstalled Dell Control Point.  

The laptop had a Verizon 5720 WWAN card in it.  Listed in the downloads for that model of laptop in the communications category was a driver for it - and it included a program for connecting it.

For the Intel WLAN card, I had to go to the downloads section and download a driver for that, too - which of course included the stupid Intel utility, which we know how to disable from here.  But as stupid as it was, the Intel driver was already on the laptop (just not the Intel utility and the Windows utility was telling me that another program was controlling it - so I decided to install the Intel utility to tell it to have Windows control the WLAN card).  And the Dell driver I downloaded was older than the driver already on the laptop.  So I had to go to the Intel site to download the driver - and then I was able to download it and then set it to have Windows manage the WIFI.  

That's how I got rid of Dell Control Point.

Monday, June 1, 2009

How to use Windows to manage Wi-Fi instead of Dell utility

If you have a Dell wireless adapter, it may be that the Dell wireless utility is controlling which wireless networks.  I always prefer the Windows utility.  Here is how you change that.

Double click on the icon below:

Then uncheck the box next to "let this tool manage your wireless networks."

How to use Windows to manage Wi-Fi instead of Intel utility

If you have an Intel wireless adapter, it may be that the Intel wireless utility is controlling which wireless networks.  I always prefer the Windows utility.  Here is how you change that.

Double click on the icon below

Then choose Advanced -> Use Windows to Manage WiFi.

Monday, May 18, 2009

thoughts on attachment sizing

Email attachments cannot be of infinite size.  Different servers have different limits - but here is my general rule of thumb on attachment sizing:

Never send anything larger than 10 MB.
Only send things larger than 5 MB if you absolutely have to.
Most attachments should be 3 MB or less.
Large files should be sent using FTP or a service like yousendit

Saturday, May 16, 2009

SEP problems on SBS 2003

An associate recommended that I use Symantec Endpoint Protection on by SBS 2003 box as local file anti-virus.  I have done this successfully on a couple servers.  On one particular network, I have an Windows Server 2003 R2 box that hosts the Management Console, and I tried installing the SEP on the SBS box.  I first tried it using the unmanaged version of SEP on the SBS box.  The SBS box froze every time I rebooted it, and I had to cold boot it.  I figured it was that it was the unmanaged part that was the problem.  So today I tried to install it using the managed version.  Same problem.  And unfortunately, I didn't document how I uninstalled SEP.

The server freezes during a standard boot, so that doesn't work.  You can't uninstall it in safe mode (you can get to safe mode via F8 during the bootup process just like any regular Windows machine) becuase the installer service isn't running.

In essence, I went into safe mode, went into msconfig and went into the service tab and removed the Symantec options and rebooted.  Then you can go in regular mode and uninstall SEP.  I presume that will work - what I actually did was go into safe mode and go to msconfig and go into diagnostic startup and then enable all Microsoft services.  This sounds easy and logical, but took several hours of troubleshooting.

Tuesday, April 21, 2009

VPN set up on a Macintosh

These instructions for setting up a VPN on a Mac work for Tiger and Leopard.  I can't verify for other OSes yet:

Click on the WLAN (wireless LAN) indicator (near the upper right hand corner).
Click on Open Network Preferences
Click on the + near the lower left hand corner of the Network window that appears
For interface, choose VPN
For VPN type, put PPTP
For service name, put **Company Name** VPN
Click Create
For server address, put **FQDN of VPN server**
For account name, put your login name (i.e. john or jsmith depending on your company's policy)
For encryption, leave it at Automatic
Click Authentication and put in your password
Click Connect

And then it should connect.

Monday, April 20, 2009

electrical in other countries

I found this great resource for the types of plugs and voltages around the world - helpful when traveling:

Thursday, April 2, 2009

Live OneCare for computer optimization

I've always looked for easy wasy to optimize systems.  Usually, it just consisted of removing unnecessary items from msconfig.

But when researching the conficker worm, I came across Live OneCare's virus scanner which also does some registry optmization, which I will incorporate into my computer optimization routines.

The Live OneCare routine needs to be run out of IE and is located here:

Sunday, March 29, 2009

Receovery Storage Group cannot be removed - says users are using mailbox store

If you do a mailbox restore and use a recovery storage group, and then add users subsequently, for some reason - they are stored in the recovery storage group and not the primary information store.  And then that means you can't delete the recovery storage group because it says:

One or more users currently use this mailbox store. These users must be moved to a different mailbox store or be mail disabled before deleting this store.

ID no: c1034a7f
Exchange System Manager

To fix that, follow step 3 of the MS KB:

Friday, March 20, 2009

emailing a cab file to a Windows Mobile

Not hard at all - but it took me a while to figure out when IE was not working on a Windows Mobile phone that needed the DST update.  The phone did have activesync set up and configured, so I sent I downloaded the cab file on my laptop - sent the cab file to the phone.  Then on the phone, I had to save the file (by pressing and holding on the attachment itself) and then save it to device somewhere.  You can't run a cab file directly from email.

Then I could navigate to the file using file explorer or whatever and run it.

Wednesday, March 4, 2009

Blackberry troubleshooting with SQL issues

Today, I dealt with an issue where I ended up rebuilding my entire Blackberry Professional Express server on an SBS 2003 box.  Here is my nightmare and what I did to address it.

First, I had an existing user that got a new Blackberry.  I deleted the user from Blackberry Manager, as I had done many times before.  But this time, I could not add him bacl.  It kept telling me "User 'username' is in delete pending state on server 'servername', please recover the user before adding user to server"

As far as I can tell, there is no option to recover a user in Blackberry Professional, only in Blackberry Enterprise.  So then I read about options to delete the user from the SQL database.  I saw this for MDSE:

And I was advised to do this in SQL Express 2005:
Log on as your besadmin account and select Windows trust authentication.
Open table "dbo.UserConfig" and delete the entry where appear your old BlackBerry user.

But that didn't help either.  But somehow when I was in SQL Express in the appropriate database for the Blackberry, something got corrupted and now none of my Blackberries were working.  

To make a long story short - what I eventually did was redownload and reinstall the Blackberry Professional Express software, create a new SQL instance, and install it there.  The steps needed an SBS box are documented here and here.

Tuesday, March 3, 2009

Necessary steps in setting up a new computer

new computer setup

1) install drivers (if reformatting)
2) uninstall unnecessary programs (primarily Bing toolbar, pre-installed AV, pre-installed Office trials)
3) configure for Microsoft updates and install updates
4) connect to domain, naming computer appropriately
5) install Office
6) install updates again
7) install AV
8) configure Outlook
9) configure Outlook archiving
10) configure backup
11) set up printers
12) install miscellaneous programs - PDF995, WWAN software, Acrobat Reader/writer, NitroPDF
13) configure computer so that domain users are a member of the local administrators group
14) add/remove appropriate icons from desktop
15) copy data as necessary from previous computer - desktop, my docs, bookmarks, Outlook Address book
16) set up VPN
17) enable necessary remote access - TightVNC, remote desktop, Bomgar jumpoint, etc
18) install applicable IM client (Skype, Google Talk, etc)
19) if possible, disable WLAN card when wired connection is detected (definitely available for Dell branded WLAN cards)

Saturday, February 28, 2009

low free space on C drive of SBS box

After troubleshooting SBS boxes with low space on the C drive, I have found three good places to look for freeing up space.

1) Look in C:\WINDOWS\system32\LogFiles\W3SVC1 for unneeded/old log files
2) move the windows search index files. Go to the control panel and in the "indexing options" applet, click on advanced, and change the index location. After finishing, restart the search service. This saved me a full 1 GB on an SBS 2003 machine.
3) move the ISA tracing log files using this method - http://davehope.co.uk/Blog/move-isa-tracing-location/

Monday, February 23, 2009

troubleshooting STOP error messages

I found this helpful page on troubleshooting STOP error messages:

Saturday, February 21, 2009

Quickbooks printing in Vista x64

Helpul article on setting up Quickbooks as needed in Vista x64 - particularly working with PDFs.

Tuesday, February 17, 2009

setting up a gmail IMAP account in Outlook 2007

Found this blog post about setting up gmail in Outlook 2007.  It's pretty straight forward, but the part I found especially relevant to a problem I was having was setting Outlook to store sent items in the trash since gmail tracks its sent items on its own, and if you have Outlook put messages in the sent folder, there would be double messages there:

Thursday, February 12, 2009

adding an item as a resource in Exchange/Outlook

Here's a KB on adding a item (like a conference room) in Outlook/Exchange as a resource that users can invite to a meeting for scheduling purposes:

Sunday, February 1, 2009

running an offline defrag of an Exchange Server

An Exchange server runs an online defrag nightly to optimize space usage, but an offline will do a complete rebuild of the information store for more efficient use of space and full recovery of space of purged mailboxes.

In this case, I had the information store on the E drive, but the E drive did not have enough space to hold the offline defrag, so I had to redirect it to the U drive (an external USB drive attached for backup).

The command I ran was:
C:\Program Files\Exchsrvr\bin>eseutil /d /p "e:\exchsrvr\mdbdata\priv1.edb" /t"u:\defrag\defragged.edb"

This 43.5 GB information store (before the defrag) took 4.21 hours. The defrag brought the information store down to 34.5 GB.

NOTE - in the example above, the folder "defrag" must exist before running this file. It won't create it automatically. You'll get an error if it doens't exist.

Friday, January 30, 2009

Changing NIC metric to make sure network adapter priortity is in correct order

I wrote about changing the order of network adapters to give wired adapters priority here. But since then, I've found a couple computers that still make the wireless their priority even though you tell it to make the wired the preferred adapter for internet traffic. The solution to that issue is to alter the metric for the wireless adapter. Logically, this shouldn't create a problem as the wireless should only ever be used when the wired is non-operational.

Here is how (in XP):

Start -> Run -> ncpa.cpl

Right click on the wireless adapter -> properties

Internet Protocol -> Properties

Click Advanaced

Uncheck automatic metric and put a value of 50 for the metric. Interestingly, a value of 10 did not work in my test, but 1000 did and so did 50. So I use 50.

Friday, January 23, 2009

removing Sharepoint from an SBS box

Here is a Microsoft article on removing Sharepoint from and SBS box:


This was relevant to me in a certain situation where I was getting tons of STS_Config errors on a box where I had no desire or need for Sharepoint

order to install drivers on Dell machines

Found this small article on Dell's recommended order of installing drivers on their desktops and laptops:


Friday, January 2, 2009

checking hardware problems

On a computer I built, I was getting freezes and the ocassioanl blue screen that gave various memory issues.  My first course of troubleshooting was running memtest86:

After that came up clean, I tried this overclocking testing tool:

That test told me my processor was running so hot that I couldn't complete the test.  After that, I downloaded and ran CoreTemp to continuously check my processor temperature:

In the end, I added an aftermarket heatsink - but I thought it would be worth documenting what I used to troubleshoot what seemed like nonsensical problems.

Thursday, January 1, 2009

You must be a member of the Domain Admins, Schema Admins, and Enterprise Admins" error when you run the Windows Small Business Server 2003 Setup

During a build of Windows 2003 SBS where I was adding replacing an existing server, I got this error:

You must be a member of the Domain Admins, Schema Admins, and Enterprise Admins"

This comes from the fact the SBS server doesn't think it's the holder of the mater roles for the domain.  This knowledgebase article talks about how to address that problem: