Search This Blog

Thursday, 28 October 2010

Sage SBD SoftwareInstallation.UI.EXE 100% CPU

We had a Terminal server running Sage Line 50 2009 that was showing 100% CPU on a regular interval, task manager showed that the process Sage.SoftwareInstallation.UI.exe was taking the CPU time.

This process is part of the auto update to Sage Line 50 and should not be ran by a standard user, but this Sage application will do so as it is no strictly Terminal Server aware.

The way to stop this process running is to rename the EXE files and the associated DLLS that are stored in
C:\Program Files\Common Files\SageSBD


Thanks for for the information!

Tuesday, 26 October 2010

SBS 2008 Outlook Anywhere and Terminal Services Gateway

I have had a problem with a SBS 2008 Server where I needed to provide Outlook Anywhere and Terminal Services Gateway for users with one SSL Certificate FQDN.

I had the SSL Certificate enabled in Exchange 2007 and testing this I could access a mailbox from an Outlook client at a remote location. This was using a SSL Certificate from

The problem came when I enabled TS Gateway on the same server to publish an internal Windows 2008 Terminal Server. Everytime I tried to connect I would get asked for credentials and then once entered the process would repeat.

The problem stems from the fact that this is a SBS 2008 Server and TS gateway and Outlook Anywhere share the same IIS website and you have to make a few changes to enable both services.

In Exchange Management Console I changed Outlook Anywhere authentication to use NTLM from basic, this is because both TS Gateway and Outlook Anywhere cannot use the same authentication and by default Outlook Anywhere uses basic authentication and TS Gateway will use Windows Integrated Authentication.

If you mix the two you get this Event ID in the Application Log

Event 3003 MsExchange RPC over HTTP Autoconfig

The Outlook Anywhere authentication settings have been updated.

Old settings: Basic, Ntlm
New settings: Basic

This is because Exchange will change the authentication back to Basic only for the RPC virtual website in IIS when TS Gateway changes it to use Windows Integrated Authentication. If you wait 5 minutes then Exchange reverts the changes that the TS Gateway MMC makes and you cannot logon with TS Gateway.

The solution is to enabled NTLM authentication in Exchange Management Console for Outlook Anywhere and then in IIS under the RPC virtual site enabled Windows Authentication manually.

Now that you have NTLM for Outlook Anywhere, Exchange will not try to change the authentication for the RPC virtual site back to basic and the Windows Authentication setting remains and TS Gateway works as expected.

Sunday, 17 October 2010

Cisco 1841 EEM command not executing

I have a configuration on Cisco 1841 routers that perform a failover for dynamic NAT if one DSL circuit fails, using a IP SLA Track I have a ping set to a IP such as via one interface and if this ping drops then this calls an EEM applet to clear down the NAT translations and the secondary route for takes over and a route map handles the PAT for the clients.

Well the problem was that the failover was working correctly but when the EEM applet fired it did not clear the NAT translations, if I ran the command manually from EXEC mode then I could see the NAT translations rebuild on the failover DSL interface and the Internet was available to the clients again.

Digging around on the EEM I found a debug command to debug the EEM events

debug event manager action cli

Now when I tried my failover by administratively shutting down interface atm0/0/0.1 I could see the events occur in the logs. Now I could see clearly that the cli command starts in USER mode and hence cannot complete a EXEC mode command! All it needed was a new line to add enable to pass the cli command into EXEC mode. The EEM applet is below to show this

event manager applet failover
event track 1 state any
action 1.0 cli command "enable"
action 1.1 cli command "clear ip nat translation *"

By using enable and entering EXEC mode the command completes and the NAT translations are rebuilt in under three pings!

Friday, 8 October 2010

Move Public Folders when SSL Certificate has expired

I was migrating a Small Business Server 2003 Server to Small Business Server 2008 and during the Public Folders migration I found that the source server SSL Certificate had long expired. When I tried to move the replicas to the new Exchange Server the error "the received certificate has expired" was shown.

I check the certificate and it was expired by over a year and so the next step was to remove the SSL certificate from the Exchange Server as this had had all the mailboxes moved and was no longer a CAS. I removed the certificate in IIS and then noted when I tried to move the replicas that the error "the handle specified is invalid" was shown.

This is displayed because the Exadmin virtual website in IIS was set to use SSL on the Directory Security tab, I unchecked the boxes for Use SSL and Use 128bit Encryption and I was then able to use the ESM to move the replicas and migrate my Public Folders.

Saturday, 2 October 2010

SBS 2008 & Windows SharePoint Services 3 Search Event ID 2426 Error

I have found on a default SBS 2008 Server installation that an error will always appear in the Application Event Log for the Source Windows Sharepoint Services 3 Search.

Event ID 2424

The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application 'Search', Catalog 'index file on the search server Search'

The cause for this is described by Microsoft as

"You receive above warning events because WSS3.0 Search service is trying to crawl the WSS content via the URL –, which is mentioned in above event. Windows Server 2008 includes a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, Kerberos authentication on Default Content Access Account fails if this URL does not match the local computer name and is not registered in system as additional Service Principle Name (SPN)."

The resolve for this is to disable the Loopback Check in the Registry.



Restart the Sharepoint Services Search Service and the error will stop occurring.

Friday, 1 October 2010

Poor Terminal Server Performance and Event Log 11728

I have had several Terminal Servers that have displayed poor performance including CPU spikes, application faults and slow printing. All have shown the MSIEXEC event ID 11728 in the Event Log. This is related to a HP Printer Driver that causes a fault if the user is a non admin, which will be all your Terminal Server Users!

HP do have an official line on this below.

HP UPD/Discrete LaserJet Driver - Microsoft Windows Event Viewer (Application) Message "HP CIO Components Installer" - hpzbdi32.msi / hpzbdi64.msi / hpzbdi.dll
Several reports of HP Bidirectional Channel components (hpzbdi32.msi /hpzbdi.dll , or hpzbdi64.msi /hpzbdi.dll ) could be the potential cause of various performance-related issues within standalone print servers, Microsoft Windows Cluster Server, Citrix, and/or Terminal Server environments, resulting in delays during driver installation, intermittent print spooler crashes, performance issues, CPU spikes, and so forth. CIO MSI does not get installed if a user with non-admin rights attempts to install the driver. The driver will attempt to install the MSI multiple times (five times, with an interval of two minutes between each try) without checking the access permission. This multiple execution causes a delay with the installation, and will launch multiple instances of the MSI installer, which can contribute to the cause of poor performance on the server.
The Microsoft Windows Event log (Application) will usually indicate a reference to: 32 Bit HP CIO Components Installer or a 64 Bit HP CIO Components Installer Product Version: X.X.X. Product Language: XXXX .
This issue may manifest itself with the discrete PCL 6, PCL 5, and Postscript drivers, which are bundled with hpzbdiXX.msi /.dll components. As hpzbdi is considered a legacy bi-directional component, there will not be any further updates or developments to this component. The workarounds that follow have been reported to resolve the majority of issues concerning hpzbdi.msi /.dll reports.
Product/Driver Packages Affected:
The following products have hpzbdi components installed as part of their driver package, and would qualify for the following workarounds:
• HP LaserJet 4250/4350 Printer Series
• HP LaserJet 9040/9050 Printer Series
• HP LaserJet 5200 Printer Series
• HP LaserJet P3005 Printer Series
The latest versions of hpzbdi.dll , which are not publically available at, and can only be procured by contacting HP Support, are as follows:
• 32-Bit: hpzbdi.dll (
• 64-Bit: hpzbdi.dll (
When the driver components are installed, the hpzbdi components are installed to the following paths by default:
• 32-Bit: C:\WINDOWS\system32\spool\drivers\w32x86\3
• 64-Bit: C:\WINDOWS\system32\spool\drivers\x64\3
NOTE: The hpzbdi files may also reside in additional folders named hewlett_packardhp_xxxxxx within the w32x86/x64 directories. It is not necessary to make changes to the hpzbdi files located in these directories, per the workaround instructions that follow.
Recommended Solution:
It is recommended to perform a clean installation/upgrade to the HP Universal Print Driver version 4.7.2, as it resolves the issue reported in this document. It should be noted that the HP Universal Print Driver PCL 6, PCL 5, and Postscript version 4.7.2 are not available at Although this is a fully Microsoft certified driver, which has been through the Microsoft Windows Hardware Quality Labs (WHQL) certification, it is only available from HP Support.
NOTE: Click here to review additional information related to UPD installation/migration at
It is possible a UPD upgrade to version 4.7.2 is not a viable option, due to logistics beyond the immediate control of the customer. Should this be the case, alternative steps can be taken to address this issue.
Workaround #1:
Zero-byte the MSI Installer Package, which will eliminate the symptomatic behaviors of the issue noted in this document. Complete the following steps:
1. Open Notepad and save the file as hpzbdi32.msi or hpzbdi64.msi . This zero-byte file will not contain any data.
2. Navigate to the %WINDOWS%\system32\spool\drivers\w32x86 (32-bit operating system) or %WINDOWS%\system32\spool\drivers\x64\3 (64-bit operating system) directory, and locate the hpzbdi32.msi or hpzbdi64.msi file. Rename the file to hpzbdi32.old or hpzbdi64.old .
3. Copy and paste the newly created zero-byte file named hpzbdi32.msi or hpzbdi64.msi into the %WINDOWS%\system32\spool\drivers\w32x86 or x64\3 directory.
4. Verify functionality.
NOTE: Depending on configuration, it may be necessary to stop the spooler, perform the steps noted, and then restart the spooler.
Workaround #2:
Complete the following steps:
1. Working with HP Support, obtain the hpzbdi hotfix , which contains either the 32-bit: hpzbdi.dll version and/or 64-bit: hpzbdi.dll version
2. Navigate to the %windows%\system32\spool\drivers\w32x86\3 directory for 32-bit operating systems, and rename hpzbdi.dll to hpzbdi.old .
3. Copy and paste the hpzbdi.dll version hotfix to this working directory.
NOTE: For 64-bit systems, navigate to %windows%\system32\spool\drivers\x64\3 . For step 3 copy and paste the hpzbdi.dll version hotfix to this working directory.
4. Verify functionality.
NOTE: Depending on configuration, it may be necessary to stop the spooler, perform the steps noted, and then restart the spooler.
How to Obtain Support for this Issue:
Customers: If you require the hpzbdi hotfix , as outlined in this document, please contact 1-800-HPINVENT and report the issue to the HP Support agent. Request the hpzbdi hotfix and refer to this document.
HP Support: If an HP customer contacts you to report this issue, and to request the hpzbdi hotfix , please contact your Resource team for immediate consultative action.