Search This Blog

Wednesday 28 December 2011

Take Ownership of the Sharepoint Database in SBS 2008

Assigning ownership of the SBS 2008 Sharepoint WSS 3.0 Databases when you are not able to access the properties of the WSS 3.0 Databases in SQL Server Studio Express

Run the SQL Server Studio Express as Admin

media_1325101146833.png

Elevate your privileges when you run the application or you will not be able to connect to the databases.

Use the Named Pipes String

media_1325101179028.png

The Sharepoint Database instance uses a named pipes name instead of the usual database instance so make sure you enter this correctly.

The error that is the reason for all this

media_1325101354784.png

Here is the problem, I am logged on to my SBS Server as my custom administrator account I used for my migration from SBS 2003. However this account does not have rights to the database by default, in fact no account does, the database has an owner that is NULL. This means we need to assign an owner to the database to be able to see the properties of the database. The Administrator account in SBS 2008 is disabled by default and we need to reenable this and then logon to the SBS 2008 console as this account so we can assign a database owner.

Change the database owner

media_1325101538913.png

Once you have logged onto the SBS 2008 console as the Administrator and you have opened SQL Server Studio Express you can use this query to change the database owner. First you need to find the name of the Sharepoint Config database, it has a name in the convention Sharepoint_Config_*********

Use the command as shown above to select the database and then run the sp_changedbowner to change the owner to our Administrator account.

Check the ownership

media_1325101577942.png

Once the change ownership command is executed you can test the change with the query sp_helpdb Sharepoint_Config_********

Access Database Properties

media_1325101627890.png

Now you are able to access the properties of the database!

Friday 23 December 2011

"Operations are in progress, please wait" on Windows 2008/R2 shutdown or restart

We have had for sometime problems when rebooting certain Windows 2008/R2 Servers, they are scheduled for a reboot and then overnight this error is displayed on the console when the server tries to shutdown.  This message is a Windows System Message that is designed to inform you that a task is waiting completion and Windows will not shutdown until it is complete.  This is by design and to avoid data corruption by the shutdown process.

This is outlined in this KB from Acronis http://bit.ly/s5jUba

However there is a problem with this, one is that if you want the server to reboot at 4am and be ready for people the next day and Acronis for example takes until 7am to complete its task, then what is the first thing it does at 7:01am.  It reboots.  Now this is outside your window for a reboot and you get unexpected results and upset users.

Secondly, if the server is a Terminal Server or Remote Desktop Server, then the shutdown process starting stops access to the server via RDP, therefore blocking all your users until the task is complete.

So ultimately this function stops data corruption in your backup but just about renders the server redundant until you discover it is in this state.  If you use MSP tools like GFI RM as we do this will not show as offline as the client can communicate using HTTPS, LogMeIn also shows online for the same reason so it is quite hard to spot until your customer calls you up!

I appreciate the sentiment Acronis but you know what, it would be better to cancel the backup due to the shutdown than to leave a server in this position, because you cannot access the console to stop the process or interact with it you have no choice but to get iLO out or LogMeIn and hard reset, which naturally risks data more than the original backup being cancelled would have.


Monday 19 December 2011

Schedule a CHKDSK on Windows XP

OK so we shouldn't really be using Windows XP but we are so we have to live with it!  Often XP will need a CHKDSK, more often that it should.  So how do you run this on a schedule for the C: partition if it needs you to confirm that the partition is locked?  Well its actually really simple but doesn't always jump to mind.

echo y | chkdsk c: /r
Using ECHO you can send the Y to the command and then schedule this using AT or Task Scheduler.

Friday 16 December 2011

Outlook 2007 shows as Disconnected with working Exchange Server

Sometimes and Outlook 2007 Client will go into a Disconnected state, the Exchange Server is working and you can connect as other users and connect via Outlook Web Access but your MAPI client just will not connect. Often this is because the user has multiple connections or sessions to the Exchange Server and has gone over the default limit of 32 sessions.

Check the Exchange Server Event Logs

media_1324039999909.png
You should see in the application log of your Exchange Server the following Event Log IS 9646. This is the message that explains that the session limit has been reached.

Microsoft KB Article

media_1324040069354.png
Microsoft has a KB Article on this exact issue here - http://support.microsoft.com/kb/830836

Edit the Registry to increase the session limit

media_1324040113715.png
Run Regedit on your Exchange Server and browse to the key shown.

Increase the Session Limit

media_1324040135843.png
Increase the session limit to 500 as this will allow for multiple MAPI, IMAP and other sessions that a user may need. Once this is done you will need to restart the Information Store Service to see the effect for the users Outlook Client.

Wednesday 14 December 2011

Exchange 2007/2010 - There is not valid SMTP Transport Layer Security (TLS) Certificate

Event Log ID 12016 is displayed in the Application Log for the MSExchangeTransport Source

Event Log Error

media_1323852410980.png

The SSL Certificate used for SMTP has expired and the event log error 12016 is logged.

Show Exchange Certificates

media_1323852456267.png

Run the EMS command Get-ExchangeCertificate to show the current certificates and the associated Services, in this case we can see two Thumbprints associated with the Service SMTP (S). Once of these has expired so we need to see which one.

Output Certificate Details to a text file

media_1323852637450.png

Use the command Get-ExchangeCertificate | fl| out-file -FilePath C:\certs.txt to export the full details to a text file.

Expired Certificate

media_1323852682298.png

Look through the text file for the certificate that has expired, in this case we can see the certificate has expired and has an Invalid Date.

Valid Certificate

media_1323852750566.png

Look through the text file for the certificate that is valid and make a copy of the Thumbprint.

Enable the Valid Certificate for use with SMTP

media_1323852870588.png

Use the command Enable-ExchangeCertificate - Thumbprint thumbprint -Services "SMTP" to enable the valid certificate

Remove the expired Certificate

media_1323852932439.png

Use the Remove-ExchangeCertificate -Thumbprint thumbprint to remove the expired certificate

Confirm the change

media_1323852950572.png

Use the Get-ExchangeCertificate command to confirm you now have the correct valid certificate associated to the SMTP Service. Restart the Exchange Transport Service to complete the change.

Tuesday 22 November 2011

Google Apps & Office 365: the future for SMB email?

I have asked this many times in the last few years, will Google Apps or Office 365 take over from Exchange Server for most Small to Medium business?

Well if you define an SMB as under 250 users which is Googles delimiter then I think it may make a significant impact. People like a simple life, we rarely ask for extra complexity in anything we do, would you buy a car and ask for the most complicated controls or the one that is simple and easy to find the air con and sat nav?

So I see people wanting simple, what's more simple than a service that costs a flat fee per month with no contract and no hardware outlay. Well, perhaps that is right, SaaS is simple and all you need is a browser and away you go.

But is this the full story? In the last three years I have seen computer hardware become something so reliable we don't really think about it anymore. OK so we get techs to set them up and to install all our apps, but they don't go wrong as much anymore, it's just the software that causes us hassle now.

So if we move to Google Apps surely all our problems go away?

Yes and no, I see users able to work anywhere, on any device, SaaS enables this and I do it myself. I use my iPad as much as my laptop running Windows 7 as I do my iPhone.

I use Basecamp, Zendesk, Highrise, Sharepoint, Log Me In and GFI RM. I love my SaaS applications but I still have to manage my data and what I do with it.

I cannot do all my job on a tablet, it just doesn't suit some work, I would not want to prepare a Visio diagram on it, nor would I want to write a full IT audit on it either. I need my laptop for some work and I still need Windows, it's familiar and I know it well. When I just need to work, I need something I know I can use and that's why Windows is going to be here for a while yet.

So what's this got to do with your posts title? Well, what I mean is that just because someone moves to SaaS does not mean the problems of IT go away, users need help, printers jam, emails get missed, files are overwritten by accident. IT support goes on.

What is important is how you show this value in your role as an MSP to your customers. If you fear SaaS and dismiss it, the bottom liners will win and move away from your on premise world of servers and save £££ by buying Googles dream.

When they want to migrate Outlook to Gmail then who helps? When user need help with Gmail because they spent 10 years with Outlook and now are lost, who can they turn to?

You, the Google apps experts! Because you know Gmail your HelpDesk is invaluable. You show the customer value and because you can help them migrate from Outlook you make the SaaS dream work. Without you the dream fails to deliver.

It doesn't matter where technology goes, it will always need experts who understand how it works and how to use it to benefit a business. This is what MSPs need to be doing.

I have been providing business intelligence to my customers for many years now, I understand all the
aspects of what they do and how they do it.

If you break fix and are just another supplier then Google Apps et al will take your customers from you. If you know your customers true needs you will find healthy and happy future for the MSP.

Exchange Powershell - Count Mailboxes

Need to count the mailboxes on a Exchange 2007/2010 Server

Get-MailboxStatistics | Measure-Object

Monday 21 November 2011

If you need to move your WSUS content you can do so with the wsusutil.exe tool from the Update Services installation folder.  However you may find a little gotcha when you try to move the files, the error

Fatal error: unable to access the log path because of the following error: Access is denied
Well the issue is not always the permissions but actually a bit of semantics.  The command for the move is

wsusuitl movecontent E:\myPath E:\myLog
What the syntax does not say is that you have to specify the logfile name and not just the location, the file will not be created for you.  You must specify the extension .log

Its an easy gotcha to fall for and it had me for over 20 minutes before I sussed it!

Monday 14 November 2011

BES Express 5.0.3 & SBS 2011 Dispatcher Service will not start

I had one of our team install BES Express 5.0.3 onto a Small Business Server 2011 so that we could support all of five Blackberry users, so this should have been straight forward.  Well as is life it wasn't, it was the team members first BES install and after many hours of head scratching he came back to ask for an escalation.

I took a look and could see the issue was the Blackberry Dispatcher Service was stuck in in Starting mode.  This is never a good state for a service to be in so I knew it was likely that if we fixed this we fixed the issue.

Now BES uses SQL Server Express for its database and this had been installed on the SBS Server, but being SBS Server the SQL Server Browser Service was disabled.  The SQL Server Browser Service is required for Blackberry Administration Server (BAS) to operate.

So I enabled the service and hey presto, Blackberry Dispatcher Service now starts.  The BAS web page still did not load and I had to restart the Blackberry Administration Service - Native Code Container.

Once this restarted the BAS was available and we could get onto the task of adding the Blackberry handsets.

Friday 11 November 2011

ODBC Links do not save passwords in Windows 7 x64

Had a really interesting one today, setting up an ODBC link into SQL Server 2005 from Access 2007 and no matter what we did the password field would not save the password for our SQL Account.

The customer knew the account worked and the DSN settings on another computer so we were confident it was not those that were at fault.

Well the problem turns out to be Windows 7 x64 and the ODBC applet that is in Administrative Tools.  This is the x64 version and we need the 32bit version for Office to make the link as Office is 32bit.

So we go to this location

c:\windows\sysWow64\odbcad32.exe
If you run this you get the 32bit version of the ODBC applet and its exactly the same, enter your details and hey presto the link works and Access pulls down the data!

Legal Mumbo Jumbo

I know we have to have rules otherwise we would be in France as Al Murray says.  But sometimes the T&C of a contract can be ridiculous and frankly pointless.  Take this wonderful sentence below I have found in a T&C of a contract I am entering.

Any undertaking by the Customer not to do any act or thing shall be deemed to include an undertaking that the Customer shall procure that any user of the Services (to include without limitation any employee, agent or contractor) shall not do such act or thing. 
I mean what does that mean?  I have read it 10 times now and I am still unsure to be honest. Do I really have to pay someone £100 an hour to decipher this for me?  Is that what six years of Law School does for the world?  If it is then go be a Doctor, they actually help people.

I did not even bother to find out what the definition of "thing" is.

Rant over.

Thursday 10 November 2011

Windows 2003 Certificate Service will not start

I had a good one today, a Exchange 2003 Server with a SSL Certificate had expired.  So I quickly issued a CSR and renewed the SSL Certificate with DigiCert and away we go Outlook Web Access is working again and Outlook Anywhere.

Then after 3 hours Outlook Anywhere stops working and I get errors in the event log for 58 and 100 stating



So this wasn't a good time as we have users complaining about no Outlook Anywhere.  So what is the cause?

Well the error states about the CA certificate being expired so I used MMC to open the Certificates MMC and then saw that the Root Certificate had expired.  It expired in June mind so that was a little odd.

Well if the Root CA Certificate is expired then it needs to be renewed, this can be done by the Certificate Authority in Administrative Tools.


Choose the new the CA Certificate and agree to the change and you will then find that you have a new five year CA certificate in the Certificates MMC.

I started the Certificates Service and it stayed started!  Hurrah issue over.


Locked out of Symantec System Centre Console?

Although I don't use this application very often you sometimes find a site where the IT Support have left and no one knows the password to the Symantec System Centre Console.  If this happens to you, there is a handy tool from Symantec to resolve this, all you need is administrator access to the server console and you can use the IFORGOT.EXE tool to reset this.

The file and location is shown below, enter the username and password you want and its all done!


Wednesday 2 November 2011

Just how many Exchange Mailboxes I have I got?

Sometimes we like to know how many mailboxes are on a server or in a database, back in the day we used to count the mailboxes in Exchange 2003.  Well I did, I was greener then!

So if you have Exchange 2007/2010, and if you don't why not?, how do you do this with the Powershell.

Well its simple, open the EMS and use

Get-Mailbox | Measure-Object

If you want to do this in a database then use

Get-Mailbox -Database databasename| Measure-Object

Its that simple with EMS!

Saturday 22 October 2011

When you have invest or fail

Often people don't invest in their business IT, can we keep it going another year? Its your job as support to make it work, I don't have the money right now.

If a server is six years old and it's done 24/7 for that time, it's tired. Full stop it will not perform as it did when you bought it.

Would a car be the same after six years no matter how many services it had had? Why would IT be different, if your business was to drive a van and your van is always breaking down would you buy a new van or see the business fail?

IT is no different, we all have to invest, year on year, otherwise we find old unreliable, out of warranty, end of life applications and the path out is really painful as everything has to catch up six years.

Invest every year, gradually, make IT like the utilities, something we cannot be without and budget for it annually and save that pain you will feel when services fail and your core business suffers.

Friday 21 October 2011

Why presentations are dull

I have just been to a conference, a great one as it happens but there were some dull moments. Those presentations and PowerPoint.

Why are we still watching PowerPoint with clip art? It's not 1998. Learning can be enjoyable and enthralling, look at what the late Jobs could with an audience.

People want to be entertained, amused, amazed even. We in the technology business need to make our ideas appeal to the masses, to those that think it's all geek talk.

So how do we do it? Well what about simple You Tube skits? All you need is an iPhone or similar and you can direct a quick video of your idea.

Pictures say a thousand words they say, it's why breaking news is 24/7 and always has mobile footage or CCTV.

People are voyeuristic, so let them watch. Use You Tube or Join Me to share your ideas and services visually.

When you present captivate, don't become a twitter hash tag #yawn #powerpoint #so90s

Thursday 13 October 2011

What do you do with your computer when you leave work?

Most of us use a computer at work, some of work shifts and share that computer with others and some of us have laptops that we take home and do more work on, a bit like me.  But most of us I guess have a computer at work and when we go home we forget about it until the morning.

So do you shut it down, lock it or perhaps you just turn the monitor off and go home?  Well working as we do in support we often access computers out of  hours to update applications and perform some manual maintenance.  What do I often find?  Computers not only left on and logged on, but documents wide open or online accounts logged on.

I have seen Hotmail, OWA, Amazon all logged on and with cached credit cards, documents with confidential data open to be seen, all of this on computers in offices that can and will be accessed by other people.  I don't think people think it matters, but life is more and more online and in a digital format, would you leave your passport, house keys and wage slip on your desk?  I doubt it.  But your online life seems to be fine to leave lying around for everyone to look at.

OK so thats a bit of a rant.  But what about those important documents we in support have to backup?  You have them open on your computer, yes I will get a snap shot these days but I know how annoyed you will be with me if that computer reboots overnight due to a power cut and that presentation is corrupt and its all our fault in support.

Ok so thats another rant.  I dont do it to annoy people, really I dont.  Computers are work tools for employees, they help people make a business do what it does. I run a business and what we do is important to us, to me and to all our staff, they have mortgages and kids and if we fail they all fail.  It matters to take care of your computer and the work you do on it.

At the end of the day close all your applications so that we can backup all the important data, secure the information by not leaving it all over your screen for the cleaner to see, and don't forget all that energy that is wasted leaving the computer on all night.  Thats our future and our leccy bill being wasted, both mean a lot to my business.

IOS5 update errors

If you are upgrading your iPhone or iPad to IOS5 then no doubt you will have ran into some of the cryptic error codes that Apple dishes up for you when things go wrong.

Here is a KB from Apple to help you with those.

http://support.apple.com/kb/TS3694

Saturday 8 October 2011

The end of the Small Business Server Era?

How much longer left has the Microsoft Small Business Server product go left?  With Office 365 and the multitude of hosted emails solutions out there, does Microsoft see no point in carrying on this product line?

Well, there is no official word on this but it has been noticed that the SBS 2008 exam is not longer valid for any certification at Microsoft yet this product is still in life.  That has not happened before, so it is either a mistake, which I would never rule out at Microsoft or they are moving away from SBS as they feel SBS people will move to the cloud.

Now SBS Diva knows about these things and it is her blog I reference on this here.

I have a lot of SBS customers and nearly all of them want to keep their data on premise, the reasons are mostly that they have a fear of their data not being close to them, their Internet connection is DSL and therefore cannot be relied upon for business continuity and finally because they are of a generation that bought a server every three years and backup by swapping a tape once a day.

The world of IT is moving faster than it ever has and those that do not move with it will be left behind.  I am not saying on premise has had its day but if Microsoft do finish with SBS at 2011 then those who look at cloud as a hybrid solution now will be ones who move with the times.

I know a lot of customers find technology hard to follow and just want that box in the corner and that's it.  But they also want 24/7 access on their iPhones, iPad and to work from anywhere. That box in the corner just won't cut it, it barely cuts it now, it will have no chance in a few years.

Friday 7 October 2011

Outlook 2010 - None of your email accounts could send to this recipient

I had a really good problem today with sending emails from Outlook 2010. The user could not send to an email address as each time it bounced back with a NDR instantly that said



From: System Administrator 
Sent: 07 October 2011 12:11 
Subject: Undeliverable: XYZ XYZ


Your message did not reach some or all of the intended recipients.


 Subject: FW: XYZ XYX 
 Sent: 07/10/2011 12:11


The following recipient(s) cannot be reached:


'a.n.other@somedomain.com' on 07/10/2011 12:11 
 None of your e-mail accounts could send to this recipient.


Everytime I sent an email this NDR turned up, I sent to the email from my Gmail and it went no problems, I sent to it from this Exchange Server in another session and it sent.  So I think it must be a Outlook 2010 issue for this user.  The problem turned out not to be the N2K file as this doesn't exist in Outlook 2010 but the properties and Internet Type of the email address.

To see this I opened an email, addressed it to the recipient and then double clicked the address and selected the View More options for interacting with this person and then Options.  In here I could see that the recipient email address was set to MAIL TO and not SMTP.  I changed it to SMTP and the message could be sent.

I real stickler this was to find but I am glad I got there in the end.

Thursday 6 October 2011

Uninstall Acronis Backup & Recovery Manually

If you are having problems uninstalling the Acronis Backup & Recovery10 application then they have this tool here. that really makes things simple!

Sunday 2 October 2011

Make sure you have an SPF Record in DNS

If you do not have a SPF record in DNS then you need to get one to make sure your emails do not accidentally get detected as Spam by mail filters.  You can use this handy wizard from Microsoft to determine the configuration needed for this.

Saturday 24 September 2011

vSphere 5.0 Licencing Changes

Vmware have made some changes to the licencing for vSphere 5.0 that will affect how you plan for hardware so make sure you have read over this document and understand the new implications.

http://www.vmware.com/files/pdf/vsphere_pricing.pdf

Friday 23 September 2011

KFC Helpdesk

One of our helpdesk guys just loves his KFC so we made him a new ID card :)


Tuesday 20 September 2011

Performance Checks for SQL Server 2005

This is a good starting place for looking at SQL Server 2005 performance issues.



Database Design issue if….

Too many table joins for frequent queries. Overuse of joins in an OLTP application results in longer running queries & wasted system resources. Generally, frequent operations requiring 5 or more table joins should be avoided by redesigning the database.


Too many indexes on frequently updated (inclusive of inserts, updates and deletes) tables incur extra index maintenance overhead. Generally, OLTP database designs should keep the number of indexes to a functional minimum, again due to the high volumes of similar transactions combined with the cost of index maintenance.


Big IOs such as table and range scans due to missing indexes. By definition, OLTP transactions should not require big IOs and should be examined.


Unused indexes incur the cost of index maintenance for inserts, updates, and deletes without benefiting any users. Unused indexes should be eliminated. Any index that has been used (by select, update or delete operations) will appear in sys.dm_db_index_usage_stats. Thus, any defined index not included in this DMV has not been used since the last re-start of SQL Server.

CPU bottleneck if…


Signal waits > 25% of total waits. See sys.dm_os_wait_stats for Signal waits and Total waits. Signal waits measure the time spent in the runnable queue waiting for CPU. High signal waits indicate a CPU bottleneck.


Plan re-use < 90% . A query plan is used to execute a query. Plan re-use is desirable for OLTP workloads because re-creating the same plan (for similar or identical transactions) is a waste of CPU resources. Compare SQL Server SQL Statistics: batch requests/sec to SQL compilations/sec. Compute plan re-use as follows: Plan re-use = (Batch requests - SQL compilations) / Batch requests. Special exception to the plan re-use rule: Zero cost plans will not be cached (not re-used) in SQL 2005 SP2. Applications that use zero cost plans will have a lower plan re-use but this is not a performance issue.


Parallel wait type cxpacket > 10% of total waits. Parallelism sacrifices CPU resources for speed of execution. Given the high volumes of OLTP, parallel queries usually reduce OLTP throughput and should be avoided. See sys.dm_os_wait_stats for wait statistics.

Memory bottleneck if…


Consistently low average page life expectancy. See Average Page Life Expectancy Counter which is in the Perfmon object SQL Server Buffer Manager (this represents is the average number of seconds a page stays in cache). For OLTP, an average page life expectancy of 300 is 5 minutes. Anything less could indicate memory pressure, missing indexes, or a cache flush.


Sudden big drop in page life expectancy. OLTP applications (e.g. small transactions) should have a steady (or slowly increasing) page life expectancy. See Perfmon object SQL Server Buffer Manager.


Pending memory grants. See counter Memory Grants Pending, in the Perfmon object SQL Server Memory Manager. Small OLTP transactions should not require a large memory grant.


Sudden drops or consistenty low SQL Cache hit ratio. OLTP applications (e.g. small transactions) should have a high cache hit ratio. Since OLTP transactions are small, there should not be (1) big drops in SQL Cache hit rates or (2) consistently low cache hit rates < 90%. Drops or low cache hit may indicate memory pressure or missing indexes.

IO bottleneck if…


High average disk seconds per read. When the IO subsystem is queued, disk seconds per read increases. See Perfmon Logical or Physical disk (disk seconds/read counter). Normally it takes 4-8ms to complete a read when there is no IO pressure. When the IO subsystem is under pressure due to high IO requests, the average time to complete a read increases, showing the effect of disk queues. Periodic higher values for disk seconds/read may be acceptable for many applications. For high performance OLTP applications, sophisticated SAN subsystems provide greater IO scalability and resiliency in handling spikes of IO activity. Sustained high values for disk seconds/read (>15ms) does indicate a disk bottleneck.


High average disk seconds per write. See Perfmon Logical or Physical disk. The throughput for high volume OLTP applications is dependent on fast sequential transaction log writes. A transaction log write can be as fast as 1ms (or less) for high performance SAN environments. For many applications, a periodic spike in average disk seconds per write is acceptable considering the high cost of sophisticated SAN subsystems. However, sustained high values for average disk seconds/write is a reliable indicator of a disk bottleneck.


Big IOs such as table and range scans due to missing indexes.


Top wait statistics in sys.dm_os_wait_stats are related to IO such as ASYNCH_IO_COMPLETION, IO_COMPLETION, LOGMGR, WRITELOG, or PAGEIOLATCH_x.

Blocking bottleneck if…


Index contention. Look for lock and latch waits in sys.dm_db_index_operational_stats. Compare with lock and latch requests.


High average row lock or latch waits. The average row lock or latch waits are computed by dividing lock and latch wait milliseconds (ms) by lock and latch waits. The average lock wait ms computed from sys.dm_db_index_operational_stats represents the average time for each block.


Block process report shows long blocks. See sp_configure “blocked process threshold” and Profiler “Blocked process Report” under the Errors and Warnings event.


Top wait statistics are LCK_x. See sys.dm_os_wait_stats.


High number of deadlocks. See Profiler “Graphical Deadlock” under Locks event to identify the statements involved in the deadlock.

Network bottleneck if…


High network latency coupled with an application that incurs many round trips to the database.


Network bandwidth is used up. See counters packets/sec and current bandwidth counters in the network interface object of Performance Monitor. For TCP/IP frames actual bandwidth is computed as packets/sec * 1500 * 8 /1000000 Mbps.

Original Article is here.

Monday 19 September 2011

iPhone Data usage gone crazy?

Has your iPhone data usage gone crazy recently?  You have WiFi but you still have reached your FU limit?  It is likely that you have an app or two "stuck" downloading information and when you are out of WiFi range 3G kicks in and your data usage is depleted.

First thing to do is to switch off Mail

Settings>Mail, Contacts, Calendars>Select Your Mail Account>Mail>Turn to Off.

Next lets deal with Safari

Launch Safari, delete any and all pages listed, make sure you have nothing but a blank page. Then go to Settings>Safari>Clear History>Clear Cookies>Clear Cache.

Right now its time to reset the iPhone with a sleep and home button hold for about 20 seconds for a hard reset.

Once this is complete you can turn your Mail back on again and see if the data usage has returned to normal.

Thanks to Wjosten for this.

Sharepoint Updates in SBS 2011

The way you update Sharepoint has changed in SBS 2011, you now have to complete the process manually and unless you RTFM you may have missed this.  Well Microsoft has noted this and now offers a reminder on the desktop of your SBS when you install the RollUp Update 1.

It looks like things are going back to being a bit more technical under the hood now and this will help all those who don't work as IT Professionals all day to keep things running smoothly.

The SBS blog is here.

Thanks for the heads up on this from SBS Diva

Protect your brand from XXX domain exploitation

If you are aware of the new XXX top level domain extension that is available for the adult entertainment industry you will know that all domains will be on sale soon and that now is the time to protect your brand if you do not want a domain to be associated with this industry.

Now if you have a Trademark you can pre order that your brand is never offered for sale in this domain space and protect the Trademark for a one off cost of £200 in the UK.  But you need to move fast as this Sunrise B period as it is called expires soon.

ICM Registry are the Worldwide registrar for the XXX domain and all the information on this can be found here.



Sunday 18 September 2011

Windows 8 - Page File still doesn't increase dynamically

Ahh I had hopes but Windows 8 still does not increase the page file correctly when you increase the RAM. The screen below shows an increase from 512MB to 1024MB and the page file remains set to system set and still Windows gets it wrong. I mean I have only been waiting for this since 1996.

Windows 8 - Ribbon Interface

If you didn't like the ribbon interface in Office 2007/2010 then its bad news for Windows 8 as the ribbon hits Explorer! I like the ribbon myself but I know this will challenge some of our customers.

Wednesday 7 September 2011

Our list of killer support tools

We all have a list of tools we use that really help in fixing problems and testing. Here is the list we use and why we use them. Most are free so visit the sites, use them and say thanks.

These applications are excellent for the removal of malware.

TDSS Killer (Rootkit and fake driver remover)
http://support.kaspersky.com/faq/?qid=208283363

Malware Bytes Anti Malware
www.malwarebytes.org/mbam-download.php

Spybot search and destroy.
www.safer-networking.org/en/download

Need to defrag your PC and remove those temp files.

Auslogics Disk Defrag
http://www.auslogics.com/en/software/disk-defrag/download/

CCleaner
www.piriform.com/ccleaner/download

Find out all about your PC, battery performance and benchmark.

CPUz (Model identification)
www.cpuid.com/softwares/cpu-z.html

Batterymon
http://www.passmark.com/products/batmon.htm

Real Temp (Good monitoring software for processors and graphics cards)
www.techpowerup.com/realtemp/

Add Twitter icon to your Outlook Signature

Most of us use twitter now, I think its really great and its becoming the de factor customer service tool now, so its good to add this to your email signature and let others know who to follow.

First you need to get an icon and there are loads of places for that, here is one I used http://www.twittericons.com/.

Once you have your icon and you have the right size then just open Outlook and in Tools Options for Outlook 2003 or File Options in 2007/2010 enter the Mail section and Signatures.

Insert the icon image and then click on this and select Hyperlink to add your twitter page. Make sure it is in this format

http://twitter.com/#!/cscmitsolutions

Thursday 1 September 2011

Automatically open a file type from Chrome

Often when you work in Chrome it will not open a common file type automatically for you, we had this problem when working with Team Viewer. We had a file extension in Windows so if we saved the .tvc file then it would open, we just wanted to open it direct from Chrome.

Luckily this is simple to do, first click on the link and you will get the download file box at the bottom of the Chrome window. Click on the little down facing arrow below.


Now choose the option "Always open files of this type". Now next time you open the file it will launch direct from Chrome.

Syslog in the Cloud

How much of a pain can it be trying to get syslogs from Cisco devices and such and manage these logs? We have tried syslogs running on a server at each site and it just becomes a management headache. If only there was a syslog in the cloud I thought?

We there is! OK so syslog uses UDP port 514 on a Cisco and it does not encrypt the data and yes I am sending this over the Internet but sometimes you need that data and thats more important.

So go here www.loggly.com and have a look at what they offer, you can retain a weeks logs and have up to 200MB of data a day for £0! If you have a lot to log it is still no expensive and in dollars its better value for us in the UK.

It took about an hour to setup once I worked out that Cisco routers will only syslog to this on UDP 514, once I had its a doddle and works great.

Monday 29 August 2011

Windows, OSX and Linux fonts and CSS

I was trying out our new helpdesk and how it looks in different browsers and I noticed when I used Ubuntu it did not have the right font. Now we have the font Century Gothic as our brand font and our helpdesk displays this using CSS, however this font is not installed in Ubuntu by default so it picked the next font available which was Georgia and this just did not look right.

So how do you work around this? Well one is to know what the default fonts are in Windows, OSX and Linux.

This page has all the information you need.

http://www.apaddedcell.com/web-fonts

I noticed that the equivalent font in Ubuntu is URW Gothic L and so I amended our CSS to use this font if Century Gothic is not found. The CSS is below

#top-menu {font-family: Century Gothic, URW Gothic L, Georgia, Times New Roman, Times, serif;}

Sunday 28 August 2011

Determine SQL Server version

If you need to determine what version of SQL Server is running just make a new query as follows

select @@version

Then you can look the version number against this Microsoft KB

http://support.microsoft.com/kb/321185

Saturday 27 August 2011

Small Business Server 2011 Sharepoint Foundation Event ID 70

Microsoft has changed a few things in Sharepoint for version 2010. One of them is how it is patched and updated. It is now a two step process, you use Microsoft Update for the update and then you have to manually upgrade the database from the command line.

So how do you know if you need to do this? Well its likely in your event logs you have seen Application Log Event 70 Sharepoint Foundation Search.

The mount operation for the gatherer application 08dd5186-9d3a-4ded-ac19-b626c26e3208 has failed because the schema version of the search administration database is less than the minimum backwards compatibility schema version supported for this gatherer application. The database might not have been upgraded.

If so you will likely need to upgrade your database, you can double check this by using some Powershell. Open the Sharepoint Management Shell and run this line

(get-spserver $env:computername).NeedsUpgrade

If this returns True then you need to upgrade the database.

Right so now you need a standard elevated command here.

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN


Run this command

PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

The database is now upgraded for you and the Sharepoint upgrade is complete.

Remember Small Business Server 2011 is aimed at non IT folk, really Microsoft what are you thinking?

Small Business Server 2011 Post Install Errors

When you install a new SBS Server 2011 you will find a fair few issues in the event logs, a number of these are benign and you can ignore them. Microsoft has a KB on this that is well worth a read and then you can ignore these in your event log monitoring application. You do have a Managed Services application don't you?

http://support.microsoft.com/default.aspx?scid=kb;en-us;2483007

Is it the Cloud that is hurting SME IT Support Providers?

There is a lot of talk now at the small business level about the "cloud". Those in the world of IT have known about this for some time but it has finally filtered down to the business owner who has heard wonderful things about 24/7 computing and how "it" never fails.

If your business sells on premise solutions and support/maintenance post sales then surely this is your death knell sounding isn't it? After all who needs Small Business Server and Microsoft Office when we have Google Mail and Office 365.

Well perhaps this might be true for some, I have seen some of our customers move to this type of solution, but to be fair they were mostly consultancy level business with maybe three or four employees. Is a cloud based service better for them and save them time and money because they have no on premise server to worry about and less support costs to pay for? The answer is yes!

Now don't get me wrong, I do not want to lose customers, far from it. What I want to do is always recommend the best solution for my customers and if that means for some of our smaller customers recommending a cloud solution because it is best for them then we will do it. The value comes in that we offered the best solution and people talk to people, word gets around that we do what is needed for our customers and that brings in new business, business that does need our helpdesk, our managed services, our great customer service.

So we thought if people want hosted email, hosted SharePoint, no backups to worry about and 24/7 uptime why don't we provide it too? So we do.

We can offer our customers who want a hosted solution, one that is designed for what they need. Many big cloud players are very much out of the box stuff and our customers have custom needs and these change all the time, they need techs who know what to do and how to do in like it was yesterday.

Want Exchange in the cloud? Keep SQL on premise for MRP? Managed Services for Anti Virus, Internet Threat Protection and Computer Theft Tracking? Yes we can do all this, Google cannot offer this and nor can Office 365.

The cloud is awesome and I use it all the time, our helpdesk is cloud based, so is our project management and CRM. Our email and Sharepoint is on premise. We have a mixture and its likely you will too.

You can have your cake and eat it with the cloud and on premise, you just have to know which slice goes where.

Friday 26 August 2011

How to tell which version of Exchange 2007/2010 you are running

This is a good thing to know so you can work out what Update Roll-up or Service Pack you need to apply. It uses the awesome EMS.

Get-ExchangeServer | fl name,edition,admindisplayversion

Exchange Server Service Packs & Build Numbers

If you need to support users with Mac OSX then it good to know what version of Exchange Service Pack and build you have.

This is all information Microsoft publish but they kind of hide it away so here it is.

http://social.technet.microsoft.com/wiki/contents/articles/exchange-server-and-update-rollups-builds-numbers.aspx

Saturday 20 August 2011

Microsoft Volume Licencing Centre

At last the the Microsoft VLSC site has been updated and now resembles something you can work with, at least for getting your downloads and product keys. I have not yet tested for registering a licence so lets hope that has been improved too as it was such a faff before with all the Windows Live accounts that you had to create to just be able to register a licence for your customer.

Friday 19 August 2011

How to create Performance Alerts in Windows 2008

We use these to either notify with our Managed Services application or to fire off a event when a performance trigger is trapped.


You can configure alerts to notify you when certain events occur or when certain performance thresholds are reached. You can send these alerts as network messages and as events that are logged in the application event log. You can also configure alerts to start applications and performance logs.

To configure an alert, follow these steps:


1. In Performance Monitor, under the Data Collector Sets node, right-click the User-Defined node in the left pane, point to New, and then choose Data Collector Set.

2. In the Create New Data Collector Set Wizard, type a name for the data collector, such as Processor Alert or Disk IO Alert.

3. Select the Create Manually option, and then click Next.

4. On the What Type Of Data Do You Want To Include page, select the Performance Counter Alert option, and then click Next.

5. On the Which Performance Counters Would You Like To Monitor page, click Add to display the Add Counters dialog box. This dialog box is identical to the Add Counters dialog box discussed previously. Use the dialog box to add counters that trigger the alert. Click OK when you have finished.

6. In the Performance Counters panel, select the first counter, and then use the Alert When Value Is text box to set the occasion when an alert for this counter is triggered. Alerts can be triggered when the counter is above or below a specific value. Select Above or Below, and then set the trigger value. The unit of measurement is whatever makes sense for the currently selected counter or counters. For example, to generate an alert if processor time is over 95 percent, select Over, and then type 95. Repeat this process to configure other counters you’ve selected.

7. On the Create Data Collector Set page, the Run As box lists to indicate that the log will run under the privileges and permissions of the default system account. To run the log with the privileges and permissions of another user, click Change. Type the user name and password for the account, and then click OK. User names can be entered in domain\username format, such as cpandl\williams for the Williams account in the Cpandl domain.

8. Select the Open Properties For This Data Collector Set option, and then click Finish. This saves the data collector set, closes the wizard, and then opens the related Properties dialog box.

9. By default, logging is configured to start manually. To configure a logging schedule, click the Schedule tab, and then click Add. You can now set the Active Range, Start Time, and run days for data collection.

10. By default, logging stops only if you set an expiration date as part of the logging schedule. Using the options on the Stop Condition tab, you can configure the log file to stop automatically after a specified period of time, such as seven days, or when the log file is full (if you’ve set a maximum size limit).

11. Click OK when you’ve finished setting the logging schedule and stop conditions.

Troubleshooting Issues with Companyweb and SBS 2011

As with all new products, some things do not work out of the box. SBS 2011 is one of them.

Look at this blog post from Windows SBS on two common issues with Companyweb and what to do.

Blocking Credit Card numbers with Exchange 2007/2010

As part of the PCI compliance legislation in the UK we have been asked to block all incoming emails that contain credit card numbers to one of our customers. We cannot receive any emails that contain numbers so we knew we had to block them before they were delivered to the server and not filter them once they had been accepted.

This can be achieved with the Exchange Transport Rules.

Transport Rules allow for pattern matches on certain characters on messages that are routed through Exchange, full details of this can be read here

http://technet.microsoft.com/en-us/library/aa997187.aspx

Credit card numbers have a certain format, Visa and Mastercard use 16 digits in blocks of 4 starting with a 4 and 5 respectively so

4xxx xxxx xxxx xxxx
5xxx xxxx xxxx xxxx

Discovery uses 16 digits in a block of 4 starting with 6011 so

6011 xxxx xxxx xxxx

AMEX uses 15 digits in blocks of 5,6 then 4 starting with a 3 so

3xxxx xxxxxx xxxx

To match these with a rule we need to use several pattern matches.

4\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s
5\d\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s
6011\d\d\d\d\d\d\d\d\d\d\d\d\s
3\d\d\d\d\d\d\d\d\d\d\d\d\d\d\s

The matches here are \d for any numeric character, \s for a white space so these match for the following

4111666677778888
5111666677778888
6011666677778888
31166666677777

This is great but we need to match for people using spaces, periods or hyphens so we need to increase the pattern match to account for this.

\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d(\s|.|-)\d\d\d\d

This match uses the parenthesis () to distinguish choices that can be made mid match so if we need to match four numbers and then a space, period or hyphen we can see this as

\d\d\d\d - Match 4 numbers
(\s|.|-) - Match either a space, period or hyphen

Note the use of the pipe character | here this is used as an OR in the match statement to choose the different type of character.

Now using this we can match for any variation of character that distinguish 16 digits and then add different matches for the 15 digit cards from AMEX.

\d\d\d\d(\s|.|-)\d\d\d\d\d\d(\s|.|-)\d\d\d\d\d(\s|.|-)

All you need to do now is take some action when the match occurs, in our case we reject the email with a custom message and the SMTP code 5.7.1

Thursday 18 August 2011

Thank Customer Service People, they will appreciate it!

If you work in customer service and by that I mean on the first line of support on the telephone or email, you are the first person an upset customer or a person with a problem will speak to. (it can be argued that everyone in your business is in customer service but that is for another time)

So if you are about to speak to someone with a problem, they are likely to already be thinking "I don't like this company and I am going to tell them", they are probably thinking who they can change to and leave you.

This is your chance to make a difference and to bring them back around without the need for a "retention" department or any of that crap.

I will give you an example of great customer service. Orange UK. Now I moved my business phones to Orange about six months ago and ever since then I have had all our phone calls cut off after a few minutes or drop when we are in the middle of an important call so as you can imagine this drove us mad and was not what we needed.

But this was a technical issue, I suggested it was linked to a merger with another provider but I digress. The real issue is that I decided to move back to my original carrier O2 and so I called the customer services to start the process of moving back.

Orange UK customer services were awesome about this, they understood my problem, didn't try to change my mind and listened. Then when I needed to get my PAC codes and iPhone unlock codes they did everything they could to help me out. The Call Centre is based in Newcastle Upon Tyne and so I got a Geordie most times and they do tend to be a friendly lot to speak to.

What mattered to me was that although Orange Service was not up to par their customer service was and I know that technical problems can be solved and they often are, so in the future I would not be put off moving back to Orange because I know that once the technical issues are resolved they will have a great service and a awesome customer service and thats a killer combination.

Make customer service everything, technical problems come and go, people know this, not caring for your customers can be a once only deal and you might not get the chance to do it twice.

Monday 15 August 2011

SQL Server Maintenance Plan "Access Denied"

Sometimes you might find your SQL Server maintenance plans do not run and when you look in the history you can see that the message "access denied" is displayed. When you look at the Job however it has the correct Owner is assigned to the Job.

The NETWORK SERVICE account is the key to this behaviour, it will be the this account that executes the Job and this account that may not have the permissions to the destination you need.


So just make sure you allow NETWORK SERVICE to Write permission to your destination and your SQL Jobs will run again successfully.

Thursday 11 August 2011

2x Thin Client PXE Boot Issue - TCAC008

We use the 2x Thin Client from www.2x.com it is a really cool PXE booting Thin Client for Terminal Services and Citrix. It has been working at our clients for months without a hitch but his morning all our users had this message displayed on their computers when starting up.


We searched the 2x Knowledge Base and could not find this error and it is not in the manual either so we were a but stumped.

Then we got a call from another office that they had the same issue. The penny dropped it must be something used at each site, the licence!

We checked and the licence we had entered was lost in the back end server application, we re entered the details and we were back in business.

Tuesday 9 August 2011

Vmware Data Recovery Performance

We use VMWares Data Recovery as a backup for our vSphere infrastructure, now I know a lot of people do not consider this a robust backup solution and use other agents for that role, we had to make do with what we had in this case and make this work for us.

As an application when it works, it works well and I can restore a server to a point in time and I can mount restore points to replace files that have been changed, usually I use Shadow Copy for this but there are those users who have changed a file months ago or need it for a retention reason.

The problem with DR comes with the Integrity Checks and Catalog of the DeDupe Storage, I use 1TB VMDK files on NFS NAS because I need to store multiple backups and DR only supports two destinations at once so I need to get the most out of them in terms of capacity.

Often I will find my backups have failed because they have exceeded their time window due to the destination running a daily Integrity Check and the check on a 1TB NFS VMDK takes a long time to finish.

So what can be done, well one is to try to limit the Integrity checks to once a week and this can be done by editing the Data Recovery Appliance from the Linux console.

So the first thing to do is to logon to the appliance so open the appliance from the console and use the default credentials of "root" and "vmw@re" But be aware the keyboard may well be mapped to US so the @ symbol will actually be the " on a a UK keyboard.

Once logged on you can then create the INI file with the command

vi /var/vmware/datarecovery/datarecovery.ini

In this file you can then add the header [Options}

Then to change the Integrity check Interval enter on its own line

IntegrityCheckInterval=7

To close the file and save enter :q!

There are multiple other options available and you can read about those here

http://bit.ly/qFHj2J

http://bit.ly/oKwn3I

Sunday 7 August 2011

Post SBS 2011 Post Installation Known Errors

There are several errors post a SBS 2011 installation that can be safely ignored. Here they all are

http://support.microsoft.com/kb/2483007/en-us?sd=rss&spid=1167

SidebySide errors on your Windows 2008 R2 Servers

If you start seeing a lot of Event ID 33 errors in your Application Logs on a Windows 2008 R2 Server then you will want to read this KB article.

http://support.microsoft.com/kb/2507938

It is nothing to worry about but is notification of security when using the Command Prompt.

Sharepoint Foundation Application Log Event 2137

I have a few customers with SBS 2011 and this is now shipping with Sharepoint Foundation Server 2010. When you perform Windows Updates on SBS 2011 it will no longer upgrade the Sharepoint Databases automatically for you and as a result you can leave your Sharepoint Databases in a unsupported state. This when you see the Event ID 2137 in the application log.

So here is what you need to do.


Patching SharePoint is a two-step process. The updated binaries are first installed and then psconfig must be run to update the SharePoint databases. SBS 2008 uses Windows SharePoint Services 3.0 and updates automatically run PSconfig when installed via Automatic Updates or Windows Server Update Services. SharePoint Foundation 2010 changes the method in which patches are installed. PSconfig no longer runs automatically after an update is installed. The SharePoint binary files are updated with the patch but the databases are not automatically upgraded. SharePoint runs in a compatibility mode that still allows the sites to function with the older version databases. The SharePoint Health Analyzer will scan the databases every night at midnight to determine if an upgrade is required. If the SharePoint Health Analyzer detects an upgrade is required, it will log the following error in the application event log:

Log Name: Application
Source: Microsoft-SharePoint Products-SharePoint Foundation
Event ID: 2137
Task Category: Health
Level: Error
User: CONTOSO\spfarm
Computer: CONTOSOSERVER.contoso.local

Description: The SharePoint Health Analyzer detected an error. Product / patch installation or server upgrade required. All required products must be installed on all servers in the farm, and all products should have the same patching and upgrade level across the farm.

Upgrade is required on server CONTOSOSERVER. Without the upgrade, the server is not in a supported state.

On server CONTOSOSERVER, once all required products and/or patches are installed, perform an upgrade by either running PSConfigUI.exe or by executing the command "PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures". If a former upgrade attempt has failed, you may need to resolve upgrade specific issues before attempting upgrade again. Refer to the upgrade status page (http://contososerver:19158/_admin/UpgradeStatus.aspx) for information about current and prior upgrade attempts, and to determine issues that may be preventing upgrade from succeeding. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142700".

In order to update the SharePoint databases, you must manually run the PSconfig utility. To run the utility:

1. Open an Administrative command prompt.
2. Change directory to C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\BIN
3. Run PSConfig.exe -cmd upgrade -inplace b2b -force -cmd applicationcontent -install -cmd installfeatures

Note: The Companyweb site will be inaccessible while the command is running. It is best to run the command after business hours. The amount of time the command takes to run will vary on the size of the database and the speed of the machine. On a reference machine with 8 logical processors, 32GB of RAM and a 2GB content database, the command took approximately 5 minutes to execute.

The SharePoint configuration wizard will launch and perform the configuration tasks. When the command is finished, you should see the following message:

Successfully completed the SharePoint Products configuration.
Total number of configuration settings run: 6
Total number of successful configuration settings: 6
Total number of unsuccessful configuration settings: 0
Successfully stopped the configuration of SharePoint Products.
Configuration of the SharePoint Products has succeeded.

For additional information on SharePoint Foundation 2010 patches see the following TechNet site: http://technet.microsoft.com/en-us/library/ff806326.aspx

Tuesday 5 July 2011

Disable SSL 2.0 for PCI Compliance

If you need to switch off SSl 2.0 on an ISA Server for a PCI Compliance Scan this is quite simple to do. First you can switch off PCT and then SSL 2.0


Click Start, click Run, type regedt32 or type regedit, and then click OK.
In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\PCT 1.0\Server
On the Edit menu, click Add Value.
In the Data Type list, click DWORD.
In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.
Type 00000000 in Binary Editor to set the value of the new key equal to "0".
Click OK. Restart the computer.

Perform the same change for the SSL 2.0 key

Tuesday 7 June 2011

Small Business Server Migration Limit

When you are migrating to SBS Server 2008 or 2011 and you have 21 days to complete the migration you can sometimes find that this is not enough, working in Managed Services means you can often run out of time due to other issues and it is nice to have as long as you need to make the transition.

You can stop the SBCore Service from shutting down your old SBS 2003 Server after 21 days by making some simple changes to the server in advance.

The shutdown is controlled by the SBCore Service, this is locked down so that you cannot use the MMC to stop the service and if you kill the process it will restart within a minute or so. So you have to use a few tools to make this work, the first is to get Process Explorer from SysInternals.

This is a valuable tool to have anyway and I highly recommend getting a copy here http://bit.ly/fzWyfq

Once you have Process Explorer you can find the process and suspend it, we can now edit the registry and change how the service operates.

Using regedit you can find the key

HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SBCORE

Change the permissions on the key so that the Administrators group has Full Access and then you can see the DWORD options for the key.

Find the DWORD Start and change the value to "4". This will place the Service in a disabled state.

Once complete then browse to the SBCore EXE file which is c:\windows\system32\sbscrexe.exe and change the permissions so that Everyone is denied all permissions. This will stop the file from being ran again.

Once complete the server will not restart after 21 days and you have as long as you need to migrate that server.

Monday 9 May 2011

Enable Local Drives in SBS 2008 Remote Web Workplace

By default when you connect to a remote computer using Remote Web Workplace in SBS 2008 the option to connect back to your local drives is missing. This can be easily added back as follows

Browse to C:\Program Files\Windows Small Business Server\Bin\webapp\Remote\tsweb.aspx and make a backup of this file if required.

Next opne an elevated copy of Notepad and open the tsweb.aspx file.

Search through the file for the following setting and change it to TRUE.

MsRdpClient.AdvancedSettings2.RedirectDrives = FALSE

Friday 29 April 2011

Fake Anti Virus Applications and how to remove them

I often get customers who have had a drive by download and end up with a fake Anti Virus application on their PC, this usually pops up windows all over the screen and we get a support call to get rid of it. The usual culprits are users who have to be administrators but it is not always the case, if its Windows XP then anyone is pretty much at risk.

So the key to these is to find the rogue task in Task Manager, you can usually spot it because it has a description that is poorly written, it will repeat the exe name or will have no description. Find the exe and terminate the process and the fake Anti Virus should close, now you know you have the right file.

Search the registry for this file name and you should find the two registry keys for Open Shell are listed with the exe location and path appended to the open command on any shell or exe.

•HKEY_CLASSES_ROOT\exefile\shell\open\command
•HKEY_CLASSES_ROOT\comfile\shell\open\command

The default value for each of these should be "%1" %*

If your value contains the malware exe path, reset the path here and then delete the exe file.

You should now find the fake Anti Virus malware is removed.

Thursday 28 April 2011

Windows 2008 Boot.ini

A good point to note is that Windows 2008 Server does not use the boot.ini file anymore to determine which partition to boot from. This is now all completed via the command line utility bcdedit.exe

For example if you need to rename your primary boot partition to be displayed when Windows starts you can use this command

bcdedit /set {current} description "Windows 2008 Server Primary"

There is a lot more to this utility but worth knowing that it is there!

Monday 11 April 2011

Upgrade DSL firmware on a Cisco Router

I had to upgrade the firmware on a Cisco 877 recently so thought I would outline the best way to do this.

Firstly download your ADSL firmware from Cisco, you will need a Smart Net Contract for this. The file will be something like adsl_alc_20190.3.0.017.bin

Next you need to TFTP the file to the router, I use a basic TFTP Server and save the file in the root of the flash, you may notice there is not an existing firmware file for the routers current firmware. This is normal if you have an embedded firmware with the IOS, you can check this with the show version command and then look for the output for F/W and see if it is set to embedded.

Once you have TFTP the file to the Cisco you can then rename it removing the version number part

adsl_alc_20190.3.0.017.bin is renamed to adsl_alc_20190.bin

Then you reboot the router and the firmware is loaded.

Trend Micro Office Scan Hotfix Issue

I recently deployed version 10.5 of Office Scan and following best practice installed the latest service pack and hotfix from Trend Micro, as part of our test process we found that the clients would show as online client side but offline at server side.

We followed trouble shooting through firewalls and ports and then noticed when we tried to create a client package to install with this failed with an error that files cannot be found.

A quick look in the folders for Office Scan showed several files renamed _INVALID as the file extension and in the system event log there were multiple entries logged as ID 900 relating to invalid digital signatures detected by Office Scan and that the files had been renamed.

It turns out that the latest hotfix for Office Scan 10.5 has a check for the digital signature of the Office Scan files and if they are not signed correctly they are renamed for safety, the problem being that the files are all not signed as expected and Office Scan disables itself for you.

The details are logged in the this KB

http://esupport.trendmicro.com/Pages/Tscexe-keeps-being-renamed-to-Tscexeinvalid-when-applying-bandage-Damage-Cleanup-Engine.aspx?print=true

It is pretty poor testing when a hotfix disables the product so severely. Boo Trend Micro.

Friday 8 April 2011

DCdiag fails over IPSEC Tunnel

I had a server behind a IPSEC tunnel between two Cisco 1841 routers and when running a dcdiag the Locator check was failing. I used the verbose output on the dcdiag and it noted that UDP packets were being either dropped or fragmented to the destination servers.

I looked at the syslog on the Cisco 1841 and I could see UDP packets between the two servers being dropped, I checked the class map for this policy map and udp was listed at the bottom of the class map but it was not being matched.

I then created a new class map for the udp protocol and added this with inspect to the policy map and then dcdiag worked. I used a inspect log in the policy map to show this in the syslog.

Strange behaviour that the udp packets do not match even though they are in the right class map, but I needed a solution so I created a new protocol definition for the UDP LDAP on port 389 and then a new class map and policy map inspection.

ip port-map user-ldap-udp port udp 389
class-map type inspect match-any cmap-ldap-traffic
match protocol user-ldap-udp
exit
policy-map type inspect ccp-inspect
class type inspect cmap-ldap-traffic
inspect
exit
exit

Wednesday 9 March 2011

Userenv Error 1058 - Windows cannot access the file gpt.ini

I had an issue on a Domain Controller where we would get the Userenv error 1058 in the application log everyday, the DC showed no faults, replication was working and it was more of an annoyance that the log was not clean rather than an error to get resolved.

I downloaded the Windows 2003 Support Tools and then checked with a DCDIAG and NETDIAG and both passed correctly and this confirmed my thoughts that the DC was working as normal.

I had a search on this issue and found that the problem can be caused by the Distributed File System cache and that using the dfsutil tool you can clean this up.

I ran the command dfsutil /PurgeMupCache and this cleaned out the cache, I then ran a gpudate /force and then Group Policy processed successfully and the error was gone.

Saturday 19 February 2011

-3948 VCB API Exception - vSphere DR

i had a issue where my vSphere Data Recovery backups would not start, each time they displayed the error -3948 VCB API Exception. Not exactly a clear error message to go at.

I then noted that I had made changes to my internal DNS and the internal DNS server the appliance was using we no longer in service and this error is really a DNS server to say I cannot find any host names for the ESXi Servers.

I changed the DNS in the appliance via the console and then the update allowed the backups to start correctly.

Friday 4 February 2011

Manual Uninstall Trend Micro Messaging Security Agent

If you need to manually uninstall the Trend Micro Messaging Security Agent in Worry Free Business Security here is the link.

http://esupport.trendmicro.com/3/Manually-uninstalling-the-Messaging-Security-Agent-of-Worry-Free-Busin.aspx

Thursday 3 February 2011

Windows 2008 Performance Report

If you have a Windows 2008 or R2 Server that you need a quick snap of the performance, use the command perfmon /report

This will give you a good overview report including the files using the most disk I/O and memory.

It is a good place to start when performance troubleshooting.

NTFS System File Definitions

I have often wondered what all of the hidden files and folders do in Windows as the versions have progressed. This KB article explains it.

http://support.microsoft.com/kb/103657/en-us

Thursday 27 January 2011

Upgrade IOS on Cisco 2960 Switch

Just a quick note on the new upgrade process for the 2960 range of switches.


Download the image file from the TFTP server to the switch. If you are installing the same version of software that is currently on the switch, overwrite the current image by entering this privileged EXEC command:

Switch# archive download-sw /overwrite /reload
tftp:[[//location]/directory]/image-name.tar
The /overwrite option overwrites the software image in flash memory with the downloaded one.

The /reload option reloads the system after downloading the image unless the configuration has been changed and not saved.

The /allow-feature-upgrade option allows installation of an image with a different feature set (for example, upgrade from the IP base image to the IP services image).

For //location, specify the IP address of the TFTP server.

For /directory/image-name.tar, specify the directory (optional) and the image to download. Directory and image names are case sensitive.

This example shows how to download an image from a TFTP server at 198.30.20.19 and to overwrite the image on the switch:

Switch# archive download-sw /overwrite
tftp://198.30.20.19/c3750-ipservices-tar.122-50.SE.tar
You can also download the image file from the TFTP server to the switch and keep the current image by replacing the /overwrite option with the /leave-old-sw option.