Thursday, 26 March 2009

TS Server 2003 - Turning off Internet Explorer Enhanced Security

Turning off Internet Explorer Enhanced Security mode isnt always easy on a Terminal Services server when your users arent the most profficient.

I found the best way to disable this if you find you have to; is to incorporate the following into group policy as a registry file.

Copy all text after the break line into a text document then save it as a .reg file.

----------------------------------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IEHarden"=dword:00000000

Friday, 20 March 2009

Internet Explorer 8 — Now Officially Launched

The long awaited Microsoft Internet Explorer 8 has now been made officially available to general public,

With long awaited features included such as:
InPrivate Browsing
Browse the web without saving your history with Internet Explorer 8's InPrivate Browsing. Now you can shop for that special gift with confidence knowing your family won't accidentally find out or use a shared computer without leaving a trace

Web Slices
Keep up with changes to the sites you care about most. Add a Web Slice and you won't have to go back to the same website again and again for updates on news, stock quotes, online auctions, weather, or even sports scores.

Accelerators
Accelerators let you map directions, translate words, email your friends, and more in just a few mouse clicks.

Click Here to download

Friday, 13 March 2009

SMTP: Advanced Queue Failed to Deliver Message in ESM

We noticed a while ago that emails were suddenly disappearing without trace, no NDR being genereated. The email just seems to disappear.

There are multiple ways to resolve this issue but I'll explain my method which will hopefully point most people in the right direction.

Firstly you need to find out exactly what the issue is, in my case we tracked the message in ESM and found the message was received by the server but then never delivered with the message; "SMTP: Advanced Queue Failed to Deliver Message in ESM"

You should enable message tracking, by right clicking the mail server in ESM and checking the tracking box on the general properties page.

Review the log file to find the exact event id from the exchange server.

An example of my case is as follows:
10:33:38 GMT SERVER2K3 user1@domain2.co.uk 1019
user2@domain1.co.uk
10:33:38 GMT SERVER2K3user1@domain2.co.uk 1025
user2@domain1.co.uk
10:33:44 GMT SERVER2K3 user1@domain2.co.uk 1026
user2@domain1.co.uk


You should use the following link to reference the event ID's

Message tracking event IDs in Exchange Server 2003
http://support.microsoft.com/kb/821905

Event 1026 is most likely caused by the 3rd party Anti Spam software
running on exchange server.

Either the message was detected as spam or there may have been some corruption in the message. McAfee GroupShield installed on the Exchange server can also cause this.

We actually found that by disabling the scanning function in Group shield this resolved the error.

I have also however noticed in the past that GFI can cause this issue to, you should look in the Program files directory under GFI for any emails, you will most likely find them there.

Did I solve your problem? Buy me a virtual beer by clicking on a Google ad :). Thanks!


Tuesday, 10 March 2009

Your client does not support opening this list with Windows Explorer.

I recently came accross a client who recieved this message when they tried to use a sharepoint (V3) list:

"Your client does not support opening this list with Windows Explorer. "

Obviously this isnt a very helpful message but after a short while of searching through events and web pages I found the following Microsoft Article which helped to resolve the issue. It is caused by a long URL or List name exceeding 100 characters.
Microsoft have noted the problem and now released a patch for download so you can clear this problem.

Support Link: http://support.microsoft.com/kb/923906

How to make an External Drive Bootable

This is something that used to drive me crazy and probably still would had I not simply taken a few minutes to think a little bit about my options.

The scenario was simple Windows 7 RC from Microsoft's website as an ISO installing onto an Acer Aspire one with NO CD DRIVE!

So I had to go down the USB root, well the answer is actually really simple,

Firstly make sure your external drive is formatted as NTFS then secondly go into computer management (Right click My Computer and Click Manage) and right click your disk.
You then see an option (Set as Active) this will set the partition as Active as it states (Which also means bootable).

Copy your ISO onto the drive and boot, hoorah!

I think this is limited to Vista though...not sure anyone willing to try this on XP please let me know how this goes..

Saturday, 7 March 2009

File could not be found documents.doc

I first saw this when opening a word document from outlook as an attachment, I may be mistaken though this could happen in more scenarios.

Most of you will be glad to hear, the fix is simple!

Go to Start > Run, type "Winword /r"

Monday, 2 March 2009

LSASS.EXE - System Error / Rebuilding Active Directory Indices. When booting windows server 2003

LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Services cannot start. Error status 0xc00002e1.

I know everyone's scenario's when seeing this message are pretty varied but I found a nice way to fix this within an hour providing you have a similar setup.

In my particular case I had two servers an SBS 2000 (oh dear I hear you cry) and a Standard Server 2003 running SP1. The 2K3 machine was rebooted and upon reboot we were presented with the above error.

So to fix try the following:

1. Reboot the 2K3 server into "Directory Services Restore Mode" then logon to the machine locally, in my case I didnt know the restore password (results of taking on machines from other support companies.)

-If this is the case go onto the second server, right click "my computer" and select manage, within the new window, right click the "Computer Management" header and then click connect to another computer, you can then connect to the server you can't log into and reset the local admin password.

2. So first things first now your into the server you need to check the database files, go to start, run, and type "cmd" to open a command shell. The type the following:
ntdsutil files info
You should see similar the below:

Drive Information:

C:\ NTFS (Fixed Drive ) free(533.3 Mb) total(4.1 Gb)

DS Path Information:

Database : C:\WINDOWS\NTDS\ntds.dit - 10.1 Mb
Backup dir : C:\WINDOWS\NTDS\dsadata.bak
Working dir: C:\WINDOWS\NTDS
Log dir : C:\WINDOWS\NTDS - 42.1 Mb total
temp.edb - 2.1 Mb
res2.log - 10.0 Mb
res1.log - 10.0 Mb
edb00001.log - 10.0 Mb
edb.log - 10.0 Mb


You need to make sure that these files exist and the directory is there before you continue.

3. You can now do an integrity check by typing the following:
ntdsutil files integrity if you get an error here then continue, otherwise try a reboot and it should fix the issue.

4. Next check is a semantic check, do this using the following command:
ntdsutil "sem d a" go
If this fails however try the following:
ntdsutil "sem d a" "go f"

5. Try a defragment:
5a - Type 'ntdsutil'
5b - Type 'compact to "c:\TMP"'
If defragmentation succeeds without errors, follow the Ntdsutil.exe on-screen instructions. Delete all the log files in the log directory by typing the following command:
del drive C:\ pathToLogFiles \*.log
Copy the new Ntds.dit file over the old Ntds.dit file in the current Active Directory database path that you noted in step 2.

Note You do not have delete the Edb.chk file.
Restart the computer normally.



I personally still had issues at this point, with the server refusing to access these files with JET errors. So from that point had to do the following:

6. Modify the following Registry key entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions

In the right-pane, double-click ProductType. Type ServerNT in the Value data box, and then click OK.
This will make the server a member server, reboot and log on locally to continue.

7. Once booted, you now have to simply run dcpromo from the command line and make a test fresh domain. I used testdomain.deleteme again once this process is complete, reboot.

8. You have now got your self a domain controller again, simply run dcpromo again to uninstall AD services from this new DC and once again reboot.

9. Finally if this applies, use ADSI edit to rip out the domain controller from Active Directory on the other server and then run dcpromo to join the server back to the existing domain.

Doing it this way, I lost no data and all security permissions were retained within the folder structure - My method was constructed using a variety of the below links and other sources, it may or may not apply to your circumstance but your answer will be in there somewhere if not.

Did I solve your problem? Buy me a virtual beer by clicking on a Google ad :). Thanks!




Additional Links:
KB 258062 - NTDS Util Checks

KB 232122 - Performing Offline Defragment

KB 332199 - Force Demoting a Domain Controller

KB 332199 - How to remove data in Active Directory after an unsuccessful domain controller demotion