I just really wanted to mention how much I <3 the win7 installer.  I’ve got a GX620 optiplex in the house that I realized had no cd-rom, and wouldn’t boot from a flash drive, so i copied the win7 install files from my flash drive to an NTFS formatted usb hard drive, and it installed wicked fast.

Win7 is full of win and love and butter.

Ok, so after many days of frustration and troubleshooting, I think I have this problem licked.

First off, setup your network to enable RPC over HTTP, and confirm it works with Outlook 2k3.

Keep in mind you WILL need a valid SSL cert from a trusted authority.  I recommend a cheap cert from godaddy, as they can be had for between 13-30 bucks if you catch a sale.

Once you have your cert, follow the instructions here:

http://www.petri.co.il/how-can-i-configure-rpc-over-https-on-exchange-2003-single-server-scenario.htm

And make sure you test your exchange connectivity, and make sure RPC over HTTP is working for a standard Outlook 2k3 install.

Once you’ve followed those steps, test your configuration here:

https://www.testexchangeconnectivity.com/

All green? Gooooood.

Now, this is where it gets weird. In your Outlook 2k7/Vista machine, go to control panel-mail, and setup your new profile. 

For your Exchange server, enter the INTERNAL FQDN of your mail server, ie servername.domain.local, selected cached mode so you can get decent performance out of your setup, and enter your username.

Select more settings, go to Security, and set it to Kerberos for now. (We’ll come back to this.)

Go to the Connection tab, and under Outlook Anywhere put a check in “connect to Microsoft Exchange using HTTP”, and then click the Exchange Proxy Settings button

Under connection seetings, enter the URL for your OWA server, and put a check Connect using SSL only.  Also check both “On fast networks”… and “On slow networks…”  Set your Proxy Authentication settings to Basic authentication.

Click OK, and then OK again, at which point you should get a pop up warning about using Kerberos from outside a firewall.  Hit ok and continue.  Go ahead an open outlook, enter your username as Domain.local\username  and password, and outlook should probably fail.  At this point go back to your exchange settings, and change you Logon security back to NTLM instead of Kerberos.  Reopen Outlook, and you should now connect.

Stupid and crazy compared to every other version of Outlook\Entourage, but there you go, it worked for me

Once again, the internet proves that any computer problem you find yourself with, the internet has already had:

http://blogs.technet.com/jhoward/archive/2006/06/22/438094.aspx

Shadow Copy failures: Scheduled task fails with General page initialization failed, error 0×8007000d.

I’ve rippled through quite a few nagging problems since my server failure at home a few weeks ago. One of the more intriguing problem I only noticed a couple of days ago. One server had not been running scheduled Shadow Copies. When you schedule shadow copies in Windows Server 2003 R2, not suprizingly it sets up a normal Windows Scheduled Task with name ShadowCopyVolume{volume} as shown below.

But, as you can see, it’s never run and has status “Could not start”. If you double click the task, you get the error “General page initialization failed. The specific error is 0×8007000d: The data is invalid”. Once you dismiss the dialog, you see the normal task details, but cannot edit the user field (greyed out and blank). You could however create manual shadow copies, so that pretty much narrowed it down to a problem with the scheduled task rather than shadow copies itself.

Some searching on Technet and the MS Knowledgebase drew a blank (or at least nothing appearing to be directly relevant). There’s an article here which gives some information which is close but only allows you to setup the task again with a domain account. I didn’t want to do that as the Shadow Copy scheduled task is supposed to run under the NT AUTHORITY\SYSTEM account.

However, I bow to Anil’s greater knowledge from his blog entry here, specifically the update part at the end. Indeed, deleting C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\S-1-5-18\d42cc0c3858a58db2db37658219e6400_xxxx”, deleting the scheduled task, disabling shadow copies and setting it back up again with a schedule creates it correctly.

Thanks Anil!
Cheers,
John.

From Scott Lowe:

http://blog.scottlowe.org/2006/05/19/semi-automatic-account-maintenance/

Continuing in my “semi-automatic” theme, here’s some information on using command-line utilities to help automate account maintenance.  By combining dsquery and a third-party replacement for Dsmove (since Dsmove has some problems), we can streamline account maintenance policies for Active Directory.

First, the problem with Dsmove.  The Dsmove.exe utility is supposed to be able to take DNs on standard input (stdin) and move them (with or without a rename operation at the same time) to a new location in Active Directory.  Unfortunately, it doesn’t work; for some reason, Dsmove won’t accept the output of Dsquery, even though that output works with Dsmod and Dsrm.  I found numerous references to this same problem (here’s one) via a Google search, so I know I’m not alone.

Fortunately, there’s a free third-party replacement that steps up to the plate to fill in for dsmove, and it’s call AdMod.  AdMod does more than just move objects; it can also modify objects as well.  For our purposes, however, we’re just going to use it to move objects.

We’ll start out with the Dsquery command again, this time to find inactive accounts:

dsquery user -inactive 4

This will find all the user accounts have have been inactive (not logged into) for more than 4 weeks.  Pipe this into the Dsmod command to automatically disable them:

dsquery user -inactive 4 | dsmod user -disabled yes

This ensures that any account that has not been used in more than 4 weeks will be automatically disabled.  Now, we can bring in AdMod to help us keep those disabled accounts manageable:

dsquery user -disabled | admod -move “ou=Disabled
Accounts,dc=example,dc=net” -safety 100

This will automatically gather all the disabled accounts and move them into the Disabled Accounts OU automatically.  Note the “-safety 100” parameter; this means that if more than 100 objects will be affected, the command won’t proceed.  This can be replaced with the “-unsafe” parameter if this fail-safe isn’t necessary.

So, put this into a batch file, schedule it to run once a week, and it will take care of those inactive accounts that are no longer being used.  (This will make those security guys pretty happy.)

via
Brian Desmond’s Blog

Here’s a simple trick that I’ve used countless times for enabling remote desktop on an XP or 2003 machine remotely.
Just connect to the remote machine with regedit (or use reg.exe from the command line if you want), browse to HKLM\System\CurrentControlSet\Control\Terminal Server, and set or create fDenyTSConnections (a DWORD) to 0.

Must remember to check this out at some point in the future:

Microsoft TechNet: Scriptomatic Tool

In case you hadn’t noticed (Or like me aren’t using Vista and don’t really care yet) the windows 2k3 admin pack doesn’t work with Vista.  That’s because MS fails at registering DLL’s.

Thankfully, one poor soul at MS helpfully solved the issue, and MS has given us a fairly simple fix:

http://support.microsoft.com/default.aspx/kb/930056

Relevant portion below as MS likes to move their KB articles around over time:

To resolve this issue, register the Windows Server 2003 management tools on a domain user account. To do this, follow these steps:

1.	Log on to Windows Vista as a user who has local administrator permissions.
2.	Create the RegisterAdminPak.cmd script. To do this, follow these steps: a. Start Notepad, and then open a blank document. b. Paste the following code to the document in Notepad: @echo off REM RegisterAdminPak.cmd REM (c) 2006 Microsoft Corporation. All rights reserved. set filelist=adprop.dll azroles.dll azroleui.dll ccfg95.dll set filelist=%filelist% certadm.dll certmmc.dll certpdef.dll certtmpl.dll set filelist=%filelist% certxds.dll cladmwiz.dll clcfgsrv.dll clnetrex.dll set filelist=%filelist% cluadmex.dll cluadmmc.dll cmproxy.dll cmroute.dll set filelist=%filelist% cmutoa.dll cnet16.dll debugex.dll dfscore.dll set filelist=%filelist% dfsgui.dll dhcpsnap.dll dnsmgr.dll domadmin.dll set filelist=%filelist% dsadmin.dll dsuiwiz.dll imadmui.dll lrwizdll.dll set filelist=%filelist% mprsnap.dll msclus.dll mstsmhst.dll mstsmmc.dll set filelist=%filelist% nntpadm.dll nntpapi.dll nntpsnap.dll ntdsbsrv.dll set filelist=%filelist% ntfrsapi.dll rasuser.dll rigpsnap.dll rsadmin.dll set filelist=%filelist% rscommon.dll rsconn.dll rsengps.dll rsjob.dll set filelist=%filelist% rsservps.dll rsshell.dll rssubps.dll rtrfiltr.dll set filelist=%filelist% schmmgmt.dll tapisnap.dll tsuserex.dll vsstskex.dll set filelist=%filelist% w95inf16.dll w95inf32.dll winsevnt.dll winsmon.dll set filelist=%filelist% winsrpc.dll winssnap.dll ws03res.dll for %%i in (%filelist%) do ( echo Registering %%i ... regsvr32 /s %%i ) echo. Echo Command Completed c. On the File menu, click Save. d. In the Save as type box, click All Files, type C:\Users\UserAccountName\RegisterAdminPak.cmd in the File name box, and then click Save. Notes UserAccountName represents the folder name of the user who is currently logged in. You must run this script in Windows Vista only.
3.	Run RegisterAdminPak.cmd from an elevated command prompt. To do this, follow these steps: a. Click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for confirmation, type your password, or click Continue. b. At the command prompt, type the following command, and then press ENTER. Note If you are running a 64-bit version of Windows Vista, type cd %systemroot%\syswow64 before you run the following command. C:\Users\UserAccountName\RegisterAdminPak.cmd

As I’m working to consolidate the neat tips I find for a future wiki at work, here’s another neat one:

There is a feature in Windows XP and Vista that not many people know which can save you endless hours and it’s called pushd.

From the command-line if you type:

pushd \\someserver\someshare\somedirectory

Then Windows will automatically map a temporary drive to \\someserver\someshare, change to that drive, then change directory to somedirectory.

When you’re finished you can then type:

popd

Then Windows will change back to your original working directory and remove the mapped drive.

Here is an example:

C:\Temp\> pushd \\someserver\someshare\somedirectory
X:\somedirectory\> del somefile.txt
X:\somedirectory\> popd
C:\Temp\ >

Found at:

http://blog.bartholomew.id.au/2007/12/19/adhoc-mapping-of-network-drives

so I have had this stupid IBM x345 series on my desk for like, a year.  It started having all kinds of battery problems, so I swapped the BIOS battery, and it was STILL giving me battery problems, conflicting bios/firmware/device driver issues without even having an OS, and generally being a bitch.

I finally decided that this thing needed to be dealt with today, and that the fight would likely be EPIC.  So i pulled the card with the trouble battery, took some pictures and sent it around for lulz and to attempt to identify it.  I still don’t know what it does, but when I put it back in it worked, so wtf ever.

SO i tried to run ServeRAID, and it was giving me a fit about bios/firmware/drv not being the same version.  Since I already had the error, I went ahead downloaded the latest bios/firmware update for the card (7.12.something).  Then I finally found some boot floppys, and I went to boot from them and discovered the floppy is full of fail.  Wouldn’t read or boot from it at all.

SO with the magic of Nero, I made some cd’s and tricked the bitch into thinking they were floppy’s, and got it updated.  Then after much digging and pulling of hair, I found the drivers for windows setup to load, and it actually worked.

Now that it’s all installed, I’ve discovered that windows update is the slowest website ever created in the history of man.  I’ve almost completely installed Win2k3 on another server while this stupid thing scans for updates.

God I hate you microsoft.

Well, you’re not alone. Apparently the latest cumulative update from the 12th is causing ALOT of IE problems. Here at the office, we’ve had 2 sites affected so far, symptoms being IE 6 crashing on startup, or randomly crashing at various webpages.

http://support.microsoft.com/kb/942615

That’s the troublemaker right there. If you go to add/remove programs, and remove update KB942615, it appears that the problems go away. This update is installed as part of windows automatic updates.

Here’s hoping MS gets a fix out for this soon, as this is gonna be a real freakin’ headache.

EDIT: don’t forgot to head over to windows update, select “custom”, and make sure to select “do not show this update again” for KB942615, otherwise it’ll just get pushed to your machine again next time it queries for updates.