Windows Info

CA Root services cannot start after CA Root certificate expires

by on Dec.04, 2014, under Computer Stuff, Windows Info

Since by design, you cannot recover from a CA root certificate expiring, sometimes you need to limp along, and continue to issue certs even though you cannot necessarily revoke them, because the CRL published in Active Directory is now incorrect, or offline.
While we can argue all day about the benefits/detractors of this, here it is:
To bring the CA Root back online after the Root certificate expires, issue these commands in an elevated powershell:

certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Now, go back to the drawing board, and PLAN your PKI implementation, and DON’T LET YOUR CA ROOT CERTIFICATE EXPIRE!!!

Incidentally, once you’ve fixed your certificate snafu, to stop ignoring offline CRLs, do this in an elevated command prompt:

certutil –setreg ca\CRLFlags -CRLF_REVCHECK_IGNORE_OFFLINE
net stop certsvc && net start certsvc

Advertisement
Leave a Comment :, , , more...

Cannot print to an HP Laserjet 1020 using Terminal Services

by on Jul.22, 2014, under Networking, Windows Info

Terminal Services can only print to your LPT printers (with proper driver installed on the server). In order to print to network printer or USB printer,

1. Install the printer normally (connecting via TCP port or USB port) and make it a shared printer (ie. \\COMPUTERNAME\PRINTER)
2. Install ANOTHER instance of the printer, using the LPT1: (or LPT2:) port
3. Launch an administrative command prompt, and map the LPT port to the shared printer instance:

net use lpt1: \\COMPUTERNAME\PRINTER /persistent:yes

Now, you have an LPT: printer. If you set it as your default printer you can print locally, and Terminal services should now allow you to print from your TS session, as well.

Advertisement
Leave a Comment more...

Winmail.dat issues when using an SMTP Proxy

by on Mar.17, 2014, under Computer Stuff, Windows Info

I’ve run into this a couple times recently after clients have been migrated to Office 365. Office 365 by default sends messages in the Transport Neutral Encapsulation Format (TNEF) format. This is a rich text format and some email servers aren’t able to interpret it, and will therefore replace attachments with winmail.dat files (very common with clients on Macs). The fix is to use PowerShell to change disable TNEF. There is a TechNet article that shows you how to disable TNEF for when sending to specific domains or email addresses, but in my opinion that’s not acceptable for a client because they will need to contact us to have it changed every single time they encounter someone who cannot receive attachments from them. The fix is to connect to Office 365 via PowerShell and then do one of the following…

Option 1: Disable for Specific Domain (example uses wyldehare.com as the domain you are sending to)
1. New-RemoteDomain -DomainName wyldehare.com -Name WyldeHare
2. Set-RemoteDomain -Identity WyldeHare -TNEFEnabled $false
3. Get-RemoteDomain -Identity WyldeHare| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)

Option 2: Disable for Specific Email Address
1. No point in doing this since the email server is usually what causes this.

Option 3: Disable Globally (recommended)
1. Set-RemoteDomain Default -TNEFEnabled $false
2. Get-RemoteDomain -Identity Default| Select TNEFEnabled (This step just confirms that the change was accepted – should show you “false” for the output.)

The change does not take immediately. I have not seen it documented anywhere, but I do know it doesn’t take place immediately. I had a client test this right after I made the change and it didn’t work, so I had them try again in the morning and it worked. I would guess at somewhere between 15 minutes and a few hours.

We’ve also run into some issues recently where users have been receiving winmail.dat attachments.  This is usually caused in cases where the client has the SMTP proxy enabled on their WatchGuard.  By default, the SMTP proxy strips some of the headers out of the email that identify it as a Rich Text Formatted email. If the email client does not have the header information needed to interpret the winmail.dat attachment, the email client cannot display the proper formatting of the email, and incorrectly displays the attachment as a winmail.dat file.  To resolve, do the following…

  1. Start Policy Manager for your XTM device.
  2. Double-click the SMTP-Proxy used for inbound email.
    Or, right-click the SMTP-proxy and select Modify Policy.
    The New/Edit Policy dialog box appears with the Policy tab selected.
  3. Adjacent to the Proxy action drop-down list, click View/Edit Proxy.
    The SMTP Proxy Action Configuration dialog box appears.
  4. From the Categories tree, select Headers.
  5. In the Pattern text box, type each of these patterns and click Add to add them to the Rules list.
    • X-MS-Has-Attach:*
    • X-MS-TNEF-Correlator:*
    • X-MimeOLE:*
  6. From the If matched drop-down list, select Allow.
  7. From the Categories tree, select Content Types.
  8. In the Pattern text box, type application/ms-tnef and click Add.
    The pattern appears in the Rules list.
  9. From the If matched drop-down list, select Allow.
  10. From the Categories tree, select Filenames.
  11. In the Pattern text box, type winmail.dat and click Remove.
    The winmail.dat pattern is removed from the Rules list.
  12. From the None matched drop-down list, select Allow.

Now, having said that, we had a client *not* using the SMTP proxy have a similar issue.  This client has Securence for SPAM filtering and there is a feature you can enable within Securence that attempts to extract the contents of Winmail.dat when necessary.  To enable, go to Settings -> Filters -> Winmail.dat Extraction.

Advertisement
Leave a Comment more...

I passed 70-417 today!!

by on Jul.29, 2013, under Computer Stuff, Windows Info

Upgrading Your Skills to MCSA Windows Server 2012

Lots of Hyper-V, lots of DAC, and lots of powershell.
Learn it, know it, live it. ;)

Leave a Comment more...

CamStudio FTW!!

by on May.17, 2013, under Computer Stuff, Windows Info

I recently wanted to make a screen recording for a demo. I downloaded and installed CamStudio, and frankly, I’m *amazed* at how well it works.
You not only want this, you need it. Go download it now.
http://sourceforge.net/projects/camstudio/?source=dlp

Leave a Comment : more...

DMARC/DKIM is coming. You're all gonna have to learn about encryption.

by on Apr.15, 2012, under Computer Stuff, Linux, Mac OSX, Networking, OpenBSD, Windows Info

HAHAHAHAHAHAHA
Told ya.
Here it comes, check this out. If you work in the technology field, you need to read this:
http://dmarc.org/

Leave a Comment : more...

Come to Twin Cities TechPulse!

by on Mar.21, 2012, under Computer Stuff, Networking, Windows Info

Registration just opened for the annual Twin Cities TechPulse event www.tctechpulse.com. Please register as soon as possible as it will fill quickly and there are limited spots available. I know you would enjoy this free event and would come away with some great information. This year if you bring a guest(s) who has never been before, we will give you an extra raffle ticket for each attendee to win one of the great prizes we will be giving away (iPads, Xbox, Laptops, LCD TVs, etc.) Just remember to have them register as a guest of SCC (Brian Hershey).

The event is April 17th in St Paul. It’s an educational event with break-out sessions covering different technology & business subjects along with a great keynote speaker, free breakfast & lunch and over $25,000 in prize giveaways.

1 Comment : more...

Using msdeploy to move websites from IIS6 to IIS7

by on Feb.29, 2012, under Computer Stuff, Windows Info

I recently needed to migrate 7 different websites, with content, from IIS6 to IIS7.
Rather than copy everything by hand, and re-setup all the site bindings, and data sources, I decided to try using msdeploy, from http://www.iis.net

From the old server running IIS6, I ran this command first:
msdeploy -verb:getDependencies -source:webserver60
This displays all site dependencies for the IIS6 server. You need to make sure that all dependencies are installed on the new destination server. **

After insuring that all dependencies were installed, I issued this command from the new IIS7 server, to see what would happen without *actually* changing anything:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto <strong>-whatif</strong> > msdeploysync.log

Then, to actually fire the command, and migrate the websites, I ran this:
msdeploy -verb:sync -source:webserver60,computerName='MACHINENAME',authType='NTLM',userName='MACHINENAMEadministrator'
,password='password' -dest:auto > msdeploysync.log

YMMV, I’ll try to help if you get stuck. Let me know how it goes.

** Also, here’s the link I used to install ASP.Net 1.1 on Windows Server 2008. Thanks, Bill. You rock.
http://blogs.iis.net/bills/archive/2008/06/02/installing-asp-net-1-1-with-iis7-on-vista-and-windows-2008.aspx

2 Comments :, more...

Migrating Windows 2003 DHCP database to Windows 2008 DHCP server

by on Aug.11, 2011, under Computer Stuff, Windows Info

Export the DHCP database from Windows 2003:
1. On the Windows 2003 DHCP server, navigate to a command prompt
2. Type the following Command: netsh
3. Type the following Command: DHCP
4. Type the following Command: server <\Name or IP Address>
5. Type the following Command: export c:\dhcpexportfile all

Note You must have local administrator permissions to export the data.

Import the DHCP database to the Windows 2008 DHCP server:
1. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
2. Install the DHCP Role on the server.
3. Stop the DHCP server service on the server. To do this, follow these steps:
a. Log on to the target DHCP server using an account that is a local Administrator.
b. Click Start, click Run, type cmd in the Open box, and then click OK.
c. At the command prompt, type net stop DHCPserver, and then press ENTER.
d. Type exit, and then press ENTER.

4. Delete the DHCP.mdb file from c:windowssystem32DHCP folder.
5. Start the DHCP server service.
6. Right-click on the Command Prompt (cmd) and select “run as administrator”.

Note You must have local administrator permissions to import the data.
7. Type the following Command: netsh
8. Type the following Command: DHCP
9. Type the following Command: server <\Name or IP Address>
10. Type the following Command: import c:\dhcpexportfile
11. Restart DHCP and verify the database has moved over properly.

Leave a Comment :, more...

Replacing Exchange 2003 OWA Virtual Directories

by on Aug.08, 2011, under Computer Stuff, Windows Info

Back up your IIS Metabase.
To do this, follow these steps:
Start IIS Manager.
Right-click Default Web Site, point to All Tasks, and then click Save Configuration to a File.

Delete the virtual directories for Outlook Web Access.
To do this, right-click Exadmin in the left pane of IIS Manager, and then click Delete. Click Yes when you are prompted with the question of whether you want to delete this item.

Repeat this step for the following virtual directories:
Exchange
ExchWeb
Microsoft-Server-ActiveSync
OMA
Public
Quit IIS Manager.
Click Start, click Run, type cmd, and then press ENTER.

Change to the following folder. In this example, Drive is the hard disk drive where Windows is installed:
Drive:inetpubadminscripts
Type adsutil, and then press ENTER.

Important By default, CScript is not the default scripting host for Windows Server 2003. To run the adsutil command, CScript must be configured as the default scripting host. To do this, click Yes if you are prompted to register CScript as you default host for VBscript, and then click OK.

Note: If you receive a list of adsutil command options, CScript is already configured as the default scripting host for VBscript.

Type adsutil delete ds2mb, and then press ENTER.

Note: To set the default scripting host to WScript, type WScript //H:WScript at the command prompt, press ENTER, and then click OK.

Click Start, point to All Programs, point to Administrative Tools, and then click Services.
To restart the Microsoft Exchange System Attendant service, follow these steps:
Click Start, click Run, type services.msc, and then click OK.
Right-click Microsoft Exchange System Attendant, and then click Restart.
When you are prompted to restart the dependant Exchange Server services, click Yes.

Note: When you restart the Microsoft Exchange System Attendant service, the Microsoft Exchange Information Store service is also restarted. In this scenario, your Exchange Server users lose connectivity to their Exchange Server mailboxes.

The virtual directories are re-created. To verify that the virtual directories are re-created, start IIS Manager, and then view the Default Web site folder.

Important If the virtual directories are not re-created after 15 minutes, restart the computer.
Reset the access permissions to Anonymous. To do this, follow these steps:
Start IIS Manager, right-click ExchWeb, click Properties, and then click the Directory Security tab.
Under Authentication and access control click Edit, and then verify that the Enable anonymous access check box is turned on.
Click to select the Integrated Windows authentication check box, click OK, and then click Apply.
If an Inheritance Overrides dialog box appears, click Select All, and then click OK.
Under Authentication and access control, click Edit, and then click to clear the Integrated Windows authentication check box.
Click OK two times, and then quit IIS Manager.

Use a Web browser to verify that you can connect to your Outlook Web Access server. If you are also running other mobility services, verify that you can connect to these services by using an appropriate client.

Leave a Comment : more...


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

CryptedNets is proudly powered by

Entries (RSS) and Comments (RSS)
- Login

Visit our friends!

A few highly recommended friends...