Windows Update Fails

KB ID 0000359

Problem

There are a LOT of different reasons for Windows Updates to fail, I can’t cover every eventuality, but there a a few common steps to try.

Solution

1. As soon as the updates fail you should get an Error Message, that should point you in the right direction.


Update Error Code 80200011

2. If you error code matches one of these…

Code Error Description
0x80070002
ERROR_FILE_NOT_FOUND
The system cannot find the file specified.
0x8007000D
ERROR_INVALID_DATA
The data is invalid.
0x800F081F
CBS_E_SOURCE_MISSING
The source for the package or file not found.
0x80073712
ERROR_SXS_COMPONENT_STORE_CORRUPT
The component store is in an inconsistent state.
0x800736CC
ERROR_SXS_FILE_HASH_MISMATCH
A component’s file does not match the verification information present in the component manifest.
0x800705B9
ERROR_XML_PARSE_ERROR
Unable to parse the requested XML data.
0x80070246
ERROR_ILLEGAL_CHARACTER
An invalid character was encountered.
0x8007370D
ERROR_SXS_IDENTITY_PARSE_ERROR
An identity string is malformed.
0x8007370B
ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_NAME
The name of an attribute in an identity is not within the valid range.
0x8007370A
ERROR_SXS_INVALID_IDENTITY_ATTRIBUTE_VALUE
The value of an attribute in an identity is not within the valid range.
0x80070057
ERROR_INVALID_PARAMETER
The parameter is incorrect.
0x800B0100
TRUST_E_NOSIGNATURE
No signature was present in the subject.
0x80092003
CRYPT_E_FILE_ERROR
An error occurred while Windows Update reads or writes to a file.
0x800B0101
CERT_E_EXPIRED
A required certificate is not within its validity period when verifying against the current system clock or the time stamp in the signed file.
0x8007371B
ERROR_SXS_TRANSACTION_CLOSURE_INCOMPLETE
One or more required members of the transaction are not present.
0x80070490
ERROR_NOT_FOUND
Windows could not search for new updates.

Then run the System Update Readiness Tool and then retry Windows Update.

Operating system Download
All supported x86-based versions of Windows Vista Download
All supported x64-based versions of Windows Vista Download
All supported x86-based versions of Windows Server 2008 Download
All supported x64-based versions of Windows Server 2008 Download
All supported IA-64-based versions of Windows Server 2008 Download
All supported x86-based versions of Windows 7 Download
All supported x64-based versions of Windows 7 Download
All supported x64-based versions of Windows Server 2008 R2 Download
All supported IA-64-based versions of Windows Server 2008 R2 Download

3. Otherwise Start > Run (or for Vista/Windows 7 or 2008 Type in the search box) > services msc {enter}.

4. First make sure the following three services are present and have started,

Windows Update
Background Intelligent Transfer Service
Cryptographic Services

If any are not running right click > Start. If they are all present and running then > Locate the “Windows Update” service> Right click it > Stop.

5. Open Windows Explorer and navigate to C:Windows > Locate the SoftwareDistribution folder> Rename it to UpdateOLD.

6. Go back to the service “Windows Update” service you stopped in step 4 and restart it > Then retry Windows Update.

7. If your still not working, then manually reset the Windows Update components using the BITS repair tool, or doing it manually, for instructions CLCK HERE.

8. You can also try using the Fix WU Utility (Written by Ramesh Kumar from TheWindowsClub ).

Note: If all else fails try using the Firegen Windows update Log Analyzer.

 

Related Articles, References, Credits, or External Links

NA

Event ID 1026

KB ID 0000134 

Problem

Event ID 1026

The DNS server was unable to create a name in memory for name “<host name>” in zone “<zone name>” in the Active Directory. This directory name is ignored. Use the DNS console to recreate the records associated with this name or check that the Active Directory is functioning properly and reload the zone. The event data contains the error. 

DNS cant be updated with the name of something thats trying to add itself to DNS.

Solution

  1. This is due to DNS nodes that have characters in them windows does not like (e.g. ! ‘ etc) you can delete them in the following way
  2. Start > run > dsa.msc
  3. View > Advanced Features
  4. Domain name > System > Microsoft DNS
  5. Note any records for reverse DNS zones that longer exist should be removed from here at this point
  6. Then locate then offending entries (they will have a type of ‘dnsnode’) and delete them.

However if you have machines on the network that are going to “re-register” themselves (e.g Apple Mac’s Firewalls and routers – then the problem will reoccur)

If the problem does reoccurs then you need to go to the DNS server and ALLOW names it does not allow by default (note this is not recommended by Microsoft) If you want to do this.

 

      • On the DNS server Start > Administrative tools > DNS
      • Right click the server name > properties > Advanced
      • Change the Name Checking section to “All Names”
      • Restart the DNS Server service (or right click the Server name > All tasks > Restart

 

Related Articles, References, Credits, or External Links

NA

Event ID 4004 and 4015

KB ID 0000133 

Problem

Event 4004 and 4015

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is “”. The event data contains the error.

and

The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is “”. The event data contains the error.

If the 4004 and 4015 events only appear at start up, you get these events because your zones are stored in AD and you only have one Domain Controller. AD cannot start with DNS, and when DNS starts, because AD has not started, DNS cannot load the zones in AD. The error goes away if you have two or more DCs with DNS installed, or if you use standard primary zones.

Solution

Add a second domain controller or Ignore the error.

Related Articles, References, Credits, or External Links

NA

Deploying VMware View 5 – Part 2: Configure Windows 7 to be a VMware View Desktop

KB ID 0000596

Problem

Note: This is an old post for VMware view version 5, you might want to read Deploying VMware Horizon View instead.

In Part 1 we looked at setting up your connection server. To actually deliver a virtual desktop you need to a) have a desktop built, and b) have the VMware View ‘agent’ installed on it.

In addition there are various changes you need to make, both to streamline the virtual machine, and make it more efficient for VMware View.

Note: If you are doing manual assignment of desktops to users, then this is not as important, but if you are going to deploy linked clone desktops this is VERY important. Either way its still good practice to ‘prep’ desktops first.

Solution

1. Build the desktop you intend to deliver via View (In this example I’m using Windows 7 Pro x32 bit).

Licencing Note: For manual desktop assignments you can use MAK license keys, but for larger deployments using VMware composer and linked clones, use Microsoft’s KMS server to service your licensing needs.

Using KMS Server for Windows Server 2008 R2, Windows 7, and Office 2010

2. Run a full Windows update, allow the machine to reboot, then keep running Windows update until it says that it is up to date.

3. Then install the VMware tools.

4. Install any software and applications you require.

5. Download these scripts to auto configure your clients.

Note: There are two scripts, one called PrepClient.bat and the other called PrepClientPM.bat (Only use the latter if you are going to deploy persona management). I originally got these scripts from VMware, and have made a subtle change to them, they are 99% NOT my work!

Make sure you execute the scripts from a command window “As Administrator”, (right click the cmd shortcut while holding down Shift). You will need to do this even if you are logged in as the administrator.

What this script is doing?

a. Sets screen saver to “Blank Screen”, enable after one minute, and password protects it. b. Empties the internet cache. c. Turns off RSS Feeds in Internet Explorer. d. Disables Microsoft Action center. e. Stops the “Welcome to Internet Explorer” Dialogue for new users. f. Disables “Superfetch”. g. Disables Windows update (Note: If you are not using linked clones you might want to remove this line);

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsWindowsUpdateAU” /v NoAutoUpdate /t REG_DWORD /d 0x1 /f[/box]

h. Disables System Restore, and removes access to the restore options. i. Sets the application log size to 10MB and allows it to overwrite events as needed. j. Sets the system log size to 10MB and allows it to overwrite events as needed. k. Sets the security log size to 10MB and allows it to overwrite events as needed. l. Disables the Network Location Wizard. m. Disables Crash Dump Logging. n. Deleted files are instantly deleted, they do not go to the recycle bin (Stops the recycler file filling up with junk), to stop this remove this line.

[box]reg ADD “HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionpoliciesExplorer” /v NoRecycleFiles /t REG_DWORD /d 0x1 /f[/box]

o. Enables Remote Desktop (RDP Connections) from all clients (the less secure option) p. Disables Windows User Access control. q. Disables Windows SideShow. r. Disables the following services.

Bitlocker Drive Encryption Service ‘BDESVC’ Block Level Backup Engine Service ‘wbengine’ Diagnostic Policy Service ‘DPS’ Desktop Window Manager Session Manager Service ‘UxSms’ Disk Defragmenter Service ‘Defragsvc’ Home Group Listener Service ‘HomeGroupListener’ Home Group Service ‘HomeGroupProvider’ IP Helper Service ‘iphlpsvc’ Microsoft iSCSI Initiator Service ‘MSiSCSI’ Microsoft Software Shadow Copy Provider ‘swprv’ Client side Caching Service ‘CscService’ Secure Socket Tunnelling Protocol Service ‘SstpSvc’ Windows Security Center Service ‘wscsvc’ Simple Service Discovery Protocol Service ‘SSDPSRV’ ReadyBoost Service ‘SysMain’ Tablet Input Service ‘TabletInputService’ Themes Service ‘Themes’ Universal Plug and Play Service ‘upnphost’ Volume Snapshot Service ‘VSS’ (Note: NOT Disabled if using the Persona Management Batch File) Windows Backup Service ‘SDRSVC’ Windows Defender Service ‘WinDefend’ Windows Error Reporting Service ‘WerSvc’ Windows Firewall Service ‘MpsSvc’ Windows Media Center Receiver Service ‘ehRecvr’ Windows Media Center Scheduler Service ‘ehSched’ Windows Search Service ‘WSearch’ Windows Update Service wuauserv’ Wireless LAN Service ‘Wlansvc’ Wireless Auto config Service ‘WwanSvc’

s. Sets Windows to show “Blank Screen” when booting instead of the Windows animation. “bcdedit /set BOOTUX disabled”. t Remove all Shadow Copies, “vssadmin delete shadows /All /Quiet” (Note: NOTDisabled if using the Persona Management batch file). u. Disables Hibernation “powercfg -H OFF”. v. Disables the “Last accessed” timestamp for windows files “fsutil behavior set DisableLastAccess 1”. w. Stops scheduled Windows Defragmentation (Note: In Linked clone environments this would expand all the delta disks and is a common ‘gotcha’). x. Stops the registry backup which happens every 10 days. y. Stops the scheduled Windows Defender tasks. z. Stops the Windows System Assessment Tools (this gives your PC its ‘performance rating’ from 1 to 5).

Another Option to Prepare Windows 7 for View

You can also (If you prefer a graphical tool) use Desktop Optimizer from Quest. (Note: Also needs to be ran as administrator or you will get runtime errors!)

6. Then Install the VMware View Agent.

7. Then make sure any floppy drives, and CD/DVD drives are also disconnected.

8. If the virtual machine is going to be in a manual pool leave it powered on. If it’s going to be part of an automated pool, you can snapshot it.

Related Articles, References, Credits, or External Links

Deploying VMware View 5 – Part 1: Configure Active Directory and Deploy VMware Connection Server

Deploying VMware View 5 – Part 3: Creating a ‘Manual Pool’ and Connecting a View Client

 

Backup Exec Job Failed Error ‘A device attached to the system is not functioning’

KB ID 0000871 

Problem

I Replaced a tape drive for a customer a couple of weeks ago. With the new one fitted I backed up a few files and restored them to make sure the new drive was OK, and checked the backups the following morning. They had failed with the following on the job log. (Click for larger image).

Job ended: xxxxxxxxxxxxxxxx
Completed status: Failed
Final error: 0xe00084f4 - An unknown error has occurred.
Final error category: System Errors
For additional information regarding this error refer to link V-79-57344-34036
Backup- C:Storage device "HP 0003" reported an error on a request to write data to media.
Error reported:
A device attached to the system is not functioning.
V-79-57344-34036 - An unknown error has occurred.
Backup
A selection on device DC3SQL2008 was skipped because of previous errors with the job.
A selection on device Shadow?Copy?Components was skipped because of previous errors 
with the job.
A selection on device System?State was skipped because of previous errors with the job.

 

At first it appears that the replacement drive is causing problems so I had a look in the servers event log and found the following;

Event ID 34113

Log Name: Application
Source: Backup Exec
Date: xxxxxxxxxxxxxxxxxx
Event ID: 34113
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxx
Description:
Backup Exec Alert: Job Failed
(Server: "DC3") (Job: "DC3- Daily") DC3- Daily -- The job failed with the following error: 
An unknown error has occurred.

Event ID 57665

Log Name: Application
Source: Backup Exec
Date: xxxxxxxxxxxxxxxxx
Event ID: 57665
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxxxxxxx
Description:
Storage device "HP 0003" reported an error on a request to write data to media.

Error reported:
A device attached to the system is not functioning.

Event ID 10

Log Name: Application
Source: Microsoft-Windows-WMI
Date: xxxxxxxxxxxxxxx
Event ID: 10
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxxxxxxxxxxx
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE 
TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" 
could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. 
Events cannot be delivered through this filter until the problem is corrected.

Solution

It’s been such a long time since I’ve seen this happen that I struggled with it for a while. The reason I was seeing these errors was, this was an HP Server and Tape Drive. When you install all the HP Insight monitoring agents and software, it can cause this problem with Backup Exec.

1. Start > Run Services.msc {enter}

2. Locate and disable the services shown below.

3. Retry your backup job.

Related Articles, References, Credits, or External Links

NA

Windows Server 2012 – Deploying SSTP VPNs

KB ID 0000819

Problem

SSTP gives you the ability to connect to your corporate network from any location that has an internet connection, and is not filtering https. This port is usually open for normal secure web traffic. Traditional VPN connections require ports and protocols to be open for them to work, which makes a solution that runs over TCP port 443 attractive.

Thoughts: While I can see why this is a good idea, Microsoft has basically changed some existing protocols so they work on a port that wont be blocked by most firewalls. This is not a new approach, (Microsoft did it before with RPC over HTTP). I can’t help feeling that the more traffic we push over ports 80 and 443, sooner or later security/firewall vendors are going to statefully inspect/block traffic that isn’t supposed to be on that port. (If you think ‘that would never happen!’ Try running an Exchange Server through a Cisco firewall with SMTP inspection turned on). Anyway, it’s there, I’ve been asked to do a walkthrough, so read on,

Solution

I’ve got a Windows 2012 Server already setup, it’s a domain controller, and is running DNS. You don’t have to have the same server running SSTP/RRAS but in this lab environment that’s what I’m doing. In addition my remote VPN clients will get an IP address from my normal corporate LAN.

1. On the server I have two network cards installed, the first (NIC1) is the normal network connection for the server, the second (NIC2) will be the one that the remote clients get connected to (once they have authenticated to NIC1).

2. Make sure the Internet facing NIC has good comms, and works OK.

3. NIC2 as you can see, does not even need a default gateway.

Windows Server 2012 Add Certificate Services

I’m going to use a ‘self signed’ certificate, if you have purchased one, then skip this section.

4. From Server Manager (ServerManager.exe) > Add Roles and Features > Next > Next > Next > Select > Active Directory Certificate Services.

5. Add Features > Next > Next > Next > Tick ‘Certificate Authority Web Enrolment’.

6. Add Features > Next > Next > Next > Install > Close > From the warning (top right) > Configure Active Directory Certificate Services on this server.

7. Next.

8. Select both Certificate Authority and Certificate Authority Web Enrolment > Next.

9. Next > Next > Next > Next > Next > Next > Next > Configure > Close > Close Server Manager.

10. Open a Microsoft Management Console.

11. File > Add Remove Snap-in > Certificate Authority > Add > Local computer > Finish > OK.

12. Drill down to Certificate Templates > Manage.

13. From the list that appears locate IPsec > Right Click > Duplicate Template.</p:

14. General tab > Change the name to SSTP-VPN.

15. Request Handling tab > Tick ‘Allow private key to be exported’.

16. Subject Name tab > Tick ‘Supply the request’ > Click OK when prompted.

17. Extensions Tab > Select the Application Policies entry > Edit.

18. Add > Locate the ‘Server Authentication’ policy > OK > OK > Apply > OK > Close the Certificate Template console.

19. From the Certificate templates Folder > New > Certificate Template Issue.

20. Locate the SSTP-VPN entry > OK > Close the MMC.

SSTP Firewall Setup

In this example my server is behind a corporate firewall. If yours is internet facing then you may simply want to add an exception/rules for allowing https/TCP443. My server will ultimately have a public IP address that resolves to its public name (vpn.pnl.com) so I just need to allow the ports in. If your server does not have its own public IP address, then you may need to setup port forwarding instead. You will see later I’m also going to use TCP 80 (normal HTTP) to access my certificate services remotely, so I’ve got that open as well. You may want to access certificate services via HTTPS instead in a corporate environment.

21. On this server I’m simply going to disable the firewall > Start > Run > firewall.cpl {enter} > Turn Windows Firewall on or off > Set as appropriate.

Grant users SSTP VPN/Dial-in rights.

22. Make sure that any user who wants to access the SSTP VPN has had their Dial-in set to ‘allow access’.

Windows 2012 Server Install and Configure RRAS for SSTP

23. From Server Manager (ServerManager.exe) > Add Roles and Features > Next > Next > Next > Select > Network Policy and Access Services.

24. Add Features > Next > Next> Next > Next > Install > Close.

25. Back at Server Manager (ServerManager.exe) > Add Roles and Features > Next > Next > Next > Select ‘Remote Access’.

26. Add Features > Next > Next > Next > Tick ‘Routing’ > Next > Install.

27. Close.

Note: At this point you may see the warning that there are additional steps to take, (to configure routing an remote access), if so you can launch and then close this wizard because we will do it manually.

28. Close Server Manager > Open a new MMC > File > Add/Remove Snap-in > Certificates > Add > Computer account > Finish > OK.

29. Expand Personal > Certificates > All Tasks > Request New Certificate.

30. Locate the SSTP-VPN entry > Click the ‘More information required..’ link.

31. Change the Type to common name > Enter the public name of the SSTP VPN server > Add > OK.

Note: This will be the common name on the certificate, i.e. vpn.pnl.com, which will need a public A/Host record creating for it in your public DNS, (speak to your ISP or DNS hosting company). That way when your remote clients go to https://vpn.pnl.com they wont get an error, (providing you imported the root cert correctly on THAT machine).

32. Tick the certificate > Enrol.

33. Finish > Close the MMC.

34. Windows Key+R > rrasmgmt.msc > OK.

35. Right click the server > Configure and Enable Routing and Remote Access.

36. At the Wizard > Next > Next > Tick VPN > Next.

37. Select NIC1, In this case I’m unticking the ‘Enable security’ option, (or is disables RDP and locks the NIC down) > Next.

38. I’m going to use this server so select the bottom option > Next.

39. New > Create a range of IP addresses. (Note: You may need to exclude these from your existing DHCP scope) > OK > Next.

40. Next.

41. Finish > OK > OK > At this point you will see the services restarting.

42. Right click the server > Properties.

43. Security tab > Change the certificate to the one we created > Apply > Yes > OK > Close the console.

Windows Server 2012 – Connect to SSTP from a Remote Client

At this point I have the correct ports open on the firewall, and I’m on a Windows 7 client outside the corporate network.

44. Because we are using a self signed certificate, we need to get the client to trust it. We can give the user the root certificate, or they can connect and download it, here I’m connecting to the Certificate Services web portal. Note: Remember that’s on the same server.

45. Supply your domain credentials > OK > Download a CA Certificate > Download CA Certificate > Save As.

46. Put the certificate somewhere, and call it something sensible.

47. Now launch an MMC on the client machine, and add the certificate snap-in (for ‘computer account’).

48. Drill down to Trusted Root Certification authorities > Certificates > All Tasks > Import > Navigate to, and select the certificate you just downloaded.

Note: If you double click the cert and import it manually, then it gets put into the user account NOT the computer account, and this will cause you problems. (Error 0x800b0109).

Registry Key Required for SSTP Access

The title is not really true, but as we are using a self signed certificate the client cannot check the CRL for the CA. Even with some purchased certificates you may need to to do this.

49. Open the registry editor and navigate to:

[box]
HKLM > SYSTEM > Current > CurrentControlSet > services > SstpSvc > Parameters
[/box]

50. Create a new 32 bit DWORD called NoCertRevocationCheck and set its value to 1 (one).

Setup a SSTP VPN Connection

51. Open the Network and sharing Center.

52. Setup a new connection or network.

53. Connect to a workplace.

54. Use my Internet Connection.

55. Supply the Internet Address (that matches the common name you used above) > Next.

56. Supply your domain credentials > Connect.

57. Connected successfully.

Note: If it fails at this point, it usually gives you an error code you can Google, or it gives you the option of logging for you to troubleshoot.

58. Just to prove I’m connected, this client can ping the SSTP servers private address.

 

Related Articles, References, Credits, or External Links

NA

SBS Exchange Certificate Expired

KB ID 0000535

Problem

When you setup SBS2008 (and Exchange 2007) it creates and uses a self signed certificate, which is fine. But by default it only lasts two years. The best option is to buy a proper certificate, but if you simply want to generate a new one here’s how to do it.

Solution

1. Here you can see your certificate has expired.

2. Normally you need to access your certificate services web enrolment console to carry this procedure out. But when you navigate to https://localhost/certsrv you will probably see this:

Server Error in Application “SBS WEB APPLICATIONS”

Note: If web enrolment is installed, and you still cant access certificate services (CertSrv) then click here

3. You are seeing this error because certificate services might be installed, but the “Certificate Authority Web Enrolment” role service is not, you can add it from server manager.

4. Select it and follow the on screen prompts > Go and have a coffee.

5. Now you should be able to access the web front end.

6. To get a certificate we need a certificate request, you can write the powershell yourself like so:

[box] New-ExchangeCertificate -GenerateRequest -Path c:mail_yourpublicdomianname_co.csr -KeySize 2048 -SubjectName “c=gb, s=Your State COunty, l=Your City, o=Your Org, ou=Your Department, cn=mail.yourpublicdomianname.com” -PrivateKeyExportable $True [/box]

OR simply go here and let the good folk at Digicert do the heavy lifting for you.

7. Now you have the code, generate the request, on the Exchange server >  Start > All Programs > Microsoft Exchange Server 2007 > Exchange Management Shell > Execute the command you copied above.

8. This will dump the request on the C: drive (because in your command above you set the path to C:mail_yourpublicdomianname_co.csr) Locate it and open it with Notepad. Then select and copy ALL the text (copy as shown no extra spaces etc.)

9. If you have closed it down log into certificate services web access. Select “Request Certificate” > We will be submitting an advanced certificate request.

10. “Submit a certificate request by using………..”.

11. Paste in the text you copied at step 8, change the certificate template to “Web Server” > Submit.

12. Download the certificate.

13. Save it somewhere you can find it (the root of the C: drive is easiest, as you are going to be referencing it in a command shortly).

14. Job done, close the browser window.

15. Back at the Exchange Management Shell issue the following command:

[box] Import-ExchangeCertificate -Path c:the-name-of-your-cert.cer [/box]

As it imports it shows you the thumbprint of the certificate, mark this and copy it to the clipboard.

16. Now you have the certificate imported you can enable it, issue the following command:

[box] Enable-ExchangeCertificate -Services “SMTP,POP,IMAP,IIS” [/box]

It will ask you for the thumbprint > paste it in > when prompted enter “A” to confirm all.

17. That’s the job finished.

SBS2008 Unable to access Certificate Services

I’ve seen this on a few SBS2008 Servers, when you install the web enrolment service it installs into the servers “Default Web Site”, For any other Windows/Exchange combo that’s fine but SBS likes to do things its own way. It creates another web site called “SBS Web Applications” and uses that. That’s fine, but only one can be up and running at a time.

CertSrv The Webpage cannot be found

1. Warning: You are about to stop things like OWA briefly. From Administrative tools launch the Internet Information Services (IIS) Manager > Locate the SBS Web Applications site and click stop (right hand column) > then select the Default Web site and start it.

2. Select the CertSrv virtual directory.

3. You can now browse via http/https and this will open the site in your default browser. Don’t forget to stop the Default website, and restart the SBS Web Applications site when you are finished.

 

Related Articles, References, Credits, or External Links

NA

Exchange – Slow Shutdown and Reboot on a Domain Controller

 

KB ID 0000565 

Problem

To be fair Microsoft recommend that you DO NOT install Exchange on a domain controller. Not only does it cause quite a performance hit on the server, but because of the way services are stopped on the server at shutdown time, the Exchange services take AGES to stop (In fact they end up timing out).

Quite how this explains SBS (Which is a domain controller with Exchange on it) I’m not really sure, perhaps because it’s limited to 75 users Microsoft think that’s OK? But you will still come across Exchange on Domain controllers. I’ve even seen people promote Exchange servers to be domain controllers to fix replication problems. Also If you are in a test environment having one server is more sensible than two (All my test Exchange boxes are domain controllers to save space).

Solution

You can of course manually stop all the Exchange services every time you want to reboot or shutdown. That’s fine in principle but every time you forget you will have annoyed users asking how long it’s going to be down for.

To save that happening I’ve got a script that puts a shutdown shortcut on your desktop (or in the Quick Launch bar if your running on Windows Server 2003). There’s a different one for each version of Exchange, 2010, 2007, and 2003.

Exchange 2010 Slow Shutdown and Reboot on Domain controller.

1. Download this zip file > Extract it > Run the Install.bat file.

2. Then use the shortcut, that’s created to shutdown or reboot the server.

Exchange 2007 Slow Shutdown and Reboot on Domain controller.

1. Download this zip file > Extract it > Run the Install.bat file.

2. Then use the shortcut, that’s created to shutdown or reboot the server.

Exchange 2003 Slow Shutdown and Reboot on Domain controller.

1. Download this zip file > Extract it > Run the Install.bat file.

2. Then use the shortcut, that’s created to shutdown or reboot the server.

Related Articles, References, Credits, or External Links

NA

HP MSM765zl and 775zl – Initial Setup and Routing

KB ID 0000917 

Problem

The MSM 765zl and 775zl, unlike the rest of the HP MSM controller series, do not have any physical Ethernet ports on them.

So before you can get to its web management interface, you need to be able to give it an IP address, and then the controller needs to be able to find a route back to where you are, assuming you are not on a flat unrouted/single VLAN. Obviously if you are directly connected to the same network segment then you can set the devices ‘default route’ from the web management console.

Solution

1. Connect to the chassis that the controller is in, either via telnet or console cable. As I outlined in an earlier article you need to find the controllers slot letter and index number with a services command. (If you are sat in front of the switch the slot letter should already be known!)

2. Now, connect to the MSM directly and give the controller its LAN and WAN IP addresses.

Note: HP call them LAN and WAN interfaces, (I know it’s confusing), the WAN interface does not have to connect to the WAN it only points in that direction. I’m assuming it’s a throw back from when these devices were developed by Colubris.

[box] CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# interface ip wan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 192.168.1.1/24
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
CORE-SW(msm765-aplication-F)(config)# interface ip lan
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address 10.254.0.100/16
CORE-SW(msm765-aplication-F)(config-if-ip)# ip address mode static
CORE-SW(msm765-aplication-F)(config-if-ip)# end
[/box]

3. Now if you are on the same network (or VLAN) as the controller, you should be able to connect to the web management console. If not you will need to do two further steps

a) Connect the TWO virtual ports of the MSM to the correct VLANs on the switch.

b) Add a route back to the network you are on, either by setting a default route (if there is only one) or a static route.

Connect The Two MSM Virtual Ports

At this point the MSM blade can be treated like any other blade with Ethernet ports on it. Above we found out the blade was in slot F, so the ports with show up on the chassis switch as F1 and F2.

Port number 1: Is the WAN/Internet port
Port number 2: Is the LAN port

At the very least the WAN port should be in a different VLAN like so;

[box]

CORE-SW> enable
Password xxxxxxxx
CORE-SW# configure terminal
CORE-SW(config)# vlan 210 name WifiLink
CORE-SW(config)# vlan 210
CORE-SW(vlan-210)# untagged F1
CORE-SW(vlan-210)# exit
CORE-SW(config)#

If all your LAN traffic is on VLAN 1 (which is the default), then the MSM LAN port will already be untagged in VLAN 1. If not you will also need to present the MSM LAN port to the LAN VLAN.

CORE-SW# configure terminal
CORE-SW(config)# vlan 10 name LANTraffic
CORE-SW(config)# vlan 10
CORE-SW(vlan-10)# untagged F2
CORE-SW(vlan-10)# exit
CORE-SW(config)#

[/box]

Adding Default and Static Routes to the MSM controller.

The controller needs a default route, or it will not be able to send traffic out of the local LAN. In a simple flat network that should be all that you need. But if you have multiple network segments (or VLANs), then it will also need a static route adding for each of these. This is important for both access to the web management console, and because your wireless access points need to be able to speak to the controller! If your wireless access points are on a different network you may need to follow the article below to let them know where the controller is.

Register HP Wireless Access Points With an HP MSM Controller on a Different Subnet

[box]

CORE-SW# services F 2
CORE-SW(msm765-aplication-F)> enable
CORE-SW(msm765-aplication-F)# config
CORE-SW(msm765-aplication-F)(config)# ip route gateway 0.0.0.0/0 192.168.1.254 1

If you need to add additional routes the syntax is the same as above.

CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.100.0.0/16 10.254.0.254 1
CORE-SW(msm765-aplication-F)(config)# ip route gateway 10.200.0.0/16 10.254.0.254 1

[/box]

Now you should be able to connect to the web management console and configure your wireless networks, this process is identical to configuring the physical controllers, like the MSM 720 see the link below.

Manually Configuring HP Wireless (MSM 720 controller) for Public and Private Wireless Networks

Related Articles, References, Credits, or External Links

NA