Event ID 1525

KB ID 0000270 

Problem

Windows has detected that Offline Caching is enabled on the Roaming Profile share – to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.

Pretty self explanatory – Offline caching is turned enabled on Windows shares by default, for shares that have profiles in them this needs disabling.

Solution

1. The error will tell you the username in question “It’s been blurred out above”. Go to a domain controller and click start > run > dsa.msc > locate that user > Properties.

2. The users profile can be in TWO places Either on the “Profile” tab, or the “Terminal Services Profile” tab. See which server it is on and go to that server.

3. If you are having trouble finding the share on the server click Start > Run > fsmgmt.msc {enter} > this will tell you where the folder is.

4. Locate the folder in question > Right click > Properties > Sharing > Caching tab.

5. Select “Files or programs from the share will not be available offline” > OK > Apply.

Related Articles, References, Credits, or External Links

NA

Sharing Files from Ubuntu to Windows

KB ID 0000412

Problem

If you have only a few files to share, you might want to consider using Dropbox, however if you want to share your files over the network then you need to install samba and configure it.

Solution

 

Related Articles, References, Credits, or External Links

Special Thanks to Morbuis1 Over at the Ubuntu Forms for the help.

Samba Install Error

 

Playstation 3 – Error ‘A DLNA protocol error (2104) has occurred’ When streaming from Windows Media Player

KB ID 0000696

Problem

My Windows 7 Media Center can’t stream to my PS3, but the Windows Media Player that’s built into the same PC can, (well it should be able to!) However when I tried, this is what the Playstation told me.

Media Server Error:
A DNLA protocol error (2104) has occurred.

Solution

Note: Your local firewall on the Windows 7 machine can also cause this problem. I have a decent firewall at home, so I disabled the local firewall on the Media Center, (Start > Run > firewall.cpl).

1. On your Windows 7 Machine open Windows Explorer (Windows Key+E) > Select Homegroup > View homegroup settings.

2. Make sure you’re set to location type Home, if not change it (mine was set to public!).

3. Now “choose what you want to share…”.

4. Select as appropriate > Next.

5. Choose Media Streaming options.

6. Allow All, (or if you know the MAC address of the Playstation it will be listed as “Unknown Device” and, (if you can see it on the list), you can add that in on it’s own, and allow).

7. Accept the warning.

8. If you allowed all, this is what you should see.

9. Finally open the services (Start > Windows key+R > services.msc {enter}) and ensure that the “Windows Media Player Network Sharing Service” Service is started > Set to Automatic > and set to logon as either the Network Service, or the Local System.

Related Articles, References, Credits, or External Links

NA

XCOPY – Insufficient Memory

KB ID 0000810 

Problem

If I’m migrating client data, I use Xcopy a lot, especially if I want to preserve the permissions. One of the questions I usually ask is “Do any of your users have file names that are very long, i.e. longer than 256 characters?” Because if you are moving a lot of data and it’s been running for a few hours, then suddenly fails saying ‘Insufficient Memory‘, then that’s probably what the problem is.

Solution

1. At the point of failure, you will have successfully moved some data, so you want a solution that just moves the remaining data, Robocopy will do that for you.

Note: For Server 2008, Server 2008 R2, Server 2012, and Windows Vista/7/8, you will already have Robocopy installed, for older clients you will need to install the 2003 Resource Kit.

[box]

Syntax

robocopy "source" "destination" "options"

robocopy S: D:Shared /MIR /SECFIX /SEC

Note:Robocopy by default will retry 1000000 times, and wait 30 seconds each time (if it has a problem). You might want to add /R:3 /W:1 as switches to stop that.

[/box]

/MIR – Mirror the two locations, this will copy the difference IN BOTH DIRECTIONS! (Simply use /E if you don’t want this).

/SECFIX – Checks the Permissions on ALL FILES as it goes through (to make sure)

/SEC – Copies the data with its security ACL’s intact.

Use Robocopy to copy only newer files/folders

Thankfully this is the default behaviour, simply run the same command again.

Related Articles, References, Credits, or External Links

NA

Access a Windows Share Through a Firewall

KB ID 0001061 

Problem

I needed to access a folder on a server in a clients DMZ the other week, and the thought struck me ‘I have no idea what ports I need to open to accomplish this?’

Solution

Bear in ming I’m just talking about the ports that need to be open, you will still need to authenticate to the remote machine with a user-name and password (unless you have the share wide open which I would not advise).

The Ports that need to open FROM the machine you are connecting with TO the machine you are connecting to are;

  • TCP Port 139 NetBIOS SSN NetBIOS Session Service.
  • TCP Port 445 Microsoft DS Directory Share
  • UDP Port 137 NetBIOS Name Service
  • TCP Port 138 NetBIOS Datagram Service

 

Related Articles, References, Credits, or External Links

NA

Windows Certificate Services – Setting up a CRL

KB ID 0000957

Problem

One of the often overlooked tasks of a PKI deployment is setting your Certificate Services CRL. For smaller deployments, with only one server then you don’t have to worry about how this will be designed (though a CRL does not have to be hosted on a Certificate Services server). In my test environment I only have one PKI server so everything will be going on that one box, In more complex environments you may have multiple root and subordinate PKI servers writing to your CRL (you may even have multiple CRL’s).

Solution

I would consider this a ‘post’ certificate services install task, so I’m assuming you already have that installed and configured.

1. Launch the Certification Authority management console > Right click the server-name > Properties > Extensions tab.

2. With CRL selected > Add > Type into the location http://crl.{your-domain-name}.{your-domain-extension}/crld

Note: You can use https:// but you may need to add a certificate in IIS manager and select ‘require TLS’ for the crld virtual directory.

3. In the variable section, select then ‘Insert’ the following onto the end of the URL;

  • <CaName>
  • <CRLNameSuffix>
  • <DeltaCRLAllowed>

Finally end the URL with .crl > OK.

Note: Is ‘should’ look like http://{FQDN-Of-Server}/crld/<CAName><CRLNameSuffix><DeltaCRLAllowed>.crl

4. With the CRL entry you have just created selected > Enable the following two options;

  • Include in CRL’s. Clients use this to find Delta CRL locations.
  • Include in the CDP extension of issues certificates.

Apply > OK > Yes.

5. Change the ‘Select extension’ drop down to ‘CRL Distribution Point (CDP)’ > Add > Type in a UNC path as follows ‘{Server-name}crldist$ > Then select and inset the variables onto the end of the path, (like you did above);

  • <CaName>
  • <CRLNameSuffix>
  • <DeltaCRLAllowed>

And then (as above) add .crl onto the end of the path > OK.

6. With the CDP selected > Select the following options;

  • Publish CRL’s to this location
  • Publish Delta CRL’s to this location

Apply > OK > Yes.

Windows DNS Requirements for CRL

7. So that your clients can resolve the name of the CRL you have just created, they need to be able to resolve the name you just created. On your DNS server open the DNS management console > Expand server-name > Forward Lookup Zones > {your-domain-name} > Right click > New Host (A or AAAA) > name crl > IP address = The IP address of the IIS server that will host the CRL > Add Host > Close DNS Manager.

Windows IIS Requirements for CRL

8. On the web server, open the Internet Information Services (IIS) Manager console > Expand and select your server-name > right click > Add Virtual Directory >Set the alias to CRLD.

Note: in IIS URL’s are not case sensitive.

9. Under ‘Physical path’ select the browse button > Select the C: Drive, (or another drive if you wish) > Make New Folder > Call the folder CRLDist > OK > OK.

10. Select server-name > Directory Browsing

Note: If you are serving other services from this web server, you might wish to only set directory browsing on the CRLD virtual directory.

11. Enable.

12. Select the CRLD directory (Click refresh if you cant see it) > Configuration Editor.

13. Navigate to System.webServer > security > RequestFiltering.


Note: On older versions of IIS, it’s under ‘System.webServer > security > authentication > RequestFiltering.’

14. Change allowDoubleEscaping to ‘True’ > Apply.

Windows Folder Permission Requirements for CRL

15. Navigate to the folder you just created (i.e C:CRLDist) > Right Click > Properties > Sharing > Advanced Sharing > Select ‘Share this folder’ > Add a dollar symbol to the end of its name i.e. CRLDist$.

Note: This simply creates a ‘hidden’ share, that cannot be seen when browsing the server shares.

Note: In Addition, Set the Windows NTFS Permissions for the Server(s) to Full Control also.

16. Permissions > Object Types > Add in Computers > OK > Enter the name of the server(s) that need to write to the CRL > OK.

17. Grant the Full Control permission to the sever(s) you just added > Apply > OK.

18. Back at the Certificate Services server > Launch the Certification Authority management console > Revoked Certificates > Right click > All Tasks > Publish > New CRL > OK.

19. If you check the folder you created earlier, you will see it now contains the CRL files.

Related Articles, References, Credits, or External Links

Microsoft Certificate Services Configuring OCSP

Publish CRL Error – Access Denied 0x80070005

Error While Attempting to Access a Windows Share

KB ID 0000439

Problem

While attempting to connect to a Windows share you receive the error.

Windows cannot access {target machine name} Check the spelling of the name. Otherwise there might be a problem with your network. to try to identify and resolve network problems, click diagnose.

if you click “Diagnose” you will see the following,

Error code: 0x80070035 The network path was not found.

Note: You may also find that if you attempt to connect a share or map a drive via the target machines IP address it works fine.

Solution

1. Firstly I’m assuming you have used the correct target machine name (can you ping the target server by its name?)

2. Make sure the Computer Browser Service is both enabled and running.

3. On both the source and target machine, make sure NETBIOS over TCP/IP is enabled.

4. Finally of none of the above have worked, drop to command line and issue the following two commands. (Note: before proceeding take note of the machines IP address, subnet mask, default gateway and DNS settings (from command line run “ipconfig /all”).

[box] netsh winsock reset netsh int ip reset c:tempresetlog.txt [/box]

5. Reboot the server.

WARNING: When the server has rebooted, it will come back up with a DHCP address, if this is a server or machine that has a static IP address, you will need to re-enter the correct details post reboot.

Related Articles, References, Credits, or External Links

NA