Windows has detected that Offline Caching is enabled on the Roaming Profile share – to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.
Pretty self explanatory – Offline caching is turned enabled on Windows shares by default, for shares that have profiles in them this needs disabling.
Solution
1. The error will tell you the username in question “It’s been blurred out above”. Go to a domain controller and click start > run > dsa.msc > locate that user > Properties.
2. The users profile can be in TWO places Either on the “Profile” tab, or the “Terminal Services Profile” tab. See which server it is on and go to that server.
3. If you are having trouble finding the share on the server click Start > Run > fsmgmt.msc {enter} > this will tell you where the folder is.
4. Locate the folder in question > Right click > Properties > Sharing > Caching tab.
5. Select “Files or programs from the share will not be available offline” > OK > Apply.
Related Articles, References, Credits, or External Links
If you have only a few files to share, you might want to consider using Dropbox, however if you want to share your files over the network then you need to install samba and configure it.
Solution
Related Articles, References, Credits, or External Links
Special Thanks to Morbuis1 Over at the Ubuntu Forms for the help.
My Windows 7 Media Center can’t stream to my PS3, but the Windows Media Player that’s built into the same PC can, (well it should be able to!) However when I tried, this is what the Playstation told me.
Media Server Error:
A DNLA protocol error (2104) has occurred.
Solution
Note: Your local firewall on the Windows 7 machine can also cause this problem. I have a decent firewall at home, so I disabled the local firewall on the Media Center, (Start > Run > firewall.cpl).
1. On your Windows 7 Machine open Windows Explorer (Windows Key+E) > Select Homegroup > View homegroup settings.
2. Make sure you’re set to location type Home, if not change it (mine was set to public!).
3. Now “choose what you want to share…”.
4. Select as appropriate > Next.
5. Choose Media Streaming options.
6. Allow All, (or if you know the MAC address of the Playstation it will be listed as “Unknown Device” and, (if you can see it on the list), you can add that in on it’s own, and allow).
7. Accept the warning.
8. If you allowed all, this is what you should see.
9. Finally open the services (Start > Windows key+R > services.msc {enter}) and ensure that the “Windows Media Player Network Sharing Service” Service is started > Set to Automatic > and set to logon as either the Network Service, or the Local System.
Related Articles, References, Credits, or External Links
Usually If I’ve got a lot of user profiles and data to shift, I use the clients backup software, copying user and group permission’s is pretty easy, xcopy can do that quite happily. The problem is migrating the shares and share permissions, that’s got to be done manually, for a few folders that’s easy to do, but if they have a LOT of shared folders that can be a problem.
So heres how to migrate both the share permissions and the NTFS permissions. from one server to another.
Solution
Note: For this to work, the drive letter on the source server and the new server needs to be the same.
1. On the new server, map a drive letter the the shared drive on the old server.
2. Copy the contents of the OLD drive to the NEW drive with the following command.
xcopy x:*.* e:*.* /D /E /C /F /H /K /O /Y
3. The copy over can take some time, remember if your old server has a slow network card or you only have a 10/100 switch then it may take considerably longer. In this example I was moving approx 140GB – it took a couple of hours.
4. That gets the files over with the correct windows permissions. Lastly we need to migrate the share permissions, on the OLD server > Start > Run > Regedit > Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanserverShares > Right click the entire “Shares” Key and export it to a file. (I just called it Shares and dropped it on the old servers C: drive).
5. Now I’ve read other sites and posts that say WARNING importing this key will break shares on the new server, but that is NOT the case. If you are worried you can export the same key on the NEW server to back it up.
6. Copy the file you exported from the old server to the new server, then double click it, you will get a warning about adding/merging the file into the registry > Accept by clicking yes.
7. All being well it should say it was successful. Now simply reboot the NEW server and the shares will be recreated.
Related Articles, References, Credits, or External Links
If I’m migrating client data, I use Xcopy a lot, especially if I want to preserve the permissions. One of the questions I usually ask is “Do any of your users have file names that are very long, i.e. longer than 256 characters?” Because if you are moving a lot of data and it’s been running for a few hours, then suddenly fails saying ‘Insufficient Memory‘, then that’s probably what the problem is.
Solution
1. At the point of failure, you will have successfully moved some data, so you want a solution that just moves the remaining data, Robocopy will do that for you.
Note: For Server 2008, Server 2008 R2, Server 2012, and Windows Vista/7/8, you will already have Robocopy installed, for older clients you will need to install the 2003 Resource Kit.
[box]
Syntax
robocopy "source" "destination" "options"
robocopy S: D:Shared /MIR /SECFIX /SEC
Note:Robocopy by default will retry 1000000 times, and wait 30 seconds each time (if it has a problem). You might want to add /R:3 /W:1 as switches to stop that.
[/box]
/MIR – Mirror the two locations, this will copy the difference IN BOTH DIRECTIONS! (Simply use /E if you don’t want this).
/SECFIX – Checks the Permissions on ALL FILES as it goes through (to make sure)
/SEC – Copies the data with its security ACL’s intact.
Use Robocopy to copy only newer files/folders
Thankfully this is the default behaviour, simply run the same command again.
Related Articles, References, Credits, or External Links
I needed to access a folder on a server in a clients DMZ the other week, and the thought struck me ‘I have no idea what ports I need to open to accomplish this?’
Solution
Bear in ming I’m just talking about the ports that need to be open, you will still need to authenticate to the remote machine with a user-name and password (unless you have the share wide open which I would not advise).
The Ports that need to open FROM the machine you are connecting with TO the machine you are connecting to are;
One of the often overlooked tasks of a PKI deployment is setting your Certificate Services CRL. For smaller deployments, with only one server then you don’t have to worry about how this will be designed (though a CRL does not have to be hosted on a Certificate Services server). In my test environment I only have one PKI server so everything will be going on that one box, In more complex environments you may have multiple root and subordinate PKI servers writing to your CRL (you may even have multiple CRL’s).
Solution
I would consider this a ‘post’ certificate services install task, so I’m assuming you already have that installed and configured.
1. Launch the Certification Authority management console > Right click the server-name > Properties > Extensions tab.
2. With CRL selected > Add > Type into the location http://crl.{your-domain-name}.{your-domain-extension}/crld
Note: You can use https:// but you may need to add a certificate in IIS manager and select ‘require TLS’ for the crld virtual directory.
3. In the variable section, select then ‘Insert’ the following onto the end of the URL;
Note: Is ‘should’ look like http://{FQDN-Of-Server}/crld/<CAName><CRLNameSuffix><DeltaCRLAllowed>.crl
4. With the CRL entry you have just created selected > Enable the following two options;
Include in CRL’s. Clients use this to find Delta CRL locations.
Include in the CDP extension of issues certificates.
Apply > OK > Yes.
5. Change the ‘Select extension’ drop down to ‘CRL Distribution Point (CDP)’ > Add > Type in a UNC path as follows ‘{Server-name}crldist$ > Then select and inset the variables onto the end of the path, (like you did above);
<CaName>
<CRLNameSuffix>
<DeltaCRLAllowed>
And then (as above) add .crl onto the end of the path > OK.
6. With the CDP selected > Select the following options;
Publish CRL’s to this location
Publish Delta CRL’s to this location
Apply > OK > Yes.
Windows DNS Requirements for CRL
7. So that your clients can resolve the name of the CRL you have just created, they need to be able to resolve the name you just created. On your DNS server open the DNS management console > Expand server-name > Forward Lookup Zones > {your-domain-name} > Right click > New Host (A or AAAA) > name crl > IP address = The IP address of the IIS server that will host the CRL > Add Host > Close DNS Manager.
Windows IIS Requirements for CRL
8. On the web server, open the Internet Information Services (IIS) Manager console > Expand and select your server-name > right click > Add Virtual Directory >Set the alias to CRLD.
9. Under ‘Physical path’ select the browse button > Select the C: Drive, (or another drive if you wish) > Make New Folder > Call the folder CRLDist > OK > OK.
10. Select server-name > Directory Browsing
Note: If you are serving other services from this web server, you might wish to only set directory browsing on the CRLD virtual directory.
11. Enable.
12. Select the CRLD directory (Click refresh if you cant see it) > Configuration Editor.
13. Navigate to System.webServer > security > RequestFiltering.
Note: On older versions of IIS, it’s under ‘System.webServer > security > authentication > RequestFiltering.’
14. Change allowDoubleEscaping to ‘True’ > Apply.
Windows Folder Permission Requirements for CRL
15. Navigate to the folder you just created (i.e C:CRLDist) > Right Click > Properties > Sharing > Advanced Sharing > Select ‘Share this folder’ > Add a dollar symbol to the end of its name i.e. CRLDist$.
Note: This simply creates a ‘hidden’ share, that cannot be seen when browsing the server shares.
Note: In Addition, Set the Windows NTFS Permissions for the Server(s) to Full Control also.
16. Permissions > Object Types > Add in Computers > OK > Enter the name of the server(s) that need to write to the CRL > OK.
17. Grant the Full Control permission to the sever(s) you just added > Apply > OK.
18. Back at the Certificate Services server > Launch the Certification Authority management console > Revoked Certificates > Right click > All Tasks > Publish > New CRL > OK.
19. If you check the folder you created earlier, you will see it now contains the CRL files.
Related Articles, References, Credits, or External Links
While attempting to connect to a Windows share you receive the error.
Windows cannot access {target machine name} Check the spelling of the name. Otherwise there might be a problem with your network. to try to identify and resolve network problems, click diagnose.
if you click “Diagnose” you will see the following,
Error code: 0x80070035 The network path was not found.
Note: You may also find that if you attempt to connect a share or map a drive via the target machines IP address it works fine.
Solution
1. Firstly I’m assuming you have used the correct target machine name (can you ping the target server by its name?)
2. Make sure the Computer Browser Service is both enabled and running.
3. On both the source and target machine, make sure NETBIOS over TCP/IP is enabled.
4. Finally of none of the above have worked, drop to command line and issue the following two commands. (Note: before proceeding take note of the machines IP address, subnet mask, default gateway and DNS settings (from command line run “ipconfig /all”).
[box] netsh winsock reset netsh int ip reset c:tempresetlog.txt [/box]
5. Reboot the server.
WARNING: When the server has rebooted, it will come back up with a DHCP address, if this is a server or machine that has a static IP address, you will need to re-enter the correct details post reboot.
Related Articles, References, Credits, or External Links
A few weeks ago my boss asked me to take a look at Microsoft Lync. Because he was interested in the Lync Client (formally Microsoft Communicator) for instant messaging.
Decent info is a bit thin on the net, and I don’t have the patience to read stupidly long PDF files. So to redress the balance I thought I would publish my findings below.
Solution
Note: The following procedure is carried out on Server 2008 R2 with Windows 7 Clients, on my VMware test network.
Walkthrough
I know a lot of people don’t like watching videos so heres my notes:
Pre-Requisites
1. Download and install, Microsoft Silverlight. (link)
2. IIS (Roles > Add Roles > Web Server IIS) > Next.
Also add:
i. ASP.NET
ii. Logging Tools
iii. Tracing
iv. Client Certificate Mapping Authentication.
v. Windows Authentication
vi. IIS Management Scripts and Tools
Next > Install > Finish.
3. RSAT Tools (Features > Add Features > Remote Server Administrative Tools > ADDS and LDS Tools) > Next > Install > Close > Select Yes to Reboot > Post Reboot Installation will continue > Close.
4. Have a Certification authority set up in your domain. OR a certificate ready for the Lync Server to import.
Install
1. Run Setup > It will ask to Install C++ let it do so.
2. Once it’s finished, It will ask for the install location > change if required > Install.
3. Accept the EULA > OK.
4. When the Deployment Wizard starts > Select “Prepare Active Directory”.
5. Prepare Schema > Run > Next > Finish.
6. Allow domain replication.
7. Prepare Current Forest > Run > Select Local Domain > Next > Finish.
8. Allow domain replication.
9. Prepare Domain > Run > Next > Finish.
10. When all are completed, add your administrators to the newly created AD group CSAdministrators > Then click “Back” to return to the main page of the Deployment Wizard.
11. Prepare First Standard Edition Server > Next > SQL Express will install > Finish.
12. Install Topology Builder > It installs very quickly and gets a green tick when complete.
13. Start > All Programs > Microsoft Lync Server 2010 > Lync Server Topology builder > When promoted select > New Topology > OK.
14. Save the topology as requested.
15. Under “Primary SIP Domain” > enter your domain name > Next.
16. Enter any additional domains if required > Next.
11. Give the site a name and description > Next.
12. Enter site details > Next > With the option to “Open the new front end wizard..” selected > Finish.
13. At the “Define a new front end pool” wizard > Next > Enter the FQDN of the server and select Standard Edition > Next.
14. Select features (Everything except PSTN, because I don’t have a PSTN gateway) > Next.
15. Choose to Collocate Mediation Server > Next.
16. Don’t add any further server roles > Next > Next.
17. Let it create a new share > Next.
(Note manually create the share and make sure it has appropriate permissions).
18. Set external URL if required > Next > we are not adding PSTN > Finish.
19. On the Topology Builder Select > Edit Properties > Central Management Server.
20. Add in the admin URL (Note: Make sure this resolves in DNS), and FQDN of the server > OK.
21. Select Publish Topology > Next > Next > Finish.
22. Re-launch or swap back to the Lync Server Deployment Wizard > Select Install or Update Lync Server System.
24. Run step one “Install Local Configuration Store” > Select “Retrieve directly…” > Next > Finish.
25. Run Step two “Setup or Remove Lync Server Components” > Next > (If you get a Prerequisite installation failed: Wmf2008R2 click the link) > Finish.
26. Run Step three “Request, Install, or Assign Certificates” > Request > Next > Send request immediately > Next.
27. Select your CA > Next > Next > Next.
28. Choose a friendly Name > Next.
29. Fill in your Organisation information > Next > Enter country > State and City > Next > Next > Next > Next > Next > Next > Finish. > Close.
30. Run Step 4 “Start Services” > Next > Finish.
31. Check the service status if you wish.
32. Close the deployment wizard.
Launch “Lync Server control Panel” and Configure
1. Launch the ” Lync Server Control Panel” > Log in with an admin account (created above at step 10).
2. Navigate to Users > Add.
3. Add in your users and assign them to your pool.
Post Install Tasks
1. You need to create a DNSSRV (Service Location) so the client can locate the Lync server:
i. service: _sipintenaltls
ii. Protocol: _tcp
iii. Port Number: 5061
iv. Host offering service: the FQDN of the Lync Server.
Install the ‘Lync Client’ on the client machines.
Related Articles, References, Credits, or External Links