Thursday, June 21, 2012

Promote 2008 Server Core to a Domain Controller

To promote the server to be a DC in your domain, enter the following command:

Dcpromo /unattend /replicaOrnewDomain:replica
/replicaDomainDNSName:mydomain.local /ConfirmGC:yes
/username:mydomain\administrator /Password:*

This will run dcpromo adding the server as a global catalog server to the mydomain.local domain. The Domain restore Mode password will be set to LetMeIn123. You will be asked to enter the domain administrator password when the command is run (by way of the /password:* command)

Allow the process to complete.  Once it does the server will automatically reboot and will be a domain controller.

Wednesday, June 20, 2012

Rename Windows Server 2008 Core

I ran into this today and here's how to do it.  Just don't try this on a domain controller.  This works for a member server only.

To rename the server we use the netdom utility. The command is
Netdom renamecomputer OldComputerName /newname:NewComputerName

Sunday, June 17, 2012

Fix VSS Errors Windows XP and Server 2003

Installing a backup device that uses a backup agent means the VSS writers have to be free of errors.  You can fix this by opening a command prompt (administrator level if needed) and typing in "vssadmin list writers".  This will run for a few seconds then list all of the writers on the system.  They should all show as "stable and ready".  If they are not, below are the steps you can take to fix this problem.

1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
3. On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.
4. Exit Registry Editor.
5. Click Start, click Run, type services.msc, and then click OK.
6. Right-click the following services one at a time. For each service, click Restart:
  • COM+ Event System
  • COM+ System Application
  • Microsoft Software Shadow Copy Provider
  • Volume Shadow Copy
7. Click Start, click Run, type cmd, and then click OK.
8. At the command prompt, type vssadmin list writers, and then press ENTER.
9. If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps. If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.
  • cd /d %windir%\system32
  • net stop vss
  • net stop swprv
  • regsvr32 ole32.dll
  • regsvr32 oleaut32.dll
  • regsvr32 vss_ps.dll
  • vssvc /register
  • regsvr32 /i swprv.dll
  • regsvr32 /i eventcls.dll
  • regsvr32 es.dll
  • regsvr32 stdprov.dll
  • regsvr32 vssui.dll  (does not work in Windows XP)
  • regsvr32 msxml.dll
  • regsvr32 msxml3.dll
  • regsvr32 msxml4.dll
Note The last command may not run successfully.
10. At the command prompt, type vssadmin list writers, and then press ENTER.
11. Confirm that the VSS writers are now listed.
12. At the command prompt, type vssadmin list shadows and then press ENTER.
13. Confirm that there are no errors listed.  On Windows XP you should see: No shadow copies present in the system.
14. Congratulations your machine should work again with any VSS compatible programs.

Wednesday, June 13, 2012

Group Policy Object to Block the Office File Validation Add-In

This "update" from Microsoft caused a lot of issues with files being opened (12 minutes for a 25K Excel 2003 spreadsheet) across a network.  Once the issue was isolated it wouldn't have made sense to go to all of the machines on every network affected and manually remove it.  Well you're in luck because here's a group policy template you can create and apply to your networks to prevent this update from causing you any problems.

CATEGORY "Microsoft Office Validation Add-In"
POLICY "Enable in Excel"
KEYNAME "Software\Policies\Microsoft\Office\11.0\Excel\Security\FileValidation"
VALUENAME "EnableOnLoad"
POLICY "Enable in PowerPoint"
KEYNAME "Software\Policies\Microsoft\Office\11.0\PowerPoint\Security\FileValidation"
VALUENAME "EnableOnLoad"
POLICY "Enable in Word"
KEYNAME "Software\Policies\Microsoft\Office\11.0\Word\Security\FileValidation"
VALUENAME "EnableOnLoad"

Tuesday, June 12, 2012

Backup Cisco Configs Using Putty

You can easily capture the configuration file from any network devices like Cisco Routers, Switches etc.. with putty. Follow below steps..

1. Launch putty and connect to your Cisco router/switch
2. Enter the user exec mode (router> enable)

3. Enter the terminal length 0 command (router# terminal length 0) in order to force the router to return the entire response at once, rather than one screen at a time.  This allows you to capture the configuration without extraneous −−more−− prompts generated when the router responds one screen at a time.
4. Right-click on the menu bar of the Putty screen and select “Change Settings
5. Go to Session and click on Logging, select “Log all session output
6. Click on Browse and choose the location and name of the file (I like to place my config file on my desktop – C:\Documents and Settings\Administrator\Desktop\config.txt)
7. Click apply.
8. Now enter the show run command (router# show run), then log out and see the output in config.txt on your desktop (or the location you chose).

This is a pretty simple thing to do and can be a real life saver if you happen to lose the config on a device.  It sure is a lot easier to copy and paste it back in instead of recreating it from scratch.  Cisco equipment is great but I have seen instances where the running config wasn't saved to the memory and after a restart it reset back to an old startup config or back to brand new (worst case).  

You now have the power!

Monday, June 11, 2012

Configure an External Time Source in Windows Server 2008 R2

Configure an external time source

This computer is configured to hold the primary domain controller (PDC) emulator operations master role (also known as flexible single master operations or FSMO) in the forest root domain. This computer should not use itself as a time source. Configure an external time source as the authoritative time source for the forest, or configure a member domain controller as the time source peer. The configuration must be done manually. Perform the following procedure on the computer that is logging the event to be resolved.
To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To configure a manual time source peer:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type w32tm /config /manualpeerlist:server,0x8, /syncfromflags:manual /update, where server is the name of the time source that you want to configure, and then press ENTER. ((I recommend for an Internet source))
  3. Restart the Windows Time service. At the command prompt, type net stop w32time & net start w32time, and then press ENTER.
  4. Resynchronize the Windows Time service client with the time source peer. At the command prompt, type w32tm /resync, and then press ENTER.
To learn more about the Windows Time service and related tools, see Windows Time Service Tools and Settings (


To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify that the Windows Time service is synchronizing correctly:
  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type W32TM /resync, and then press ENTER.
  3. At the command prompt, type W32TM /query /status, and then press ENTER. This command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step. Also, check the computer name that is shown as the Source. This should be the name of a domain controller (or an administrator-configured time server) in the same Active Directory domain as the local computer.
To verify that the Windows Time service synchronized successfully with its time source, confirm that Event IDs 35 and 37 appear in Event Viewer. If there was a recovery from a previous failure to synchronize with the time source, you also see Event ID 138, which indicates that the Windows Time service is synchronized correctly.

Renewing the Self-Signed Certificate: Exchange Server 2007

This is another perfectly written article that I have borrowed on this subject.  I got it from Exchangepedia and the author Bharat Suneja deserves all the credit.
Exchange Server 2007 issues itself a self-signed certificate for use with services like SMTP, IMAP, POP, IIS and UM. The certificate is issued for a period of one year.
The self-signed certificate meets an important need – securing communication paths for Exchange services by default. Nevertheless, one should treat these certificates as temporary. Although the self-signed certificates work perfectly well for internal SMTP communication between Hub Transport servers, and between Hub Transport and Edge Transport servers, it’s not recommended to use them for any client communication on an ongoing basis. For most deployments, you will end up procuring a certificate from a trusted 3rd-party CA (or perhaps an internal CA in organizations with PKI deployed).
Should you decide to leave the self-signed certificate(s) on some servers and continue to use them, these will need to be renewed when they expire — just as you would renew certificates from 3rd-party or in-house CAs.
 1. To renew the certificate for server, a server with CAS and HT roles installed:
Get-ExchangeCertificate -domain “” | fl
Note the services the certificate is enabled for (by default: POP, IMAP, IIS, SMTP on CAS + HT servers). Copy the thumbprint of the certificate.
Get a new certificate with a new expiration date:
Get-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F” | New-ExchangeCertificate
To create a new certificate with an exportable private key, use the PrivateKeyExportable parameter. For example:
New-ExchangeCertificate -PrivateKeyExportable $true
If the existing certificate is being used as the default SMTP certificate, you will get the following prompt. The default SMTP certificate is used to encrypt SMTP sessions between transport servers in your organization.
Overwrite existing default SMTP certificate,
‘C5DD5B60949267AD624618D8492C4C5281FDD10F’ (expires 8/22/2008 7:20:34 AM), with certificate ’3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E’ (expires 1/28/2009 7:37:31 AM)?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is “Y”):
Type y to continue. A new certificate is generated.
Thumbprint   Services   Subject
———-   ——–   ——-
3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E   …..   CN=E12Postcard
The new certificate is generated and enabled. Examine the new certificate:
Get-ExchangeCertificate -thumbprint “3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E” | fl
2. The old certificate is enabled for IIS, POP, IMAP and SMTP. The new certificate generated using the above command is enabled only for POP, IMAP and SMTP – IIS is missing.
You can enable the certificate for IIS (in addition to any other services it may already be enabled for — it adds to existing values of the certificate’s Services property).
Note: Once you enable a certificate for a particular Exchange Server service, there’s no way to disable it (for that service). You must remove the certificate (if the certificate is CA-issued, export the certificate along with its private key before you do so), import it again and enable it for the services you need to. This is generally not a concern with self-signed certificates— you can generate additional self-signed certificates and optionally remove the old one, since there’s no CA interaction or costs involved.
Setting the Services parameter to None does not do anything in this case.
To enable the certificate for IIS:
Enable-ExchangeCertificate -thumbprint “3DA55740509DBA19D1A43A9C7161ED2D0B3B9E3E” -services IIS
3. Test services are working with the new certificate. If it works as expected, the old certificate can be removed:
Remove-ExchangeCertificate -thumbprint “C5DD5B60949267AD624618D8492C4C5281FDD10F”

Sunday, June 10, 2012

Backup SLBL on IronPort C160 Devices

How do I backup and restore my safelist / blocklist?

Making a backup of the safe list, block list:
  1. Go to the Configuration File option under the System Administration tab on the GUI.
  2. Near the bottom of this screen you will find the section labeled: End-User Safelist/Blocklist Database (IronPort Spam Quarantine).
  3. Press the button labeled "Backup Now". This will save a copy as a .csv file in the configuration directory on your appliance.
Note: If this feature is not enabled, you can enable it by choosing Monitor > Quarantines.
Moving the backup to another box:
  1. Make certain that you have the FTP service enabled on one of your network interfaces. This would typically be the management interface. You can check this in the IP Interfaces section under the Network tab on the GUI.
  2. From your file server, FTP to the IronPort appliance on the above mentioned interface.
  3. Login as an admin user.
  4. The backup file you made earlier should be right there in the root directory.
Restoring the backup:
  1. This is basically the reverse procedure of the backup.
  2. FTP the file from your file server back to the IronPort appliance in the configuration directory.
  3. Go back into the Configuration File section under the System Administration tab.
  4. Press the "Select File to Restore" button.
  5. Select from the list of valid backup files.

Saturday, June 09, 2012

How to Factory Reset a Wyse T509 Thin Client

I ran into this issue recently and got this answer from Wyse tech support.  Seems easy enough but took a few tries to get it to take.

1.       Power down the unit.

2.       Press AND hold power button and the same time keep hitting ‘p’ key

3.       A UI will be shown with an option to start recovery.

Item 2 is a bit tricky. On the front panel there are 2 LEDs (one right on the power button, another one on the left of power button, let’s call it status LED). You need to keep holding power button and hitting ‘p’ until Status LED blinks. It takes about 4 seconds of holding power button. If you hold power button for 7 seconds device will shut off.

Manually Uninstalling Trend Micro Officescan

Trend Micro OfficeScan is normally deployed in corporate network environment to provide endpoint security. Administrators can remotely uninstall the Office Scan client, and user at the workstation can uninstall the client program using built-in uninstall mechanism too (i.e. Add and Remove Program in Control Panel). If for some reason, the Office Scan client cannot or unable to uninstall, or user doesn’t have the required password to remove the OfficeScan client, try the following workaround to manually uninstall and remove Trend Micro OfficeScan.

1.  Go to Control Panel Services (services.msc), and stop the following services:
  • OfficescanNT Listener
  • OfficescanNT RealTimeScan
  • OfficeScanNT Personal Firewall (if enabled)
2.  Run Registry Editor (regedit.exe).

3.  Navigate to the following registry key hive:

4.  Delete the following keys (if available):
  • Ntrtscan
  • Tmlisten
  • TmFilter
  • VSApiNt
  • TMPreFilter
  • TM_CFW
  • OfcPfwSvc
5.  Navigate to the following registry hive:
HKEY_LOCAL_MACHINE \SOFTWARE\TrendMicro or HKEY_LOCAL_MACHINE \SOFTWARE \Wow6432Node\TrendMicro (in 64-bit Windows operating system)

6.  Delete the following keys (if available):
  • OfcWatchDog
  • Pc-cillinNTCorp or OfficeScanCorp (depends on the client)
  • RemoteAgent
  • PC-cillin
  • CFW
7.  Browse to the following registry key hive:
HKEY_LOCAL_MACHINE \SOFTWARE \Microsoft\Windows\CurrentVersion\Run

8.  Delete the OfficeScanNT Monitor key.

9.  Navigate to the following registry key:

10.  Delete the OfficeScanNT key.

11.  Delete the OfficeScan program group (Trend Micro OfficeScan Client) from the Windows Start menu.

12.  Restart the computer.

13.  Delete the directories that contain the OfficeScan Client program files, normally located inside Program Files folder.

NOTE:  The above steps work for OfficeScan 7.x client in Windows 2003/XP/2000/NT/Vista/2008 machine. 
For Trend Micro OfficeScan Corporate Edition (OSCE) – 5.58, OfficeScan Corporate Edition (OSCE) – 6.5, Client / Server / Messaging Suite for SMB – 2.0, follow these manual uninstallation steps instead.

1.  Delete the Trend Micro OfficeScan Client program shortcut in Start Menu, by right click on it and then choose Delete.

2.  Delete the installed files located in the OfficeScan folder under the \Program Files\Trend Micro\OfficeScan Client directory.

3.  Open the Registry Editor (regedit).

4.  Navigate to the following registry key:

5.Delete the following keys:
  • OfcWatchDog
  • PC-cilling
  • PC-cillingNTCorp
6.  Also delete the following registry hives:
◦HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OfficeScanNT Monitor
◦HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmPreFilter (for Win2003)

7.  Right click on My Computer, click Manage and then select Device Manager.
8.  Enable the Show Hidden Devices option.
9.Remove the following hidden devices in Non-Plug and Play Drivers tree pertaining to OfficeScan (right-click and select Uninstall):
  • Trend Micro VSAPI NT
  • Trend Micro FILTER
  • Common Firewall Driver
  • NTRTSCAN (if available)
  • TMLISTEN (if available)
10.Restart the OfficeScan client machine.
This has worked for me each and every time I have had to do a manual removal.  Good luck.

Things You Can Open in Windows From the Run Command

With all the work I do on Windows Server knowing these commands is a real time saver instead of always having to run things down through the GUI.  This isn't by any means a full list but here is a list of some of the things you can access in Windows without the mouse (type these at a Run Prompt):

    control = Opens the Control Panel Window
    control admintools = Opens the Administrative Tools
    control keyboard = Opens the Keyboard Properties Window
    control color = Opens the Display Properties (at the Appearance Tab in Windows 7)
    control folders = Opens the Folder Options Window
    control fonts = Opens the Font Policy Management Window
    control international (or intl.cpl) = Opens Regional and Language Options
    control mouse (or main.cpl) Opens mouse properties
    control userpasswords = Opens the User Accounts Editor
    control userpasswords2 (or netplwiz) = Opens User Account Access Restrictions
    control printers = Opens the Printers and Faxes Window
    control desktop (Windows Vista/7 only) = Opens Control Panel>Personalization
    appwiz.cpl = Opens the Add or Remove Programs Utility
    optionalfeatures = opens the Add or Remove Windows Component utility
    desk.cpl = Opens the Display Properties (Themes Tab)
    hdwwiz.cpl = Opens the Add Hardware Wizard
    irprops.cpl = Opens the Infrared utility (does nothing if no IR devices are installed)
    joy.cpl = Opens  Game Controller Settings
    mmsys.cpl = Opens the Sound and Audio device properties window (Volume Tab)
    sysdm.cpl = Opens the System Properties window
    telephon.cpl = Opens the Phone and Modem options window
    timedate.cpl = Opens the Date and Time Properties window
    wscui.cpl = Opens the Windows Security Center in XP (opens the Action Center in Windows Vista/7)
    access.cpl = Opens the Accessibility Options Window (does not work in Windows 7)
    wuaucpl.cpl = Opens Automatic Updates
    powercfg.cpl = Opens the Power Options Properties window
    ncpa.cpl = Opens the Network Connections window
    bthprops.cpl = Opens the Bluetooth Control window (does nothing if no bluetooth devices are installed)
    certmgr.msc = Opens the Certificate Management MMC
    compmgmt.msc = Opens the Computer Management
    comexp.msc (or dcomcnfg) = Opens the Computer Services MMC
    devmgmt.msc = Opens Device Manager
    diskmgmt.msc = Opens Disk Management
    eventvwr.msc (or eventvwr) = Opens the Event Viewer
    fsmgmt.msc = Opens Shared Folders
    napclcfg.msc = Opens the NAP client configuration tool
    services.msc = Opens Service Manager
    taskschd.msc (or control schedtasks) = Opens the Task Scheduler
    gpedit.msc = Opens the Group Policy MMC
    lusrmgr.msc = Opens Local Users and Groups
    secpol.msc = Opens the Local Security Settings window
    ciadv.msc = Opens the Indexing Service Window
    ntmsmgr.msc = Opens the Removable Storage Manager
    ntmsoprq.msc = Opens the Removable Storage Operator Requests
    wmimgmt.msc = Opens the WMI (Windows Management Instrumentation) window
    perfmon.msc (or perfmon) = Opens the Performance Monitor
    mmc = Opens a blank Microsoft Management Console
    mdsched = Opens the Memory Diagnostics tools
    dxdiag = Opens DirectX diagnostics tools
    odbcad32 = Opens the ODBC Data Source Administration window
    regedit (or regedt32) = Opens the Registry Editor (these commands actually open different Registry editors, google for the differences)
    drwtsn32 = Opens Dr. Watson
    verifier = Opens the Driver Verification Manager
    cliconfg = Opens the SQL Server Client Network Utility
    utilman = Opens the Utility Manager (in Windows 7 this opens the Ease Of Access Center)
    msconfig = Opens the System Configuration Utility
    sysedit = Opens the System Configuration Editor
    syskey = Opens the Windows Account Database Security Manager
    explorer = Opens Windows Explorer
    iexplorer = Opens Internet Explorer
    wab = Opens the Windows Address Book
    charmap = Opens the Character Map
    write = Opens Wordpad

Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS)

Active directory response: 00002098: SecErr: DSID-03150BB9, problem 4003 (INSUFF_ACCESS_RIGHTS)

If you're getting this error trying to move mailboxes from Exchange 2003 or 2007 to Exchange 2010 then here's the simple fix.
  • Go into the user's account in AD and go to the Security tab. 
  • Check the box to Inherit permissions. If it's already set, clear it, force an AD update, and then check the box again. 

I had 2 boxes do this on my last Exchange migration. It's a real pain to find out after you've waited on the mailbox to copy but a very easy fix.

Friday, June 08, 2012

Using Backup Exec 2010 R3 to Restore Exchange Data

I borrowed this write up from the Symantec Connect Community here.  This is very well written process to restore Exchange data with a minimum of fuss (if there is such a thing dealing with tape drives).

Restoring Data in Exchange

Before restoring data, a few things need to be checked and enabled:
● Check that there is sufficient disk space available. This is because Backup Exec will stage the entire Exchange Information Store before restoring any individual items.
● The default location for temporary files is: C:\Temp. This needs to be changed to the drive with the most space available.
This is done as follows: Tools, Options, Restore (Path on media server for staging temporary restore data…).
● The user concerned needs to be logged out of their email.
● Make sure the user informs the Service Desk/engineer of exactly what they want restored.

Restoring Data Using a Duplicate Copy

This method duplicates an Exchange Information Store to the local server hard drive. The reason for using this method would be due to a large Exchange IS database size, or wanting to stage the restore once.
Should a restore fail during normal restore process, the entire Exchange IS needs to be re-staged. This will take time depending on the database’s size.

Do the following:
● Check for a drive with sufficient disk space for the restore. The available space must be at least the size of the Exchange IS.
● On the target drive, create a folder called: Exchange Restore.
● Open Backup Exec, and go to Devices. Right-click Backup-to-Disk Folders, and choose: New Backup-to-Disk Folder. Give it the name: Exchange Restore, and point it to the target drive and folder. Click OK.
● Go to Job Setup, select the job that runs for the site, and under Backup Tasks, choose: New job to duplicate backup sets. Choose OK.
● Browse the server concerned, and under Microsoft Information Store, choose the Information Store you want to stage to disk. You need to select the date/media.
● Choose the new Backup-to-Disk folder created for this purpose, and click Run Now. Let the job complete.
● Make a note of the name of the image created by this job (Devices --> Backup-to-Disk Folders --> Exchange Restore).
● Click the Restore tab in Backup Exec. When the “Welcome to the Restore Wizard” screen shows, deselect the tab to “Always launch the Restore Wizard from the Restore Button”, and click Next.
● Under Selections, choose View by Media, and chose the image created in the duplication job.
● Find the user’s mailbox that needs to be restored, open the mailbox, and click Top of Information Store.
● From here, individual emails, contacts and folders can be restored.
● Select what needs to be restored.
● Click Resource Credentials, and then Test All to make sure that the security credentials are correct,
● Click Run Now.
● Go to Job Monitor, and the job should run successfully. This will restore data straight into the user’s mailbox.