Carl's blog

Super easy way how to reset secure channel / computer account in Active Directory domain.

by on Jan.07, 2011, under Computer Stuff

I have a 2008 R2 server joined to an SBS 2003 domain. Secure channel has somehow become broken. Netdom gives access denied when run from either DC or member server. I could change to a workgroup, reboot, then re-join domain, and pray that I don’t lose remote access along the way, or I could use this trick:

Are you ready? It’s so simple.. ;)

Go to change the domain, and simply change it from the DNS domain name (e.g. domain.local), to the netbios domain name (e.g. DOMAIN). You will probably need to be on the same broadcast domain (LAN segment), i.e. not over a VPN or WAN, for the netbios domain to be found (unless you have WINS running I suppose).

So, the machine is joined to domain.local, but the secure channel is broken. I just go to the ‘Computer Name’ tab of ‘System Properties’, click Change, and backspace out the .local from the domain name and press OK. It’s like I’m joining a different domain but it’s the same one really. You get the “Welcome to the domain. You must restart this computer for the change to take effect” message. Reboot and it’s all done. As usual the DNS domain name will be shown on the computer name tab after the reboot. Nothing has changed except that the secure channel has been re-established.

Comments Off more...

Linux/Unix (X) as an RDP (Remote Desktop Protocol) Server?

by on Dec.11, 2010, under Computer Stuff

Wow. This took me totally by surprise, and it seems to work very well. There’s no sound redirection or clipboard, but basically you connect to the Linux machine using an RDP client (Microsoft Remote Desktop Connection, or Terminal Server Client), and instead of getting a Windows logon box, you get an xrdp one. You choose a session and hey presto you have a Gnome or KDE session, through RDP!

It has two ways of working. The first, and easiest to get going, is that it uses vncserver (the VNC X Server) as the actual X server, and the xrdp program grabs the vnc display and RDPs it over to you. So you have the performance of RDP.
The other way is that it uses an RDP X server, so I suppose you could call that native X-RDP rather than VNC served RDP. This is a touch more complicated, and I was unable to get the svn version of the X11rdp Xserver to compile. There is a precompiled binary of what might be an old version at http://server1.xrdp.org/temp/ though.

The precompiled binary was the only way I could get X11rdp to work (that is native RDP – I got the vnc/rdp to work almost right away)

Let me clarify some points:

xrdp is the name of the project, and also the name of one of the binary files that deals with RDP and integrates with the VNC server and sends it to you through RDP.
X11rdp is the name of the special RDP Xserver that is another part of the project, which skips out vnc altogether. When you grab the (small) sourcecode off the project website, and do the make/make install, it will not build X11rdp.
X11rdp is also called “Xserver” within the project.
You will see in /usr/local/xrdp/sesman.log something like: “No such file or directory” if you are trying to use X11rdp server (sesman-X11rdp) but don’t have the X11rdp Xserver compiled/installed, or if you are trying to use VNC (sesman-Xvnc) but don’t have vncserver installed. VNC server will be provided by your distribution (Fedora, Ubuntu..) so is very easy to get. X11rdp is made by the xrdp project, so is not so easy, but the precompiled binary seemed to work OK for me.

The project’s website is very low priority, and does not reflect the true activity of the project.

The website is at http://xrdp.sourceforge.net/

I’ve just had a look, and development activity is moving along well! I’m going to have another look at this!

5 Comments more...

Recovering from Windows registry hive corruption, the smart way.

by on Dec.11, 2010, under Computer Stuff

I like this trick. Every time I do it, I think about all those people doing repair installs (in-place upgrades).

It works pretty much every time unless the filesystem is really truly screwed, in which case you need a backup, say from the system restore directory (System Volume Information), as per this knowledgebase article (don’t bother with the recovery console though, use your USB to IDE or USB to SATA cable and fix it from your laptop.)

Here are the symptoms. You try to start up your Windows 2000/XP (Vista too?) computer and you get a message, white text on black background:

Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM

or

Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SOFTWARE

Sometimes, the message is cut short, so you might see “\WINDOWS\SYSTEM32\CONFIG\SYS” or similar. Hint: If it’s really cut short, and you can’t see if it’s SOFTWARE or SYSTEM, do the following procedure on both files. Whichever one is identified as having been repaired, well that’s the one that was broken ;)

Anyway, how to fix it in 2 minutes:

Use your USB to IDE/SATA adapter cable, and connect the broken machine’s hard drive to your laptop, or your spare PC or whatever. You don’t have to use a USB to IDE/SATA adapter cable – if you’re a person at home with another PC you can stick the drive on a spare IDE or SATA channel. You just need to get that hard drive into a working Windows XP computer for a few minutes.

Windows will mount the broken computer’s hard drive as, say E: or F:. Make sure you have your computer set to show hidden files and also system files. To check this, go into My Computer -> Tools -> Folder Options, -> View Tab, and select “Show hidden files”, and make sure “Hide protected operating system files” is not ticked.

First things first, run chkdsk on that drive, after all it is most likely filesystem corruption that has caused the registry to become corrupt in the first place. In My Computer, right-click the broken computer’s drive and choose properties. Go to tools, “Check Now”, put a tick in only the first box (Automatically fix filesystem errors), and click start. Let that finish before continuing.

Here’s where the magic happens. Go to start -> run, and type regedit [enter]. This will launch the registry editor on your computer. In the registry editor, highlight HKEY_LOCAL_MACHINE, and then go to File -> Load Hive. Find the file that is “missing or corrupt” (from your error message earlier), and choose to load that. It will be in E:\(or F:\)Windows\System32\Config, and will be called just SOFTWARE or SYSTEM. Regedit will ask you to name the hive, just type “badpc” (any old garbage will do – it’s only temporary).

Regedit will say “One or more files containing the registry were corrupt and had to be recovered by use of log files. The recovery was successful.” You have just repaired the registry! Now you need to Un-load that hive, so highlight that “badpc” hive that you can now see under HKEY_LOCAL_MACHINE, and go to File -> Unload Hive.

You now just need to put that hard drive back in the broken computer, which hopefully won’t be broken any more! If you used a USB to SATA or USB to IDE cable from your laptop, make sure you use the “Safely remove hardware” icon in the system tray next to the clock to safely remove the hard drive, else you may cause filesystem corruption again. Alternatively just shut your laptop/working computer down properly and remove the hard drive once it’s shut down.

All done.

Some background:

The registry is a database. It has transaction log files which can be used to recover from corruption. It would appear that the early Windows boot process is not able to work with those log files, but regedit (and Windows itself further on in the boot process) is.

28 Comments :, more...

Vista: Stop: c000021a {Fatal System Error}, The initial session process or system process terminated unexpectedly.

by on Dec.11, 2010, under Computer Stuff

“Stop: c000021a {Fatal System Error}
The initial session process or system process terminated unexpectedly with a status of 0×000000000 (some more hex codes)”

Can’t repair this. Trying to pinpoint source of problem.

System Restore through Repair Environment is failing. Replacing registry files with those from RegBack hasn’t helped.

Clean install of Vista, moved contents of system32\config from broken install to clean one, also moved old Users directory, and problem still exhibited. Must be a registry/configuration issue then, not system files.

Now going to try to see if I can pin it down to either System registry or Software.

Update: It is fixed. The problem was within the SOFTWARE hive. I moved all the clean install stuff (Windows , Program Files, Users, ProgramData) to a folder called “clean”, and move all the folders out of Windows.old back into C:\ , so in effect returning the machine back to its original state before the clean install. I then replaced SOFTWARE with SOFTWARE.OLD and all is well.

Something within the Software registry hive was wrong/broken. Hope this helps someone. Not sure why the SOFTWARE hive out of RegBack was no good.

At least we know from now on that troubleshooting “Stop: c000021a {Fatal System Error}, the initial session process or system process terminated unexpectedly.” should be done from within HLKM\Software of the registry, or just replacing the Software hive with a good backup. Earlier in the process I opened regedit from the Repair Environment’s command prompt, and loaded the Software Hive, but it looked bare. There were only Microsoft subkeys, nothing else. Either this is because of the fault, or perhaps it’s a Vista security feature? (no.. it’s not a security feature – see below):

Another update: I have taken the bad software hive, and the good working one (software.old), and loaded them up into Regedit on my XP machine to compare.

Both files are around 45mb, but the bad one is completely bare except for a couple of Microsoft subkeys. I wonder what caused this?

Perhaps I am barking up the wrong tree. Maybe the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Reliability\Srt key means “system restore”, and this bare registry is normal during a system restore. Perhaps the registry is supposed to be bare until System Restore finishes after the reboot, and the bare registry wasn’t the actual cause of the stop error. Perhaps the stop error was triggered during System Restore’s finishing up. Who knows. I suppose I could create a restore point on the machine now, and see if System Restore causes the Stop error to return. I might do that.

At least for now, the solution here was to replace software with software.old.

6 Comments more...

Outlook & Exchange via RPC/HTTP(s) / Outlook Anywhere / Outlook via Internet & NTLM password saving

by on Dec.11, 2010, under Computer Stuff

Note: Outlook 2010 reverses the information below. Basic Authentication passwords *are* saved, and in fact don’t require Professional edition of windows (as NTLM password saving would do).

All the stuff I see out there, from knowledgeable people like Daniel Petri, seems to recommend using Basic Authentication over HTTPS for RPC/HTTP. The problem with this is that Outlook will prompt for the user’s password every time, which could be useful in some situations, but it’s a pain in other situations.

The solution to stopping the password prompt is to use NTLM. There is a lot of discussion around people playing with lmcompatibilitylevel in the registry (under HKLM\System\CCS\Control\Lsa), and people talk about it in a hit and miss sort of way, e.g. “this way worked for me, but not that way”, and then somebody else does it a little differently. The consensus comes across that there’s no one way that just works.

Well, for me there is one way that just works. I’ll point out a few gotchas that can get in the way too.

Here’s how I do it. If for some reason this is bad, please let me know!

1. I “connect using SSL”.

2. I do not “mutually authenticate”, so that second box is left blank and greyed out.

3. I always have “on slow networks connect using HTTP first”.

4. I sometimes have “on fast networks connect using HTTP first”, but I configure split-DNS so that if the user is within the office, the Exchange proxy resolves to the internal IP of the RPC proxy. I do this just to test that RPC/HTTP is working. I Ctrl-RightClick the Outlook icon in the system tray and check the connection status to see if we’re working over HTTPS.

5. I set lmcompatibilitylevel to 2.

I use self-signed certificates, so I first browse to https://server, when the certificate warning comes up I view the certificate, go to the last tab and import the certificate. I manually choose where to store the cert and I put it in trusted root certification authorities. If the client is Vista then I “run as administrator” Internet Explorer before doing this.

In SBS 2003, under IIS Manager -> websites -> default website -> RPC or RpcWithCert -> Properties -> Directory Security -> Authentication & Access, “Integrated Windows Authentication” is disabled out of the box, so NTLM doesn’t work until you tick this. This is easy to forget.

In SBS 2003, if you change the server’s IP address and subnet, e.g. from 192.168.0.x to 192.168.1.x or 10.x.x.x, you might want to check “IP address and domain name restrictions” on that same tab in IIS Manager as above. Also do the same for Microsoft-Server-ActiveSync because your smartphones won’t be working.

In SBS 2003 no ports need configuring.

In normal Server 2003 & Exchange 2003, I use “RpcNoFrontEnd” from the Petri.co.il article to configure the ports for me, after I have ticked to enable Exchange for RPC as per Daniel’s instructions.

Be Broadband (http://www.bethere.co.uk)’s Speedtouch routers won’t port-foward HTTPS when configured through the GUI. This is a pain. I’ll do a separate blog entry for how to fix that.

That’s about it. It works every time for me, for different companies with different ISPs. In most cases, the client computer is joined to the domain and the user is logging onto the computer with their domain account, hence there are no popups asking for the password when launching Outlook. If the computer is not joined to the domain, I open up User Accounts in the Control Panel and I click “Manage network passwords”, and I add something like “*.ourdomain.local” and put the password in and the username in the form of either user@domain or domain\user, and also “mail.ourdomain.com” (the outside hostname/IP) and put the credentials in there too. This works fine for XP Pro/Vista Business computers that aren’t part of the domain. For Home Edition of XP or Vista, the user name must be correct, (this cannot be changed after the user is created on the computer – renaming just alters the display name and not the username), and the user’s password must match. I also set the workgroup to be the same as the netbios domain of the company. This seems to work fine, of course along with the lmcompatibilitylevel tweak.

I’d be interested if anybody knows any reasons why the above should not be the preferred way of doing things. I know I should look into getting certificates from a globally trusted CA, as it’s a pain for OWA users with a self-signed cert.

1 Comment more...

Scheduled Backup to RDX / RD1000 with SBS 2008 and wbadmin

by on Dec.11, 2010, under Computer Stuff

Note: Since this article was published, I have altered my RDX strategy, and I no longer backup to a shared folder like this.
Please see the newer article here: http://www.css-networks.com/2011/12/sbs-2008-2011-automatic-backup-to-rdx-rd1000-without-cifssmbshared-folders/

(Of course you can mix bits of the more thorough script below, with the wbadmin command from the newer article above.)

Using wbadmin, you can back up everything, including Exchange, to the RD1000.
If you tell wbadmin to back up to the target drive directly, e.g E:, it will want to reformat the disk every time and therefore only allow one backup on the disk, and it will prompt you to allow the format, even if you gave the parameter -quiet. So instead we share the RD1000 and use a script like this:

@echo off
set Logfile="c:\network shares\company\Backup Log.txt"
rem Should be called with backup name as parameter, backup will be stored in that backup name's folder.
echo. >>%logfile%
Echo ***** Backup starting at %date% on %time% >>%logfile%
Echo Creating Backup Directory at \\server\rd1000\%* >>%logfile%
if not exist "\\server\rd1000\%*" md "\\server\rd1000\%*" >>%logfile%
Echo. >>%logfile%
Echo ***** Starting Data and System files backup >>%logfile%
wbadmin start backup -backuptarget:"\\server\rd1000\%*" -include:c: -quiet >>%logfile%
Echo. >>%logfile%
Echo ***** Starting Exchange Server Backup >>%logfile%
del "C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\*.log"
ntbackup backup "@C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\Exchange.bks" /a /d "Exchange Server" /v:no /r:no /rs:no /hc:off /m normal /j "Exchange Server" /l:s /f "\\server\rd1000\%*\Exchange Server.bkf"
type "C:\Users\Administrator\AppData\Local\Microsoft\Windows NT\NTBackup\data\*.log" >>%logfile%
echo. >>%logfile%
echo ***** Starting IRIS backup >>%logfile%
sqlcmd -S SERVER\IRISPRACTICE -Q "BACKUP DATABASE [IRIS] TO DISK = N'\\server\rd1000\%*\IRIS-FUll Backup.bak' WITH NOFORMAT, INIT, NAME = N'IRIS-Full Database Backup', SKIP, NOREWIND, NOUNLOAD, STATS = 10" >>%logfile%

Save the script as c:\dobackup.cmd , and call as “c:\dobackup Daily Backup” or “C:\dobackup Monday” with the Task Scheduler. Obviously make sure there is enough space on your RD1000 for five backups. If not, alter the script or just call it with “Set1″ and “Set2″ instead of Monday, Tuesday, Wednesday etc.

Although it looks like there is nothing there to say “Back up the Exchange IS”, there is an “Application” entry for Exchange in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WindowsServerBackup\Application Support\{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7} , and the output of the backup says “Running consistency check for application Exchange.” This confirms Microsoft’s documentation that SBS’ version of Windows Server Backup does indeed back up Exchange.

Because I am a wuss, and I have no faith, I am also doing an NTBackup of the Exchange IS to a file on the disk. The NTBackup files that you will need to run NTBackup on SBS 2008 can be found here. Extract them to C:\Windows, because there is a VSSAPI.DLL in Windows\System32 that NTBackup doesn’t like. If you extract the files to \Windows, ntbackup will use the VSSAPI.DLL in its own directory.

2 Comments more...

Overcoming CopyControl protection of old 16-bit applications with the help of XXCOPY.

by on Dec.11, 2010, under Computer Stuff

Old hard drive is E: (mounted through USB to IDE adapter)

New system is C:

C:

cd \

mkdir Application

xxcopy e:\Application c:\Application /clone /TC

Since CopyControl relies on the created/modified/accessed timestamps of the files within the hidden/system control directory of the application, the above will preserve them and CopyControl won’t be aware that the application has been copied to a new computer.

The /TC flag to XXCOPY causes it to preserve the file created, modified, and accessed timestamps, to the exact second. Whilst transferring Recruit to a new server late one evening a couple of years ago, I experimented and discovered that this was how the protection scheme (CopyControl) detected tampering/copying. At that time I used a tool called 12Ghosts FileDate or something, but XXCOPY does all this for us now. I am in the process of migrating five computers in a leasing company and am using this quick and easy procedure for transfering the DOS based quoting system which also uses CopyControl.

Some example applications: Oxford Software’s Recruit, LeasePlan / Network Lease’s Ultinet quoting system.

You can tell the application uses CopyControl because there is either a local or network folder which contains a hidden/system folder named something.NNN where NNN is some numbers, e.g. 489. Within that folder are some more files, one called something.CCC and also a file called CCONTROL.

This CopyControl is not the same as the one used by the music business on audio CDs.

Comments Off more...

How to clear the temp directory.

by on Dec.11, 2010, under Computer Stuff

This is such a simple thing that nobody would ever consider writing a blog entry or howto about it, right? The thing is though, I frequently see IT support technicians using Windows Explorer, clicking through into the user’s temp folder, highlighting everything and attempting to delete. They are interrupted (and the process aborted) by a message stating that a particular file was in use and could not be deleted, so they de-select that one file, and try again. Some more files are deleted but once again they are interrupted and told that another file couldn’t be deleted. They de-select that file and try again. This can go on for ages..

Here’s how to do it properly.

Go to a command prompt (Start -> Run -> cmd [enter])

At the command prompt type:

cd %tmp%

and press enter. This will change you into the current user’s temp directory.

AT THIS POINT, PLEASE MAKE SURE THAT THE PROMPT HAS CHANGED TO THE TEMP DIRECTORY. IF THERE IS ANY KIND OF ERROR, OR THE PROMPT DOESN’T CHANGE, DO NOT CONTINUE ON WITH THE NEXT COMMAND. I DO NOT WANT YOU TO REMOVE THE WRONG DIRECTORY!

Then type:

rd /s .

(that’s rd space slash-S space dot)

then press enter. Don’t forget the . at the end. This means “remove the current directory and all subdirectories, including all files.”

What will happen is that the contents of the temp directory and all subdirectories will be removed, but not the temp directory itself, because you are currently working in that directory (via the CD command) and therefore it can’t be deleted.

You’ll receive access denied messages for all in-use files, plus the temp directory itself. That’s fine. Those access denied messages would have been showstoppers if you were using Windows Explorer.

The above is clearing out the current user’s temp directory, which is located within that user’s profile directory (Documents and Settings\username). To clear out the system temp directory, which is located under the Windows directory, type:

cd %windir%\temp

(that’s CD, space, %windir%\temp)
and press enter. This will change you into the Windows temp directory.

AT THIS POINT, PLEASE MAKE SURE THAT THE PROMPT HAS CHANGED TO THE TEMP DIRECTORY. IF THERE IS ANY KIND OF ERROR, OR THE PROMPT DOESN’T CHANGE, DO NOT CONTINUE ON WITH THE NEXT COMMAND. I DO NOT WANT YOU TO REMOVE THE WRONG DIRECTORY!

Then just like before, type:

rd /s .

All done! You can type “exit” to close the command prompt.

6 Comments more...

SBS 2008 Unbootable after partition resize – winload.exe; Status: 0xc0000225; Info: The selected entry could not be loaded because the application is missing or corrupt.

by on Dec.11, 2010, under Computer Stuff

The server is all done. One last thing to do – resize that Dell OS partition now that we have the Data partition on a separate 500gb RAID1.

Being an old fashioned person (read: not a Vista user, and new to SBS 2008), I didn’t think to use Disk Management to do the resize. I used Acronis Disk Director. This resulted in the system not booting, with the above error message.

I was at a bit of a loss for what to do. I ran chkdsk from an NTFS bootdisk and this made no difference. Obviously there is no boot.ini any more, and to make matters worse, the Dell supplied SBS 2008 DVDs are non-bootable, so I was a bit stuck.

Whilst waiting the 2hrs for the SBS 2008 DVD ISO to download from Microsoft.com, I thought I’d try out a Vista disk and see if that would repair the bootmgr. It did and now all is well.

The problem is apparently caused by the UUID of the partition changing, leaving the bootmgr unable to find it, as per this article.

1 Comment more...

Internet Explorer error pages blank and missing information, can’t click continue or more information.

by on Dec.11, 2010, under Computer Stuff

Internet Explorer 7 / 8 appear broken. Error pages such as “Certificate Error” do not display full information, lots of script errors, “more information” gives blank information, can’t click “continue” on certificate error pages (which means you can’t accept a self-signed cert).

Fix: (download subinacl first).

subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f
subinacl /subdirectories C:\ /grant=administrators=f
subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=system=f
subinacl /subkeyreg HKEY_CURRENT_USER /grant=system=f
subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=system=f
subinacl /subdirectories C:\ /grant=system=f

Comments Off more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...