Welcome to EMC Consulting Blogs Sign in | Join | Help

Marlon Duminy's Blog

Day-to-day on the ground floor of Heritage House

  • *Updated - Windows Updates Broke ActiveSync with HTTP_500!!

    We had a problem this week when Exchange 2003 Server ActiveSync decided to break after we did a couple of Windows Updates.  The funny thing is that the ActiveSync stopped working on a SINGLE Backend Server, and none of the updates were Exchange or even IIS updates! 

    Users on the affected backend server just started getting the dreaded HTTP_500 error messages.

    So, after loads of troubleshooting, re-applying service packs and even going as far as removing some of the applied updates, David Seymour had the brilliant idea to do a side-by-side comparison of the authentication settings with another backend server.

    What we found is that one of the WindowsUpdates (or at least I'm hoping it was!!) removed the Integrated Authentication from the EXCHANGE and PUBLIC virtual folders in IIS.  After re-enabling Intergrated Authentication and a quick IISRESET all was back to normal.

    Yes.  It was as simple as that!

    Thanks Dave

    - Marlon

    *Update:

    - I noticed last week that MSExchange.org has released a more in-depth article here that explains exactly how to reset the permissions on the Exchange IIS folders.

    - I have to stress that HTTP 500 errors are not just caused by permissions either.  A few weeks ago I was working on an SBS2003 Exchange installation - turned out that a previous cowboy deleted the original IIS Virtual folders and didn't re-create them properly.  If you are thinking about doing it, check out this SearchExchange.com article that explains how to repair Exchange IIS Folders. (Free registration required)

  • Adminpak on Windows Vista

    Today I finally got an Adminpak installed on my Vista laptop!!

    Up until today I've been using an additional Windows Virtual PC - which I'll probably keep for now - running on my laptop to do normal day-to-day admin stuff.  I have installed on there my Exchange, SQL and other application tools, resource kits and little extras you pick up along the way.  Makes it very portable and gets me up and running much faster if I need to rebuild my machine to move to another one.

    After find a couple of resources online about using ORCA to modify the installer or simply using the latest adminpak.msi that ships with Windows 2003 SP1 or Windows 2003 R2, I was still stuggling.  I guess I just don't have enough developer blood running through my veins Hmm

    Today I found Josh's post about installing the adminpak onto Vista RTM.  Sadly, I'm still running RC2 Embarrassed and using the Windows 2003 SP1 version doesn't work. However the adminpak that shipped with the original Windows 2003 build (dated 2 April 2003) installed with no errors but still causing the same symptoms, with ADUC not loading.  I registered a couple of DLL's as instructed and it all came together.

    Thanks Josh!

    Marlon

    PS.  Attached you can find the batch file you can run to register all DLL's in one go. Simply save as a .CMD file and run with elevated permisions.

  • Permission errors on Windows Vista application installations

    As we slowly start to roll out a couple of Vista RTM deployments to some of our developers it transpires there's a couple of little niggles that not many people have taken note of:

    1. Last night Keni tried to install Visual Studio, but it kept failing saying it can't copy a certain file.  Even though he's local adminstrator on a domain connected laptop, the problem turned out be that he didn't have the permission to install - or in this case copy the installer files to the correct location.  He was so ready to blame our corrupt ISO image!  In order to kick off the installation, right-click the executable and select the Run As Administrator option.  This brings us to our next point;

    2. The local administrator account is disabled by default.  This means that even if you right-click and do the whole run as thing, you'll keep on being prompted to enter the username and password.  So, into computer management you go, FIRST reset the password to something secure, and enable the account. Now you can proceed with your install!

    You'll find this permission thing always popping up.  In the next instances though, you'll simply be prompted to allow it to run with elevated permissions. e.g.:

    • when you try to copy a file to the root of the C: drive
    • try to launch mmc.exe from the RUN window
    • manually install an updated driver for some hardware

    Another handy tip from James is that when you have to install an application that has multiple files to executed, or simply don't have the RUN AS option, e.g. MSI packages, simply start up CMD.EXE using the RUN AS and launch all your installs from the resulting command prompt.  All commands run from within this command prompt will launch with elevated permissions.

    - Marlon

     

  • Windows Vista Upgrade: error 0x80070103 Not enough free space

    Right now I'm in the process of upgrading a Dell Latitude D820 to Windows Vista RC2 - currently running RC1.  I installed RC1 Build 5600 as a clean install about 2 weeks ago.

    Now I know that most self-respecting IT bods will never really do in-place upgrades .. I figured lets try the "what-if" factor.

    When I tried to kick off the RC2 setup, it pops up an error message saying there's insufficient drive space on the computer and that I need ~400MB to start the install.  HUH?  I have 30GB+ available on both my C: and D: drives!

    Wait, maybe because I'm running it as Domain Admin, not as the computer's Local Administrator.  That's happened before when trying to install certain software and device drivers.  Nope, still no go.

    Let's try booting from the DVD. Nope, the UPGRADE option is disabled with a nice message saying, "Sorry dude, if you wanna upgrade, do it from within Windows!"  GRRRRR!! Angry

    Let's see if there's a "No Hard Drive Space Check" switch that I can use.  SETUP /? doesn't bring up anything.  I stopped looking - does anyone know if there's such a switch?

    OK - maybe because I've got a virtual CD-drive installed as well, that could be causing it? Disable, try again. Insufficient drive space.  What else? Check for any portable drives, USB sticks, is my camera still plugged in? Nope. 

    Drive Manager - What's this I see? The DELL Utility partition is the first partition on the drive .. and only 39MB in size.  I'm guessing Setup is looking at this partition and then fails?  Well, since I won't be able to upgrade and will probably have to do a clean build anyway, let mess around for a while.  What if I set the C: partition as the active? It should be set already, but again "what-if"

    Surprise NO WAY! IT WORKED!

    There you are: Mark you primary partition as active (again?) and you should be good to go!

    Makes you think: what would happen if a home user with Dell computer want to upgrade to Vista? Reckon this would be a problem?  If anyone upgrades Windows XP to Vista RC2 on any PC with a utility partition, please let me know!

    - Marlon

  • Upgrading SQL2005 - DTS vs SSIS

    So there I was sitting the Upgrading to SQL 2005 one-day course last week and along with all the why upgrade and considerations when you upgrade questions, there was one question that I realised that EVERY single person in the group wanted to know about:

    Exactly what is the deal with DTS packages when you upgrade to SQL Server 2005?  Since Jamie is always on about SSIS and all the magic it can do, I thought I'd add a penny or two to the plate taken from the discussions we had in class regarding upgrades:

    When you upgrade your system to SQL 2005 your DTS packages REMAIN DTS packages.  They are NOT converted at this point.  They will continue to execute in what is known as legacy compatibility mode.  The catch here is that once you got them into SQL 2005 you cannot change or edit them. The word on the street is that your DTS packages are almost guaranteed to work when run in this legacy compatibility mode.

    In order to change your DTS packages you will need to convert them to SSIS packages.  There is a conversion utility that will do this for you.  The catch here is that the conversion is performed as “Best Endeavours” and Microsoft in no way guarantees the upgrade of your DTS packages. 

    It became clear to everyone in class that day was that the lesson to learn here is that when you start planning your SQL 2005 upgrade, start looking into redesigning your DTS packages at the same, especially if you have custom packages or very many of them!

    As a side note: The course was presented by Ishfaq Ahmed, a Microsoft Dedicated Support Engineer.  These group of engineers are "dedicated to proactively supporting Microsoft's enterprise customers" and now they've been drafted to present various "Notes from the Field" courses to (mostly) Microsoft Partners.

    - Marlon

  • Windows Mobile 5, MSFP & Exchange SP2

    On Friday I had the fortunate opportunity of attending a one-day workshop entitled "Configuring Mobile E-mail with Exchange 2003 SP2, Windows Mobile 5 & Messaging and Security Feature Pack Workshop" and was presented by Jane Lewis. Attendees were all from various backgrounds ranging from mobile service providers, hardware manufacturers and solution providers.

    As part of our early adoption strategy, Exchange SP2 was internally deployed a few weeks after its release in October 2005.  Together with the MSFP-enabled Windows Mobile 5 phones we received a few weeks ago from our mobile service provider we've been able to successfully test push email with our Business Development team.  Unfortunately these phones are still running on a test build and even though the push email functionality works, certain devices require an almost daily hard reset!

    So, even though I was quite familiar with the material covered, I have to admit that the workshop was quite informative and very well put together with enough material to cover both the sales and technical aspects.  Good going Jane!

    If you are considering deploying Exchange SP2 together Windows Mobile 5 devices with Push Email technology, I recommend that you:

    1.  Fully test and deploy Exchange SP2
    2.  Look at installing Microsoft Exchange Server ActiveSync Web Administration Tool - to enable Remote Wipe for lost or stolen devices
    3.  Look at www.soti.net - an alternative to the mobile admin tool with a couple of added features.
    4.  Contact Conchango to help with your Exchange SP2 deployment together with your new mobile application development!

    - MD

    PS. Jane, get your blog sorted!

     

  • Pandora's Box of Music

    www.pandora.com

    Our S&M Administrator (YES, we have one of those!!) recently pointed me towards Pandora, a brilliant site where you can build your own custom radio station.  Basically, you give this site a track or artist that you like, and it’ll play you related tracks from similar artists.  And it works REALLY well!!

    Having only seen this last week – apparently it’s been around for a couple of months now – it has already proven itself useful this past weekend when we hooked up the PC to the Hi-Fi, selected a single track and enjoyed some great music for a couple of hours!  I’ve even found a couple of great new (and old) tracks that I never knew existed!

    Pandora is the next step of the Music Genome Project and you can register (for free) on the site to save your custom radio stations.  You can also use the paid-for service in order to avoid seeing the adverts – which are just cycled on the site and non-intrusive.

    I'm impressed ... Thanx Helen!

    - Marlon

  • Windows Update vs Microsoft Update

    In a previous post I mentioned how "KB888619 Breaks OWA on Exchange 2003" and how confused I was by the fact that the update in question was displayed on the Windows Update site on the one server, but not the others.  After a couple of clicks today I found that there's actually two versions of the update sites:

    • Windows Update - The original site that scans your PC / Server for OS related updates and hardware drivers.  Notice the Microsoft Updates high-lighted below.  This takes you to the Microsoft Update site ....

    Windows Update

     

    • Microsoft Update - the new update site.  This site not only scans for Operating System updates, but also whatever other software you have installed, e.g. Office and as I found out the hard way - Exchange:

    msupdate.jpg

     

    You will notice subtle changes to the design and the url of the site, making it very easy for Techies like me - who just click blindingly and pray for the best - to get confused.  This new site works along the same way as WSUS - it downloads and deploys not only Operating System updates, but also other Microsoft Software updates.

    OK. Mini-mystery solved ..

     

    - Marlon

  • KB888619 Breaks OWA on Exchange 2003

    Windows Update

     

    Another Exchange Windows Update problem we encountered this week...

    After loading the WindowsUpdate site I noticed that it was recommending an Exchange Update (KB888619) on the Windows Update.  Now Exchange Updates are not something that you generally find on Windows Updates. (See image on the left)

    After installing this update OWA was broken.  The theme was not loading properly, and the right hand side of the reading pane had a single line reading "Loading..."

    Initially I thought that the theme was broken with some replaced style-sheets, etc.

    However, a quick scan through the Microsoft newsgroups I found a post (Problem with OWA after Installing KB888619) on microsoft.public.exchange.connectivity that explained the behaviour:

    "You need to install 888619 on your Front End Server as well because that fix
    adds an updated directory under the /exchweb folder which contains new .asp
    files. With this folder missing on your Front End you will see the exact
    behaviour you are experiencing. You would also see this problem if you
    applied Service Pack 1 to your Back Ends, and not your Front Ends.  - Ben Wolfe [MSFT]"

    So, I guess this again highlights the importance of keeping your environment - and not just Exchange - on the same versions of updates and service packs.  In my defense I must add that since Windows Update didn't recommend this update on the other servers, I automatically assumed that either the server already has it installed, or didn't need the update.

    The Lesson - Don't assume.

    As a side note - this update replaces the file C:\Program Files\Exchsrvr\exchweb\bin\auth\usa\logon.asp that is used by forms-based authentication.  So if you customised your logon page then remember that you'll need to re-apply those changes.

    - Marlon

    PS.  Can anyone tell me how to enable Windows Update to check for Exchange Server updates on my other servers.  I've had a quick look around, but didn't notice anything on first glance.

  • "I heard him typing his password, Your Honour!"

    Imagine a courtroom drama.  The accused is a hacker being questioned:

    Prosecutor: "How did you obtain the password to access the secured servers?"

    Hacker: "I heard him typing it.  The destinction between his R's and T's are quite remarkable!"

    ... HUH?!?

    I found two articles on The Register today that relates to research discussing how easy it is to use capture keystrokes using a cheap microphone, and after a bit of analysis, have a fairly accurate transcript of what was typed!  Why use a packetsniffer when you can duct-tape a dictaphone to the bottom of the desk!!

    http://www.theregister.co.uk/2005/09/16/type_fraud/

    http://www.theregister.co.uk/2005/09/16/key_clicks_betray_passwords/

     

    - Marlon

     

Powered by Community Server (Personal Edition), by Telligent Systems