Posts

Showing posts from 2014

ARR, Caching and Ajaxtoolkit files

-
A fun little episode today. We're moving a website that uses Ajaxtoolkit to an ARR based web farm. One of the pages would show OK the first time and then subsequent calls would show the code from common.js. We had no idea what common.js was. We could see files in ARR's cache and the page worked fine when not going via ARR, but had no idea what was going on. Changing ARR's cache to "do not cache" for query strings made it go away, but that didn't really satisfy me as to why it was happening. Changing to "Include query string" was the eye opener. This put three entries in the cache for the file scriptresource.axd each with a unique query string. Any subsequent calls to the page worked perfectly. Further reading revealed these files are generated at runtime so when the default of "ignore query string" was turned on, a single file was generated and cached when the page actually required the different versions to work. I won't prete
Post a Comment
Read more

Sage Accounts 2010

-
Minor little thing here where the internet is littered with info, but it's just one small change that fixes the problem. Older versions of Sage Accounts can keep their data on an SMB share to allow multi user. As soon as you move to a more modern version of Windows though, it runs painfully slow with more than user logged in . Simple fix: disable SMB 2 on the end users' PCs. Not ideal, but it'll get you through until you upgrade to a newer version of Sage
Post a Comment
Read more

Getting a Certificate Signing Request from a Certificate

-
Now that Chrome is complaining about certificates that are only SHA-1, it was time to Re-key our certificates to SHA-2. One problem: we no longer had the original CSR. Here's how to get a CSR to give to your certificate supplier from your pfx file using openssl openssl pkcs12 -in mycert.pfx -nocerts -out key.pem -nodes openssl pkcs12 -in mycert.pfx -nokeys -out cert.pem openssl rsa -in key.pem -out server.key openssl x509 -x509toreq -in cert.pem  -signkey server.key -out CSR.csr
Post a Comment
Read more

IIS, Centralized Certificate Store and DFS

-
So it's time to build you new IIS 8 Web Farm with the wonderful Centralized Certificate Store, holding your certificates in a replicated DFS namespace. Only thing is, CCS keeps complaining that it can't access your DFS share. Permissions are all good, a mapped drive with your user works fine, but it's still not having it. The problem (for me anyway) was that I was using the content servers as the namespace servers as well. First sign that something was wrong was that browsing to \\domain.local only shows netlogon and sysvol. So I added one of the domain controllers as a namespace servers, disabled the content servers as namespace servers and there you go, CCS can access the certificate share. I'm guessing this is a bug as Shared Configuration can access the same DFS share when not using the DCs as nameservers.
Post a Comment
Read more

SCUP, WSUS, Dell and Error 0x8024000f

-
Update: See bottom of post for another variation on this. Now here was a real barrel of laughs to track down and fix. The setup: Import the Dell Client catalogs into SCUP 2011 Publish them all to WSUS with automatic (effectively metadata only) Check for updates from a client machine Get Error 0x8024000f in Windows update Upshot of this is that WSUS is broken and by extension, so are software updates via SCCM. The culprit? Circular references in Dell's update catalog. How to fix: Turn on verbose logging for WSUS on a client PC  http://support.micro...723#letmefixit2 Check for updates Open c:\windows\windowsupdate.log Search for the word "cycle" Get the update ID that has the circular reference Find that update in SCUP and expire it (you may want to fix it, but I didn't bother as I don't need the affected updates) Publish the update again Go back to step 2 and keep repeating until Windows Update on the client PC works (I had about 8 wi
1 comment
Read more

Setting Wallpaper for a Remote Desktop Session

-
Ah, the fun I had trawling around trying to find out how to set the wallpaper on a remote desktop session! The (seemingly) most obvious answer was changing the Wallpaper setting under Desktop in a GPO, but no. That setting explicitly states that it doesn't apply to RDP sessions, so back to the registry we go... I'm presuming here that we want these settings to apply to all the computers within a specific OU rather than to individual users. Create a new GPO "Wallpaper" Navigate to Computer Config/Policies/Admin Templates/System/Group Policy Set "Configure user Group Policy loopback processing mode" to Enabled with Mode as "Merge" Navigate to Computer Config/Policies/Admin Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment Set "Always show desktop on connection" to Enabled Set "Enforce Removal of Remote Desktop Wallpaper" to Disabled Navigate to Computer Con
1 comment
Read more

Monitoring rotating text files in real time with Powershell

-
So I needed a way to monitor some log files in a folder where a new log file gets created when the current one gets too large. All I'm interested in is checking the latest one for certain strings and then alerting if they occur. Powershell to the rescue: #folder to be watched $folder = 'C:\Temp\logger' #file types to be watched for $filter = '*.log' # <-- set this according to your requirements #strings to find in log $matchstring="My matching string" #variable to hold background powershell job $catjob #start a cat task as background process Function StartCat ($filepath) { #stop job is already monitoring a file if ($Global:catjob -ne $null) { stop-job -job $catjob remove-job -job $catjob } $scriptblock = { param ($file, $matchstring) cat $file -wait | ?{$_ -match $matchstring} } #start new job when file changed $Global:catjob = sta
Post a Comment
Read more

Wildcard Subdomains in Windows DNS

-
On a test web server you may have the need to host multiple websites under several subdomains: site1.server.domain.local site2.server.domain.local site3.server.domain.local Setting up the host headers is straightforward, but a bit of work is required in Windows DNS to get the subdomains working correctly. Launch DNS console Expand Forward Lookup Zones Right click on your domain and click "New Domain" Enter the name of your server (if that's what you're using as the top level of the sub domain) Right click the new domain and click "New Host (A or AAAA)" Enter "*" (without the quotes) for the name and then the IP address of your server Click OK On the server in a raised cmd prompt:  ipconfig /flushdns ipconfig /registerdns All done and your your subdomains will be resolved.
Post a Comment
Read more

Cleaning up Sharepoint 2013 backups

-
Sharepoint is pretty horrible when it comes to backups, but presuming that you're doing Farm backups rather than just your content database, you'll have to deal with them. I do one full backup per week and differentials in between from Task Scheduler. This generates a lot of data that needs cleaning up, so here's a bit of script. Most of this is directly lifted from a script by  Meat Head Nerd  which I changed to look at the full backups rather than just age of backup. This will remove all full and differential backups prior to the number of full backups you want to keep. # Number of full back ups you want to keep $numfullbackups = 1 # Import the Sharepoint backup report xml file $spbrtoc = “c:\temp\spbrtoc.xml” [xml]$sp = gc $spbrtoc # Find the full backups in spbrtoc.xml $fullbackups = $sp.SPBackupRestoreHistory.SPHistoryObject | ? { $_.SPBackupMethod -eq 'Full' } # Get the start time of the last full backup $lastfullstarttime = $fu
Post a Comment
Read more

When SCUP 2011 Cleanup Wizard won't clean up...

-
In SCUP 2011, there's the Software Update Cleanup Wizard which will remove from WSUS any updates that are no longer in SCUP. Only one problem: if the update exists in WSUS, but the content isn't in UpdateServicePackages, the clean up fails as it can't verify the signature of the cab file. As the wizard doesn't care about the content of the file, it's quite easy to fool it. Open SCUP.log and find the error Create a folder in UpdateServicePackages that matches the folder of the missing content. e.g. \\WSUS01\UpdateServicesPackages\7d0f53e4-482e-462d-b81b-127941c32091 Find an existing cab file within the UpdateServicePackages folder and copy it into your new folder Rename the copied cab file to the name of the missing cab in the SCUP folder Run the SCUP Cleanup Wizard again Clean up success! Seems like a bug to me as removing the entry from the WSUS database shouldn't really care if the content exists.
Post a Comment
Read more

Locking workstations through GPO

-
Using GPO to lock workstations after a period of inactivity should be standard behaviour in any organisation, but unfortunately the internet is littered with old information about how to do this. So, ignoring anything to do with screensavers, g o to: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options Set Interactive logon: Machine inactivity limit to whatever timeout period you require Amazing how long it took to find this. H/T:  MS Forum  and the guy who answered it  Deploy Happiness
Post a Comment
Read more

Windows SMTP Service Mailroot Folders

-
It may be deprecated in Server 2012, but the built in SMTP service is still extremely useful and is likely to be around for some time yet. When used for bulk emails it's handy to be able to process the non-delivery receipts, but the mailroot folders often cause confusion,  particularly badmail. If the from address accepts mails, the SMTP service will send the NDR to that address and won't keep a copy of the NDR. If the from address is not valid or rejects inbound mail (e.g. no-reply@contoso.com) then a copy is stored in badmail along with two other files (possibly not relevant to your post-processing). To keep all NDRs, change the settings in the SMTP service to send the them to an email address. I use undelivered@machine.domainname where machine.domainname is the name showing under domains in the SMTP service's GUI. Doing this stores all the NDRs in the local  drop folder for later processing. Another thing to watch out for is the FQDN field in the Deli
Post a Comment
Read more

SCCM 2012 R2 Console and Performance counters

-
Just had a issue where the SCCM 2012 R2 Console on Win 8.1 (x64) would no longer connect to the site server after installing MDT 2013 on my local machine. AdminUI.log complained about performance counters. Fix: c:\windows>cd syswow64 c:\windows\syswow64>lodctr /R c:\windows\syswow64>winmgmt.exe /RESYNCPERF Uninstall SCCM Console Reinstall SCCM Console All working again H/T  http://support.microsoft.com/kb/2554336?wa=wsignin1.0
Post a Comment
Read more

Popular posts from this blog

Avoid Microsoft Intune if you use G-Suite and Android

-
Like me, you might have considered Intune to be your one stop MDM solution if you're an Office/Microsoft 365 user. On the whole it is pretty good, but it's got one massive failing: It doesn't support Google accounts on Android Work Profiles. You might think that if you're a Microsoft shop it's not a big deal, but there two major reasons why you might want to use Google alongside Azure Active Directory: SSO. Many companies charge extra for SSO with Azure but include it for free with Google, e.g. Slack and Atlassian. Chrome. Let's face it, everyone uses Chrome rather than Edge so signing in with a Google account to sync your favourites is pretty handy. Managing this setup in an organisation is pretty easy. Sign up for G-Suite account, sync all your users from Azure AD, configure G-Suite to use AAD for authentication and you're done. Enterprise managed Google accounts for everyone at zero cost if you don't actually need G-Suite. Given the abo
Read more

DFS "Waiting for Initial Replication"

-
Taken directly from  Technet Forum  post by  scorprio_milo . Pop along and give them an up vote! You may encounter the error message "waiting for initial replication" when no primary member is currently specified on the DFS Replication. This DFS member is waiting for initial replication for replicated share folder Public and is not currently participating in replication. This delay can occur because the member is waiting for the DFS Replication service to retrieve replication settings from Active Directory. After the member detects that it is part of replication group, the member will begin initial replication.  Besides, there is also possiblity that DFS servers cannot contact domain controller which could result in the issue. 1. Please first verify that all the target folder of Public folder is enabled.   2. Please use Dfsradmin to set the primary member in the situation where there is an existing replication group that is waiting for initial replication and no primary
Read more

Setting Wallpaper for a Remote Desktop Session

-
Ah, the fun I had trawling around trying to find out how to set the wallpaper on a remote desktop session! The (seemingly) most obvious answer was changing the Wallpaper setting under Desktop in a GPO, but no. That setting explicitly states that it doesn't apply to RDP sessions, so back to the registry we go... I'm presuming here that we want these settings to apply to all the computers within a specific OU rather than to individual users. Create a new GPO "Wallpaper" Navigate to Computer Config/Policies/Admin Templates/System/Group Policy Set "Configure user Group Policy loopback processing mode" to Enabled with Mode as "Merge" Navigate to Computer Config/Policies/Admin Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment Set "Always show desktop on connection" to Enabled Set "Enforce Removal of Remote Desktop Wallpaper" to Disabled Navigate to Computer Con
Read more