Webbo’s World

Recently working on a File/Print server (that was also a backup DC) and began to receieve the following error from client PC’s trying to access it -

Login Failure: the target account name is incorrect

Most google posts seem to refer to checking DNS/WINS settings although in this case everything was fine. I could access the shares via \\192.168.xx.xx but not \\servername. Looking in to the error further there were some error logs referencing kerberos issues and the main clue was found after running netdiag. The netdiag report came back with the below error -

[FATAL] Secure channel to domain ’MYDOMAIN’ is broken. [ERROR_ACCESS_DENIED]

So if your having a similar issue then it’s usually a case of resetting the machine password via the netdom tool. If it’s occuring on a workstation you may want to just remove it from the domain and add it back on, however if a server has the issue then this Microsoft article will help -

http://support.microsoft.com/kb/329721 (Description of netdom.exe Syntax and Versions)
http://support.microsoft.com/kb/260575 (How To Use Netdom.exe to Reset Machine Account Passwords / Domain Controller)

Recently came across this problem on a Server 2008 box running Exchange 2007. Having downloaded the PFDAVAdmin utility and trying to connect to all mailboxes, it gives the below error when you try to expand any of them. Fortunately it’s a nice and easy fix!

Error:

Could not expand https://servername/exadmin/admin/domain/mbx/emailaddress/non_ipm_subtree/: Name cannot begin with the ‘0′ character, hexadecimal value 0×30. Line 1, position 417.

Fix:

Run the PFDAVAdmin utility from a workstation, can download from HERE
Download Microsoft .NET Framework 1.1 HERE
DO NOT install this on the Exchange 2007 server as it will most likely reset the current .NET 2.0 settings and break Exchange 2007.

Having configured a number of Exchange 2007 sites that only use a Single Name SSL certificate a few issues can be experienced. Outlook will often throw a couple errors your way if a few changes aren’t made to Exchange/DNS to ensure they point to the name used in the SSL certificate. These errors are below:

Outlook 2007 Errors:

Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site’s security certificate.

Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again Later.

If you’re seeing the above I’d suggest checking out the below site on how to best configure Exchange to suit the SSL certificate being used.

http://www.amset.info/exchange/singlenamessl.asp

Having recently found a Sony laptop that would not copy / sync a users profile during log off I had a hunt round google and found the below from Experts Exchange. Wouldn’t have expected this as the cause but carrying out the below solved the problem. One minor note on the particular Sony laptop was that the Sony Event service also needed to be disabled - otherwise the user was spammed with the Vaio Power management feature believing the speed / stamina switch had been changed and the Graphics settings were to be adjusted.

Domain Environment: Microsoft Server 2003/Server 2003 R2 SP2
Affected Operating Systems: Windows XP SP1/SP2/SP3, Vista

Solution:

I have found that the NVIDIA drivers can break roaming profiles functionality. Un-install the video drivers through add/remove programs. Reboot the workstation and see if the profile is written back to the server at logoff.

Re-install NVIDIA drivers & before re-starting the computer:

Go to

1) Start Menu>Run> type services.msc
Scroll down the list of services to: “NVIDIA Display Driver Service” Stop this service from running and also Disable the service from starting again.

2) Go to Start Menu>Run> type msconfig uncheck nwiz.exe, Nvcpl & RunDll32.exe NvMCTray.dll,NvTaskbarInit under startup tab. Then press apply & okay buttons. Do not restart the computer when prompted.

3) Go to Command Prompt:

Start Menu>Run> type cmd press okay
Browse to C:\windows\system32 folder
Cd\ <press enter>
Cd windows\system32 <press enter>
Manually rename the following files after installation and before rebooting:
ren nvcpl.dll nvcpl.dlx <press enter>
ren nvcplui.exe nvcplui.exx <press enter>

4) Reboot Computer & Confirm Profile writes back to server at logoff.

Recently had a problem whereby opening a spreadsheet within Excel 2003 would launch the application but the workbook will not open. No error was shown in this case, just the blank grey background. Sometimes this can by the excel.exe remaining open and running as  a ’stuck’ process, which can be resolved by loading Task Manager and killing it. Unfortunately that wasn’t the case this time so looking in to the problem I found it may or may not display an error:

Cannot find the file ‘path’ (or one of its components). Make sure the path and filename are correct and that all required libraries are available.

The problem is caused by the Ignore Other Applications setting being set on. To set it off, choose the menu command Tools->Options, navigate to the General tab, turn off the checkbox “Ignore other applications”, and then click OK.

From http://support.microsoft.com/kb/555924

1. Log on to the Hub Transport Server.
 2. Go to “Start” -> “Programs” -> “Microsoft Exchange Server 2007“.
 3. Open “Exchange Management Shell“.
 4. Write “Install-AntispamAgents.ps1” and press on the “Enter” key.
 5. Restart “Microsoft Exchange Transport” service.
 6. Go to “Start” -> “Programs” -> “Microsoft Exchange Server 2007“.
 7. Open “Exchange Management Console“.
 8. Navigate to “Microsoft Exchange” -> “Organization Configuration” > “Hub Transport“.
 9. A new tab, named “Anti-Spam” should appear.
 
 Note: To revert to Exchange 2007 default settings, use “uninstall-AntispamAgents.ps1”
             script and restart the “Microsoft Exchange Transport” service.

Having downloaded the Windows 7 x86 and x64 ISO’s I decided to start an install using VMWare Workstation 6.5. Using the automatic setup wizard within VMWare it picked the Windows 7 image up as a Windows Vista x64 PC, all the defaults that VMWare used for this allowed the install to begin perfectly and bar a slight ‘revamp’ it looked near identical to the current Windows Vista installation process.

Once installed there are a few immediate differences that are noticed, primarily the task bar and the introduction of Internet Explorer 8. There’s also a nice new ‘Action Center’ that appears to be the hub for general Maintenance and combines the previously known XP/Vista Security Center items.

UAC looks to have been thought through this time. As with Vista it can still be set to the ‘annoy the hell out of me’ setting which asks you to confirm everything you do on the PC, however the default setting is a more sensible one that only asks to confirm when a program tries to make a change to the PC. I haven’t really tested this yet but I plan too shortly.

The Control Panel has also changed slightly with how the ‘List’ view is shown. So far the setup seems to be running smoothly (although it’s not had a good kicking yet to really test it’s features) and it was a very easy install process, with the Windows 7 VM Machine now running I’ll start putting various security software on and post my findings!

One of our servers was beginning to run low on drive space - alot of emails had begun to accumulate in the UceArchive so I thought I’d move it out of C: on to another drive with more space. Here’s how:

1) Open Regedit via Start – Run and type in regedit – click Ok
2) Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\ContentFilter
3) Within the ContentFilter key, create the following String Value (REG_SZ): ArchiveDir  
4) Set the UceArchive folder path e.g. E:\Exchsrvr\Mailroot\vsi 1\UCEArchive.
5) Close Registry Editor, and restart the Simple Mail Transfer Protocol (SMTP) service.

Recently had an Exchange 2007 server give the following error when trying to enable Outlook Web Access for a user’s mailbox. In our case it turned out that the Microsoft Exchange System Attendant service wasn’t running – even though the startup type was Automatic.

Error:

An Exchange 2007 server on which an address list service is active cannot be found.

Fix:

1) Go to Start – Run – type in Services.msc
2) Look for the Microsoft Exchange System Attendant service
3) Start the service
4) Re-try enabling OWA for the user

If like me you’re trying to install the SQL Service Pack 4 (KB948119) via Microsoft Update and it fails (without any obvious error) then here’s a possible fix. I’ve found one reason may be if the MSSQL$SBSMONITORING service isn’t running – at least this was the case for me when it failed on various Windows Small Business Servers.

Fix:
1) Go to Start – Run – type in Services.msc
2) Look for the MSSQL$SBSMONITORING service
3) If this is stopped or disabled then double click the service name to bring the properties window up
4) Within the properties either start the service or set it’s startup type to Automatic and then start the service
5) Retry the Microsoft Update