sircles.net Computer Support The sircles.net blog | Windows Server

Twitter Feed Popout byInfofru

The sircles.net blog SEO, Copy Writing, Networking and Internet Safety & Security

CRM 2016 for Outlook - Cannot display the folder Path does not exist Verify the path is correct

If you are seeing the following in CRM 2016 using Outlook 2016: Then you should check the registry

If you are seeing the following in CRM 2016 using Outlook 2016:

Then you should check the registry - this commonly occurs when the user has migrated or upgraded office and the system has used the incorrect 32 or 64 bit registry settings.

Start registry editor as your normal logon user - i.e. the one that you use for Outlook rather than an Admin user - and under HK_Current_User go to software>Microsoft>MSCRM and have a look under these keys:

Make sure that the CRM_Client_InstallDir and InstallPath keys point to either program files (x86) or program files as befits your Microsoft Office install.

CRM_Client_InstallPath should be:    C:\Program Files (x86)\Microsoft Dynamics CRM\ or C:\Program Files\Microsoft Dynamics CRM\ for 32 and 64 bit respectively.

InstallPath should be:    C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ or C:\Program Files\Microsoft Dynamics CRM\Client\ for 32 and 64 bit respectively

 

 

HP DL360 G7 Red Screen of Death Illegal OpCode

This is a fairly disturbing occurrence - when your server, instead of booting-up, just after one rec

This is a fairly disturbing occurrence - when your server, instead of booting-up, just after one recommended update or a fist time reboot after install you receive a bright red screen explaining that the server feels it has done enough and will proceed no further. Not great news if you have a lot of users awaiting emails or database results and even worse if you've never seen it before.

 

 

Well this error can be related to a few problems related to running various forms of Linux on SD card drives but it can also affect those of us just running plain old Windows Server on the inbuilt 410i RAID controller.

In essence the message means that it is unable to read the boot device and so has thrown an HP level issue instead of a standard Windows or BIOS error.

I have found this problem in connection with the following:

  • Installing using iLO3 with a network accessed ISO file and then rebooting for the first time
  • Installing a recommended update to the NICs that made the whole server BSOD and then reboot into this and so we had to fix the error to find out that the DB was intact
  • Updating BIOS for the motherboard that has somehow disabled the USB boot in the BIOS and so lost the SD card boot device (which I was using on that occassion)
  • Installed the Windows iLO3 drivers which then somehow told Windows, because there was an ISO listed in the ILO3 boot-up system, that Windows was not the boot device

In order to fix these issues you should:

  1. Update the iLO3 firmware as there is a fix in th elatest versions (allegedly) but I have found this unreliable
  2. Disable the iLO if this fails at boot-up
  3. Change the boot order in BIOS so that your boot device is first and then:
  4. Boot from a Windows DVD and ensure you can see the boot volume and then use the inbuilt repair (this seems to be the best solution for Windows installs)

If all the above fails you can just try unplugging all the PSUs for ten minutes as this is a recommended solution from HP but only for the G8 servers. 

Good luck with a really distressing and fairly futile error screen.

WBAdmin snap-in failed to initailise

The other day we had an issue with the Windows Backup on a Windows 2012 R2 server that had previousl

The other day we had an issue with the Windows Backup on a Windows 2012 R2 server that had previously backed up OK.

On start-up of the Windows Backup application we received a message saying that the windows backup wbadmin snap-in failed to start and that we should restart the service and retry the snap-in.

When we tried the command line we received a message saying that the command was not available on portable workstations

After some looking around we found that a possible cause was that the registry had this entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

PortableOperatingSystem = 1

So we changed to 1 and then wbadmin stated that there were no jobs scheduled.

We then ran the following command in order:

  1. Get-WBPolicy | Remove-WBPolicy
  2. Remove-WBBackupSet
  3. Remove-WBCatalog
  4. get-Service *wb* | Start-Service
  5. Restart Windows Server Backup

We then found that the backup record was destroyed but that the service could be run in the GUI once more.

The TCP/IP Protocol Microsoft DNS Microsoft Active Directory FSMO Roles

Windows Server Security Practices Your Windows network is reliant on a few basic elements that allow

Windows Server Security Practices

 

Elements Required for Active Directory

Microsoft DNS - This is a very different animal in Windows 2000/3 compared to NT4, not because of the way it does anything but because of what it is used for. Microsoft NT4, Windows 95/8 uses WINS - the Windows Internet Naming Service (rather confusingly named) to locate each other over inter-connecting LANs. The system basically works with DHCP, the Dynamic Host Configuration Protocol which ascribes an IP Address to your Network Interface Card and supplies the Default Gateway, DNS Server and WINS server and also registers you with WINS at the same time. One WINS server then replicates with another on another LAN and then the hosts can look up your workstation on their own LAN and the communication can be successfully routed between machines. DNS was simply for looking up domains on the Internet at this stage and had a 'Reverse WINS Lookup' feature for tracking down workstations from the DNS server. Microsoft DNS on Windows 2000 has the option of being entirely dynamic. It can be configured to live in Active Directory, has built in reverse lookup and is updatable just as WINS is from the DHCP server negotiation.- better!

TCP/IP - The Transport Control Protocol / Internet Protocol. This is just moving from it's fourth to sixth incarnation at present and it is a complicated protocol. It is routable in more ways than you can wave an Ethernet cable at and with version 6 supports IPSec as standard. It is the basis of nearly all inter communication of computers today, whether we are talking about Macintosh, Netware, Linux or Windows, they are most likely using TCP/IP to speak with their cohorts. Microsoft have favoured it for some time whilst Netware moved over at version 5. Macintosh jumped on the wagon (as opposed to leading the way as they normally do) and began dropping AppleTalk with the arrival of OSX. Although TCP/IP is referred to as a single protocol it is not. It is a standard set of amalgamated systems and the resultant protocol lives in layer 3 of the standard model. As with all other communications protocols, TCP/IP is composed of layers:
The Internet Protocol (IP) - is responsible for moving packets of data from one node to another. IP forwards each packet based on a four byte destination address (the IP address). The Internet authorities assign ranges of numbers to different organizations. The organizations assign groups of their numbers to departments. IP operates on gateway machines that move data from department to organization to region and then around the world. Each computer using the internet can do so because at some level it is using an IP address. Typically in most networks nowadays your LAN may have only one 'real' IP address at your router or firewall and your computer may use a 192.168.x.x or 10.1.x.x address. These are reserved address sets for computers in internal LANs and are assigned to no one. This is made possible by NAT and PAT which stand for Network Address Translation and Port Address Translation which is performed by your router or firewall so as to redirect any traffic your machine requested back to you.

The Transport Control Protocol (TCP)- is responsible for verifying the correct delivery of data from client to server. Data can be lost in the intermediate network. TCP adds support to detect errors or lost data and to trigger retransmission until the data is correctly and completely received. TCP makes TCP/IP a very robust system and allows different sections of the Internet to fall over and reroute data constantly and seamlessly.

Port Numbers - is a name given to packages of subroutines that provide access to TCP/IP on most systems. A socket is a combination of a port number and an IP Address and therefore uniquely identifies a network process on any individual network. There are many standardized port numbers such as 80 for HTTP and 25 for SMTP etc. A port number is basically a feature of a packet just like the routing header. It is a property that, instead of deciding where it is going, like the IP Address, it decides what it will do when it gets there and most likely whether it will be allowed to get there or not.

Microsoft Active Directory - Don't be put off by the way this is continuously described by Microsoft as all sorts of different things. The simple nuts and bolts of it are most easily described as follows. AD is a secured and replicated set of files shared around the domain or domains that allow all of the clients and servers to share and use information. For those of us familiar with the nuts and bolts of a Windows PC, it's like a replicated registry that is shared around the Domain Controllers. It sits in different files, just like the registry did, and it can be edited with a straightforward tool, just like the registry. It relies on five central roles for a forest to function. (A Forest is a collection of Domain Trees - yes I know very clever etc.) The replicated information that is shared to non DC clients is stored in the SYSVOL share on a DC and there will be a folder inside for each domain storing policies, scripts and other information. The old Netlogon share is now inside of the shared SYSVOL directory but is still shared as Netlogon for backwards compatibility. The Database of all DC only AD information is kept inside %systemroot%\SYSVOL - note that the SYSVOL folder shared to clients is inside of the first sysvol directory i.e. at %systemroot%\SYSVOL\SYSVOL. The database itself and the log files by default are kept in %systemroot%\WINDOWS\NTDS but the location can be specified when installing Active Directory to a server.

FSMO Roles - Flexible Single Master Operations (Pronounced by all the guys on the Microsoft Websites as Fuszmo.) So there you are, after all of the fuss Microsoft made about Windows 2000/3 no longer requiring a PDC or BDC it turns out that there are five different sorts of the darn things.
PDC Emulator - All Winnt fans know what this guy is bound to do. He emulated the old PDC on behalf of backwards compatibility. He also creates group policy objects and synchronizes the w32time service.
RID Master - Hands out the Global Unique Identifiers to each Domain Controller. Each object in Active Directory must have one to be indexed in the registry-like list. The RID hands out different sets to each DC for labelling all of the objects created on it.
Infrastructure Master - This guy is the Ambassador. He is monitoring everything to do with memberships of trusts and other domains. He checks that you are allowed into the country by having a good look at your passport- well you know the way things are these days.
Domain Naming Master - This ol' gal is the only central repository for child domain names. There is only one in an attempt to prevent duplicate domain names. Just as well, duplicate computer names are bad enough!
Schema Master - This fellow is responsible for changes to the Schema of Active Directory. In other words he is the man who alters the way in which data is stored inside of any types of object. If you want to add a field to the standard computer object then you've got to ask him.

OK so there we have it. It is worth remembering that Active Directory is dependant, not only on all of the FSMO bear roles but also on TCP/IP and Microsoft DNS because without either there is no transport with or from Active Directory.

So based on these observations we will start with a few pointers. When you are building or designing your new Windows Active Directory you will want to minimize network traffic and administration and to optimize ease of use. This may seem a confusing and daunting task but let us get things in perspective. Active Directory goes a long way to doing this itself and the design does not have to be completed before you begin your upgrades/installs. If it is not a huge network - i.e. less than 10 sites and 20 Domain Controllers - you are not going to notice a huge impact on how you do things anyhow, unless there are a lot of different bandwidth connections. Windows  Active Directory is based on replication and it can cause networking problems and bottlenecks when it gets itself confused and is using all of the available bandwidth, but these services can be stopped if they are bringing things to a halt whilst you work out what is going on. Active Directory does do some funny things just because of the order in which it is created so make sure you design your Upgrade path from the centre of your networks where the most bandwidth lies moving out gradually toward the more remote slower sites. But all of this is scare-mongering as much as anything else. If you are just upgrading or designing a single LAN network then the most important part is to choose the correct specification of servers and make sure you have checked with manufacturers and software designers that the upgrade paths have been tested and are supported. (This still doesn't guarantee anything so if you can, test it on a dummy example.) The worst kind of Microsoft designers are those who come to the job with all of the AD knowledge in the world but have neglected to think about where the servers will be plugged in. Try and effect a policy of security and robustness in where the servers are and how they are looked after as well as in how Windows is configured. Many server compromises are at source, remember that.

Some services work better together than others. The Domain Controllers should be DNS Servers, there is no point having a domain controller if it has no access to DNS and it forgoes the risk of losing communications during adding and removing Domain Controllers which can lead to catastrophic results. If there is a DNS server on board then you always at lease have a single copy of what is happening in the domain and it can be replicated once network communications have been restored. If there is only one DC in a site then they should be set as a Global Catalogue, a Global Catalogue keeps a copy of every object in the forest and if a site needs information on part of the forest it must be able to retrieve it without running home to momma down a slow connection. Sometimes replication must be set to copy to more remote sites when the office is out of use to retain bandwidth but replication can always be halted if a connection is beginning to feel the strain. Sites are important and define the replication characteristics of Active Directory. A site boundary should indicate where there is a connection to the main LAN over a lower bandwidth; just because you need a separate Windows site doesn't mean an separate Exchange site, Exchange is another animal when it comes to designing site boundaries.

A dedicated Domain Controller is always a good idea, a server that can deal with the FSMO roles which need not be distributed over different servers unless your domain exceeds 2000 clients. The FSMO roles are a difficult point because there are they are single entity for an entire domain. With enough changes being made to the domain the workload can become such that you will have to redistribute the roles to multiple servers, the name changing role and the schema and operations master are a good place to start. As a rule, if you are including Microsoft Exchange, the Domain Controllers should have the Active Directory Connector for Microsoft Exchange installed and it is also a good machine to have in charge of your antivirus and DHCP. WINS should be phased out once all clients and servers have been moved over to 8 or 10 and your network performance and reliability should start to increase as duplicate WINS entries and the need to replicate the WINS servers become things of the past.
 
Lastly always change the logon name for the Administrator account to something difficult to guess as a lot of the scripts that people run trying to compromise security rely on password lists which pre-supposes the administrator account login name.

Cryptocard Windows SafeNet Logon Agent with Windows 2012 R2 Remote Desktop

29. March 2016 21:44 by sirclesadmin in Windows Server, Remote Desktop
Just a quick not to explain what happened with our install of this: We were upgrading from the BSID

Just a quick not to explain what happened with our install of this:

We were upgrading from the BSID Black Shield ID 2.7 Windows Agent software on a Windows 2008 R2 machine but keeping the current (for now) Blackshield 2.7 installation of the administration and SQL installs. Our new remote desktop server was a new 2012 R2 box and we installed the x64 Windows 8.1 Safenet agent as described in the install notes.

The installation went as planned and asked for the NetBIOS names of the two authentication servers which we entered as requested.

When it came to testing however the system described the user authentication as having failed.

When we checked the logs of the authentication servers running BSID 2.7 there was no entry and when we ran the Windows Agent software on the Remote Desktop machine it only showed the 'Help' tab rather than the rest.

The simple solution was that when we right-clicked the software and 'ran as administrator' the system reported that part of the registry concerning the software was corrupt and had to be removed. We agreed to this by clicking OK and were then presented with all the tabs as normal and were able to populate the correct server names as required. the system now appears to authenticate as expected...

Windows 2012 R2 New Install Stuck After Installing Office 365 for Remote Desktop VM

After installing Office 365 as per the post below the Windows 2012 R2 Remote Desktop on my VM the in

After installing Office 365 as per the post below the Windows 2012 R2 Remote Desktop VM the system indicated that it had to restart to activate office 365 and so this is what I did.

The system then decided it had to perform updates during the restart which was fine and it continued to get to 30% where it stayed for 24hrs. Assuming that there was no choice the machine was restarted again and this time the whole system got to configuring updates at 6% and stayed there for 3 days.

Every time the server was reset this was the outcome. 

Having looked through a few suggestions I performed the following:

1. Amended the 'Automatic Start action' on virtual machine settings so that secure boot was disabled

2. Started up the troubleshooting option from the startup repair and chose the command prompt whereupon I performed the following:

3. Renamed the softwaredistribution folder to softwaredistribution.old on the assumption that a new folder will be created when the windowsupdate service next tries a download.

4. Searched for all pending.xml.* files in Windows\WinSXS and deleted them

5. Ran 'dism /image:C:\ /cleanup-image /revertpendingactions' to clear any awaiting updates.

6. Created a blank pending.xml file in WinSXS (not sure if this made a difference but it was a piece of advice seen here: https://social.technet.microsoft.com/Forums/en-US/7364c2ff-1d52-4767-bfec-d97d42921d5c/interrupted-vm-stuck?forum=winserverhyperv) which they did using 'echo > pending.xml' whilst in Windows\WinSXS\ and then rebooted.

The VM undid all of the updates and started up and the Office 365 on Remote Desktop Virtual Machine asked for an email address with which to activate - only took 6 days then!!!