2012-12-06

Install 7-Zip with all file extension associations

Create a bat file and use it for installs, code:


msiexec /i 7z920-x64.msi /q
@Echo off
Set "cmpn=7z#0 arj#4 bz2#2 bzip2#2 cab#7 cpio#12 deb#11 dmg#17 fat#21 gz#14 gzip#14 hfs#18 iso#8 lha#6 lzh#6 lzma#16 ntfs#22 rar#3 rpm#10 split#9 swm#15 tar#13 taz#5 tbz#2 tbz2#2 tgz#14 tpz#14 vhd#20 wim#15 xar#19 xz#23 z#5 zip#1"
For %%I In (%cmpn%) Do For /F "tokens=1* Delims=#" %%a In ("%%I") Do Call :ass_set %%a %%b
Exit
:ass_set
reg add "HKCR\.%1" /ve /t REG_SZ /d "7-Zip.%1" /f>Nul
reg add "HKCR\7-Zip.%1" /ve /t REG_SZ /d "%1 Archive" /f>Nul
reg add "HKCR\7-Zip.%1\DefaultIcon" /ve /t REG_SZ /d "%PROGRAMFILES%\7-Zip\7z.dll,%2" /f>Nul
reg add "HKCR\7-Zip.%1\shell" /ve /t REG_SZ /d "" /f>Nul
reg add "HKCR\7-Zip.%1\shell\open" /ve /t REG_SZ /d "" /f>Nul
reg add "HKCR\7-Zip.%1\shell\open\command" /ve /t REG_SZ /d "\"%PROGRAMFILES%\7-Zip\7zFM.exe\" \"%%1\"" /f>Nul
GoTo :EOF



2012-12-03

MSCCM 2012 exchange connector error 8801

If you see this error in your MSCCM 2012 Monitoring workspace, under System Status -> Component Status


Connection to Exchange server http://exchangeCAS.domain.com/powershell failed. 
Possible cause: incorrect server address or server address not reachable.

And/or receive this alert:

Operation: Mobile device management
Type: Exchange Server connector connection failure
Description: Generate an alert if the Exchange Server connector on the YourSite site failed to connect to the configured Exchange Server.

Try opening URL http://exchangeCAS.domain.com/powershell with the same user you configured for Exchange Connector in MSCCM 2012. If you get:
 401 - Unauthorized: Access is denied due to invalid credentials

Open IIS7 manager on your exchange CAS server, expand to site element PowerShell, select it and open Authentication. Enable Windows Authentication and check that it has NTLM in Providers list.

Links:

2012-11-18

Configuring auto reply for Public Folder and preventing Mail Loops

System:
Exchange 2010 SP2

Goal:
Have a public folder which lets your clients know that their message is received and does not reply to NDR or other kinds of automatically generated messages, such as auto replies etc. to prevent mail loops.
Users will send mail to queries@domain.com

Steps:
1. Create auto-reply public folder.
2. Mail enable it.
3. Create Mailbox user which will be responsible for configuring auto-reply on this public folder, you can also assign existing one. I will use a mailbox noreply@domain.com.
4. Grant your mailbox user "Send-as" permissions on auto-reply public folder.
5. Make noreply@domain.com mailbox user Owner of the public folder auto-reply.

6. Create public folder which will receive user mail - queries.
7. On public folder queries properties enable forwarding of mail copies to auto-reply public folder.
8. Using Folder Assistant create auto reply rule for auto-reply public folder which will auto reply to mails sent to queries@domain.com and then delete the messages.
9. While you're at it also add a rule to delete messages sent to auto-reply (this prevents the piling of useless messages sent automatically to your auto-reply public-folder in cases of NDR's or automatic replies from users).
10. To enable automatic replies for users outside your organization you will need to check the "Allow Automatic Replies" on Remote Domains "Message Format" tab for the Hub Transport role under Organization Configuration in Exchange Management Console.

Links:
http://www.straightupsearch.com/social-media/technology/oneupweb-how-to-configure-auto-reply-from-a-mail-enabled-public-folder-using-exchange-2010-sp1/comment-page-1/#comment-205863
http://social.technet.microsoft.com/Forums/en-US/exchangesvrgenerallegacy/thread/48e6ddde-731b-4119-b3ee-412f5f101279

2012-10-01

Auto Reply when email sent to a Distribution Group (Exchange 2010)

If you need to auto reply to all messages sent to an Exchange 2010 Distribution Group, you will be disappointed as there is no straightforward way to do that. 

First thing that came to mind was Transport Rules, but there is no "reply" option.

Therefore I had to create an mailbox account, make it a member of Distribution Group and configure reply rule on that mailbox. 
Also for this to work you have to enable "Send out-of-office message to originator" on the Distribution Group properties.

So here is a step by step:

1. Create new mailbox like noreply@domain.com
2. Make it a member of desired Distribution Group
3. In Exchange Management Console open properties of desired Distribution Group and choose Advanced tab. Turn on "Send out-of-office message to originator".
4. Configure noreply@domain.com exchange account on outlook (because owa won't let you create auto reply rules).
5. In outlook create a rule:

Apply this rule after the message arrives
from people or distribution list (select your distribution group)
have server reply using a specific message (create your message "Save & Close" it)

6. (optional) Create another rule to delete messages delivered to your noreply mailbox, make sure "delete rule" is below "reply rule" or messages will get deleted before reply rule is applied.

You could also Set Automatic Replies in owa for noreply@domain.com mailbox, if you only need auto replies for one Distribution Group. However with the suggested solution above, you can use this mailbox for as many Distribution Groups as you want by creating additional rules specifying different "from people or distribution list" for each Distribution Group and specifying different message to reply with.

Also have in mind that deleted messages will be moved to "Deleted Items" in noreply@domain.com mailbox, so you will have to do some maintenance or setup a Retention Policy.

2012-09-24

Shared folders on windows 7 can't be accessed from windows XP machines


I had a problem accessing file shares from windows XP machines, it worked at first, but after some time the following error started to occur:
\\server\folder is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.
Not enough server storage is available to process this command.
Examining Windows 7 computer event logs, I found following error in system logs:
source: srv
Event ID: 2017
The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.
This led me to the solution:
Open regedit and change the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache 
 Value = 1
HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\Size
Value = 3

Task 'me@emaildomain.com Sending' reported error (0x800CCC78) : 'Unable to send the message. Please verify the e-mail address in your account properties. The server responded: 530 5.7.1 Client was not authenticated'


IMAP and POP3 users with outlook 2003 were getting this error when trying to send mail:
Task 'me@emaildomain.com Sending' reported error (0x800CCC78) : 'Unable to send the message. Please verify the e-mail address in your account properties.  The server responded: 530 5.7.1 Client was not authenticated'
 Since they were connecting to exchange 2010 Hub Transport server as their SMTP server, I had to adjust "Authentication" tab of default receive connector for Client Email.
What fixed the problem - unticking "Offer Basic authentication only after starting TLS".

Other possible causes:
In outlook account properties Advanced tab untick "This server requires an encrypted connection (SSL)"

Configuring Exchange 2010 Autodiscover for internal clients


Problem - internal exchange clients depending on you environment receive one of the following certificate  errors/warnings:
Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the site's security certificate.
The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority.
The security certificate has expired or is not yet valid.
The name on the security certificate is invalid or does not match the name of the site.
most probably you will be seeing the last error unless you have some self signed certificate in place, this happens because internal exchange server FQDN differs from external FQDN with the latter defined in the trusted certificate you bought.
Solution:
Change Autodiscover Service Internal Uri to the external FQDN (make sure it resolves to your exchange CAS server or CAS array)
Set-ClientAccessServer -Identity CASServer -AutoDiscoverServiceInternalUri https://email.domain.com/Autodiscover/Autodiscover.xml
Now Autodiscover service for internal clients will work without certificate errors as long as you have valid certificate for your OWA FQDN.

Links:

New-EdgeSubscription: You can't use the FileName parameter when running this command.


After installing Exchange 2010 Edge role I have tried to create Edge Subscription file and got the following error:
[PS] C:\Users\Administrator\Desktop>New-EdgeSubscription -FileName "c:\edgesusbscription.xml"
New-EdgeSubscription : You can't use the FileName parameter when running this command inside your Exchange organization
.
At line:1 char:21
+ New-EdgeSubscription <<<< -FileName "c:\edgesusbscription.xml"
+ CategoryInfo : InvalidOperation: (:) [New-EdgeSubscription], InvalidOperationException
+ FullyQualifiedErrorId : 780CD20B,Microsoft.Exchange.Management.SystemConfigurationTasks.NewEdgeSubscription
At first the cause was a mystery to me, but after searching the web I found some clues, reading some posts someone mentioned that they experienced same thing when server was renamed after Edge role installation.
This gave me an idea what could be a problem in my case. After I installed the server I automatically  joined it to the domain and installed Edge, then I came to my senses that it's no good idea to make Edge server part of a domain :) So I removed the server from the domain.
And that what caused my problems.
To fix this I had to rejoin the domain and only then I could uninstall Edge role (errors prevented uninstalling it while the environment was different from one I installed on).
Then I could leave the domain, install Edge role and successfully create Edge Subscription file using New-EdgeSubscription cmdlet.

MSCCM 2012 - Fail to create SQL Server Certificate, ConfigMGR installation cannot be completed.


If you encounter this error "Fail to create SQL Server Certificate, ConfigMGR installation cannot be completed." while installing Microsoft System Center Configuration Manager 2012, and see something similar to this in your installation log:
Failed to get SID for User 'NT SERVICE\
Try changing the user of SQL SERVER (MSQLSERVER) service to Local System for installation purposes.


OraClient only administrator can connect to database.


I had this situation in RDSH environment.
Application would not connect to oracle database unless the user launching application had administrator rights, or administrator in another session had the application open at the time of regular users were trying to connect.
Solution to this is to grant the regular users "Create Global Objects" right via GPO or Local Security Policy.
To do this in GPO navigate to:
Computer Configuration
Policies
Windows
Security Settings
Local Policies->User Rights Assignment

Add the groups of users who need to use the application.

Links:

Wordpress Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File is not within the allowed path(s)


wordpress Warning: is_dir() [function.is-dir]: open_basedir restriction in effect. File(\path\upload\) is not within the allowed path(s)
To fix this error in wordpress try change upload folder to default:
Login to wordpress administration
Settings -> Miscellaneous -> Store uploads in this folder: wp-content/uploads

Links:

Exchange 2010 change default OU for Mail Contacts.


I was not able to find a way to change default OU for Mail Contacts so I've changed default OU for  user objects in AD.
This is not elegant solution, but in my case it's ok, because all other users are created directly in OU where he belongs and we have no Users Objects created in default users OU in our environment.
To change default user OU for Active Directory I used this command on domain controller (in cmd):
ReDirUsr "OU=External Contacts,OU=mycompany,DC=domain,DC=com"
Your Domain Controller must be at least in 2003 functional level.

Links:

Exchange 2010 change default OU for Distribution Groups.


To change default Organization Unit for newly created Distribution Groups run this cmdlet in Exchange Management Shell:
Set-OrganizationConfig –DistributionGroupDefaultOU "OU=distribution groups, DC=domain,DC=local"
Links:

Exchange 2010 OWA: An unexpected error occurred and your request couldn’t be handled


If you receive this error after installing Exchange 2010 service pack you might want to delete any custom bindings on your Default Web Site in IIS.
To do this open IIS Manager, expand your server->sites and select Default Web Site, right click it and  choose Edit Bindings... Remove any custom headers you added and it should work right away.

Links:

Exchange 2010 OWA errors after SP2.


After installing Exchange 2010 SP2 I started to receive errors in OWA:
Your request couldn't be completed.
This may have occurred for security reasons or because your session timed out.
This error does not happen if you open OWA via HTTPS.
To be able to use OWA via HTTP without this error you need to edit web.config file located in:
C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\Owa\web.config
find line:
true
" domain="" />
and change requireSSL to false
false
" domain="" />
Save the file and OWA should work fine.

Moodle: Disable confirmation email when enrolling to courses


In moodle 2.2.1 you do this in Enrolment plugin settings.
For example to disable confirmation emails when self-enroling to courses you would go to:
Site Administration
Plugins
Enrolments
Self Enrolment
Untick checkbox - "Send course welcome message"

Links:

Moodle: You can not enrol yourself in this course.


If you want to let your users to enroll themselves to courses, first you have to enable Self Enrollment plugin, and second - enable Self Enrollment option on courses of your choice.
1) To enable Self Enrollment plugin:
Go to Site Administration->Plugins->Enrolments->Manage Enrol plugins and enable (open the eye) Self enrolment
If you wish that all courses added from this point forward would have Self Enrolment enabled, click Settings next to Self enrolment and mark the ckeck-box next to "Add instance to new courses".
2) To enable Self enrolment for courses added before step 1:
Open the course
On the "Course administration" expand Users and click on Enrolment methods.
Enable Self enrolment (open the eye).

Exchange ActiveSync doesn't have sufficient permissions


If you are having trouble configuring Exchange ActiveSync on your mobile device and Event Logs on Exchange Server report this error:
Exchange ActiveSync doesn't have sufficient permissions to create the "CN=Someone,OU=Users,DC=company,DC=domain,DC=com" container under Active Directory user "Active Directory operation failed on exchange.domain.com. This error is not retriable. Additional information: Access is denied.
Active directory response: 00000005: SecErr: DSID-031521D0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
".
Make sure the user has inherited permission granted to domain\Exchange Servers to allow List, Create child, Delete child of object type "msExchangeActiveSyncDevices" and doesn't have any deny permissions that block such operations.
You need to enable inheritance on the user having this problem:
Open Active Directory Users and Computers
Turn on Advanced Features under View
Open properties of the user you are trying to setup ActiveSync for
On Security tab select Advanced
Tick check-box next to "Allow inheritable permissions from the parent to propagate to this object and all child objects. Include these with entries explicitly defined here."
Click OK and OK again.

If after some time you notice that inheritable permissions are gone read here - http://www.pupils.lt/?p=524
Links:


550 5.7.1 Client does not have permissions to send as this sender


You might experience this problem when sending mail via POP3 or IMAP while OWA works fine.
On Exchange Server 2010 you can try the following steps:
1) Go the the Exchange Management Console and select the user experiencing this problem. Right Click, go to the send as permissions option.. check that User NT AUTHORITY\SELF is listed. If not add it.
2) In Exchange Management Shell execute:
add-adpermission "ConnectorName" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender
3) In Exchange Management Shell execute:
Add-AdPermission -Identity "ConnectorName" -User "NT AUTHORITY\Authenticated Users" -ExtendedRights ms-Exch-SMTP-Accept-Any-Sender
4) If you get an error, it is necessary to remove the account or repair it within Outlook, or else the error will 'stick' until you do.
note:  you have to perform steps 2 or/and 3 for both internal and external connectors.
Links:

Inheritable permissions on AD users are automatically disabled.


If you need to enable inheritable permissions on some AD users and after enabling it you constantly find them disabled in a hour or so, you can enable inheritance on  the adminSDHolder container by using Active Directory Users and Computers. The path of the adminSDHolder container is CN=adminSDHolder,CN=System,DC=,DC= 
Note If you use Active Directory Users and Computers, make sure that Advanced Features is selected on theView menu. 
To enable inheritance on the adminSDHolder container:
  1. Right-click the container, and then click Properties.
  2. Click the Security tab.
  3. Click Advanced.
  4. Click to select the Allow Inheritable permissions to propagate to this object and all child objectscheck box .
  5. Click OK, and then click Close.
This is a workaround and not the ideal solution, read more about it here:

Adding MSSQL Server in OpManager


Wasted some time on this so here is a quick copy-paste from - http://www.manageengine.com/network-monitoring/help/userguide/monitoring_mssql.html

Monitoring MSSQL Parameters


MSSQL Services and Parameters can be monitored using WMI. Here are the steps to associate the MSSQL monitors to a device:
  1. Go to the snapshot page of a device that has MSSQL running.
  2. Scroll down and select the Monitors tab.
  3. Click on Performance Monitors. The monitors are listed on the right.
  4. Click the Add Monitor button on the right. A list of monitors is displayed.
  5. Click the MSSQL Monitors button on top of this list. The monitors of all the MSSQL parameters are displayed.
  6. From this list, select the required MSSQL Monitors and associate it to the Server.

Samsung Galaxy S2 Exchange account on Android - cannot open connection with server due to security error


When configuring Exchange mailbox on Galaxy S2 I received this error:
"cannot open connection with server due to security error"
This error is due to the notification message you receive in the background on your phone, drag down your screen and Accept the security changes.

Exchange 2010 Organization Prerequisites Fail - The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later.


If you get this error during Exchange 2010 Setup Prerequisites check:
Organization Prerequisites
Failed
Error:
The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2010, the forest functional level must be at least Windows Server 2003 native.
Warning:
Setup is going to prepare the organization for Exchange 2010 by using 'Setup /PrepareAD'. No Exchange 2007 server roles have been detected in this topology. After this operation, you will not be able to install any Exchange 2007 server roles.
Logon to your domain controller, open Active Directory Domains And Trusts, right-click on Active Directory Domains And Trusts and choose Raise Forest Functional Level...
Raise it to at least Windows Server 2003.
Wait a while for changes to replicate to other DCs and rerun Exchange 2010 Setup Prerequisites.

Moodle - change access URL


If you entered localhost or some other access URL for local testing when installing moodle and your actual users will be using another URL to access your moodle site, they will be getting this error (and be redirected to the address you entered):
Incorrect access detected, this server may be accessed only through "http://localhost" address, sorry.
Please notify server administrator.

You can change this URL in config.php which is found in your moodle folder (for example: C:\inetpub\moodle\config.php).
Open it with notepad, find: "$CFG->wwwroot" and modify it to whatever you need, for example:
$CFG->wwwroot = 'http://learning/';
Save the file. Then your users will be able to access your moodle site via http://learning/

Links:

Moodle - Configuring LDAP authentication plugin with MS AD.


If you need moodle to authenticate users against Microsoft Active Directory there is a nice guide on moodle.org - http://docs.moodle.org/22/en/LDAP_authentication

However I did not succeed after reading it and had to make some additional forum browsing.
I lacked the actual example(s) of working configuration so here I will try to provide one.
This is how my working LDAP Authentication plugin configuration looks like (with SSO enabled):
LDAP server settings
Host URL: 10.1.1.1 (IP of domain controller)
Version: 3
LDAP encoding: utf-8
Bind settings
Hide passwords: yes
Distinguished name: CN=Administrator,OU=Special Accounts,OU=Admin Objects,DC=mydomain,DC=com (account with permission to read users in AD)
Password: password
User lookup settings
User type: MS ActiveDirectory
Contexts: DC=mydomain,DC=com
Search subcontexts: yes
Deference aliases: no
User attribute: samaccountname (the actual AD attribute to lookup for moodle username)
Course creator
Creators: cn=moodleteachers,ou=Users,dc=mydomain,dc=com
NTLM SSO
Enable: yes
Subnet: 10.0.0.0/8
MS IE fast path?: no
Authentication type: NTLM

Moodle - Fatal error: $CFG->dataroot is not writable, admin has to fix directory permissions! Exiting.


If users get this error:
Fatal error: $CFG->dataroot is not writable, admin has to fix directory permissions! Exiting.
when trying to login to moodle, most probably (and obivously from the error itself) they do not have the write permission to dataroot folder defined in config.php for example:
$CFG->dataroot = 'C:\\inetpub\\moodle\\moodledata';

In my case on windows web server I was using SSO (Single Sign On) via NTLM, so the solution was to give "Modify" permissions for "Authenticated Users". After that automatic logons started to work as intended.
Of course you don't have to give permissions for all authenticated users, only the users who actually will be loging to moodle need them.

Black Logon Screen Windows Server 2003 R2


If your logon screen is black, but you can see the windows server logo, chances are you encountered same problem as I did.
Logon and open regedit.
Navigate to HKEY_USERS\.DEFAULT\Control Panel\Colors
if you see all values set to "0" you will need to fix them.
"ActiveBorder"="212 208 200"
"ActiveTitle"="0 84 227"
"AppWorkSpace"="128 128 128"
"Background"="0 78 152"
"ButtonAlternateFace"="181 181 181"
"ButtonDkShadow"="113 111 100"
"ButtonFace"="236 233 216"
"ButtonHilight"="255 255 255"
"ButtonLight"="241 239 226"
"ButtonShadow"="172 168 153"
"ButtonText"="0 0 0"
"GradientActiveTitle"="61 149 255"
"GradientInactiveTitle"="157 185 235"
"GrayText"="172 168 153"
"Hilight"="49 106 197"
"HilightText"="255 255 255"
"HotTrackingColor"="0 0 128"
"InactiveBorder"="212 208 200"
"InactiveTitle"="122 150 223"
"InactiveTitleText"="216 228 248"
"InfoText"="0 0 0"
"InfoWindow"="255 255 225"
"Menu"="255 255 255"
"MenuText"="0 0 0"
"Scrollbar"="212 208 200"
"TitleText"="255 255 255"
"Window"="255 255 255"
"WindowFrame"="0 0 0"
"WindowText"="0 0 0"
"MenuHilight"="49 106 197"
"MenuBar"="236 233 216"
Links:

Intel Rapid Storage Technology not working on Server 2008 R2 (Intel RST service is not running)


Intel Rapid Storage Technology software icon in taskbar reports this error. If you try to start the service "Intel Rapid Storage Technology" manually you'll probably encounter another error: "Windows could not start the Intel Rapid Storage Technology service on Local Computer. Error 1067: The process terminated unexpectedly."
Adding .NET Framework 3.5.1 features  under Features in Server Manager fixed this for me.

Cannot copy [filename]: insufficient system resources exist to complete the requested service.


When trying to copy large file to Windows Server 2003 "Cannot copy [filename]: insufficient system resources exist to complete the requested service." error appears.
To solve this you may have to change two registry settings. You must always change the first setting. Depending on the configuration of your system, you may also have to change the second setting.
First setting:
Open regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ create new DWORD Value registry key PoolUsageMaximum, set value to 60 decimal.
If after restart the problem still persists do the second setting.
Second setting:
Open regedit navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\ create new DWORD Value registry key PagedPoolSize, set value to FFFFFFFF Hexadecimal.
Restart the server and try to copy the file.

Links:

Permanently delete your Facebook account


If you want to permanently delete your facebook account follow this link and submit - https://www.facebook.com/help/contact.php?show_form=delete_account
Your account will be scheduled for deletion in 14 days. During those 14 days you can not login to any facebook service or use features on other sites that depend on Facebook Connect (for example Like button etc.) Just to be safe and protect yourself from accidental logon, you might want to delete your browser cache - browsing history, saved forms and password, cookies and so on.
Good luck.

Excel 2007 - There was a problem sending the command to the program


If you get this message "There was a problem sending the command to the program" when double clicking on excel files, but can launch excel itself, then you should try this solution.
1. Start Excel
2. Click on the Excel logo on the top left
3. Choose Excel Options
4. Select Advanced tab on the left menu
5. Scroll down to the "General" section
6. Uncheck Ignore other application that use Dynamic Data Exchange (DDE) option
7. Click OK, and try opening excel files again.