Tag: Windows

Turn off Windows Security alert pop ups

Turning off Automatic Updates can cause Windows Security Alert pop-up balloons to appear in the taskbar tray every time you log on.
1. Turning off Automatic Updates causes error balloons featuring a red shield. Windows XP allows you to suppress any warnings that relate to Automatic Updates. You can also do this in Vista but, unfortunately, the newer OS forces you to turn off all security alerts just to suppress the Automatic Updates warnings.
 
To eliminate the warning balloons about Automatic Updates in both XP and Vista, take these steps:
 
Step 1. Double-click the red shield icon in the taskbar, or open the Control Panel and launch the Security Center.
 
Step 2. In the left pane or box, click Change the way Security Center alerts me.
 
Step 3. In XP, uncheck Automatic Updates and click OK. In Vista, select the second or third option.

Windows updates refusing to install most patches

If you find that Windows Update refuses to install most patches, you can register its missing DLLs yourself. This can be accomplished by manually entering seven commands (shown in Step 2, below) at a command prompt.
 
the /s switch runs the commands silently, freeing you from having to press Enter after each line
 
regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups2.dll
regsvr32 /s wups.dll
regsvr32 /s wuweb.dll

Exception of type System.Runtime.InteropServices.COMException

See this error when attempting to install Sharepoint V3.0 on Small Business Server 2003?
 
The config wizard gets to stage 5, but says:

Configuration Failed
Failed to Register SharePoint Services
An exception of type System.Runtime.InteropServices.COMException was thrown. Additional exception information: Could not access the Search services configuration database.

If so try :

In the Registry Editor, navigate to the following subkey, and then delete it:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\12.0\WSS\Services\Microsoft.SharePoint.Search.Administration.SPSearchService

-Run the SharePoint Products and Technologies Configuration Wizard again.”

which seems to do the trick.

What a difference one less number can make

We have been usin gthe Microsoft Intelligence Mail Filter that is incorporated in Exchange Service Pack 2 for a while now. Previous we had the gateway set at 8/10 and the store set at 3/10. Basically, this means that if an inbound email scores 8 or above (on the spam scale) then the gateway action takes effect. In our case this was set to reject.
 
Now over the years because our CIAOPS web site had our email address on the front page we attracted lots and lots and lots of spam. This is why it is never a good idea to put plain text email addresses on web sites. admittedly most of the spam that did get through was getting caught by the junk mail filter and ending up in the junk mail folder in Outlook, but there was just so much. So rather than try and sort through it all the best bet was to crank down the gateway setting.
 
So we changed our gateway setting on the IMF from 8 to 7 ( just a single point ) and we went from > 1,000 spam emails a day to less than 10! Amazing eh? Just goes to show you gotta keep on top of these settings overtime. The other good thing is that it does prove how well the Microsoft Intelligent Mail Filter (IMF) does work.

VSS Hotfixes

From the Diva’s blog.

A new Volume Shadow Copy Service update is now available that fixes various Volume Shadow Copy Service problems in Windows Server 2003:
http://support.microsoft.com/default.aspx/kb/913648/en-us
Availability of a Volume Shadow Copy Service (VSS) hotfix rollup package for Windows Server 2003 to resolve some VSS snapshot issues:
http://support.microsoft.com/kb/940349/en-us
are needed for the server and an update is available to optimize the way that the Shadow Copy Client accesses shadow copies in Windows Server 2003 and in Windows XP:
http://support.microsoft.com/kb/903234/en-us
is needed for the workstation

But if you have Windows Server SP2 installed, you have KB913648 already installed. 

VPN passwords failing after applying ISA 2004 SP3 to SBS

So we apply ISA 2004 SP3 to a dual NIC SBS 2003 R2 Premium server, reboot, test RWW and OWA and everthing seems fine internally and externally.
 
Later on after we have left the site we try VPN’ing into the server and the login fails. Huh? So we try VPN’ing as another user with higher rights, still no go. This is a problem.
 
So back to the site we go. Firstly we think that maybe the ADSL modem/router needs firmware updating. We plug a laptop into the adsl/modem router and try VPN’ing to the second NIC and we get the same problem. So now we know that it is definately an ISA 2004 issue.
 
Next step is we try and run the Configure Remote Access wizard and it fails telling us to check the log. When we look at the log located at :\program files\microsoft windows small business server\support\rraslog.txt we see at the bottom :
 
*** Saving changes and restarting services returned ERROR c0040393
*** CRRASCommit::ConfigureISA2k4() returned ERROR c0040393
*** Configure ISA2k4 returned ERROR c0040393
*** CRRASCommit::CommitEx returned ERROR c0040393
So we done some Googling and come across the following article :
 
 
Which says :
 
Go Start | Admininstration Tools | Domain Controller Security Policy
Select Local Policies | User rights assignments and the policies are displayed on the right hand side.
Check of the following policies by double clicking :
 
– Adjust memory quotas for a process
– Generate security audits
– Log on as a service
– Replace a process level token
and ensure they have NETWORK SERVICE displayed in the list of users and groups that are assigned to that policy setting. IF not then you need to add it.
 
Close the policy editor when complete. Run a GPupdate /force from the command prompt and reboot the server.
 
After the reboot we went back in and re-ran the remote access wizard which now completed. VPN access was restored.
 
From the article the issue is due to :
 
“Group Policy settings that were applied at the domain level have modified the policy settings for the Network Service account on the domain controller. This issue mostly occurs after you promote a member server to a domain controller, or on a migration from a Windows 2000 network where SBS 2003 was joined to the 2000 domain.”
 
Which is exactly what happened because we used a swing migration on this server from an existing SBS 2000 machine.
 
Very interesting that it only raised its head when we applied ISA SP3, but at least it is now solved after much puzzlement.

KB931836 fails to install

Having a problem installing KB931836 on your XP Professional workstation? We’ll we were as well. What the hell is this update? Ah, ha a daylight savings patch from Microsoft – we should have known there would be problems.
 
The solution is to firstly uninstall KB933360, reboot and then install KB931836.
 
Simple eh? NOT.

Exchange message size restrictions

There are 2 locations at which you can restrict the message size that Exchange server will accept and send. Unsure of exactly which one takes precedence but at least know you’ll know there are two places to look :

a. Under properties on SMTP virtual server

Start | All Programs | Microsoft Exchange | System Manager
| Servers | | Protocols | SMTP | default
Right mouse click | Properties
Messages tab | Limit Message size to

Normally this option is not selected and therefore will not apply to your Exchange messages.

b. Under Message delivery under Global settings

Start | All Programs | Microsoft Exchange | System Manager
| Global Settings | Message Delivery
Right mouse click | Properties
Defaults tab | Sending Message or Receiving message size

On SBS this setting is configured for both send and receive and set to 10MB. Simply disable or increase the limit as required.

Interesting that it is two places and neither seems to get touched by the Connect to Internet wizard.