Monday, June 30, 2014

Delete Windows XP / Vista / 7 Offline Files Cache


Windows Vista, Windows 7 and superior

To manually delete the offline files cache on Windows Vista, Windows 7 and superior, please follow these steps:
  1. Open the Windows Registry Editor: press Ctrl+R and type regedit on the Run dialog. Hit OK
  2. Navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CSC
  3. Create a new key called Parameters (this key may be already created on your system)
  4. Right-click Parameters and create a new DWORD (32-bit) value named FormatDatabase (no spaces). 
  5. Click on Modify or just double click on the newly created value and change the value from 0 to 1. Hit OK
  6. Exit and Registry editor and restart the computer.
The above steps could be done by running the following command in a CMD console. Make sure you run the CMD console as Administrator:

reg add "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v FormatDatabase /t REG_DWORD /d 1 /f


Windows XP

On Windows XP, this DWORD value was location under a different key in the registry. While this operating system in now out of support, the entry location is included below for completeness:

reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache" /v FormatDatabase /t REG_DWORD /d 1 /f


Thursday, September 26, 2013

Windows 2012 Remote Desktop Services (RDS) role and Active Directory (AD)

You install Windows 2012 (RTM), install and configure the AD role; and then try to install RDS role. You will get an error related with the fact that the RD Connection Broker cannot co-exist with Active Directory when installed on the same server:

RD Connection Broker Role Service: Failed
Unable to install RD Connection Broker role service on Server <Servername>

If you try the other way around (i.e. installing RDS first and then AD), you'll get different error messages but all still related with the RD Connection Broker:

The server pool does not match the RD Connection Broker that are in it. Errors:
Cannot connect to any of the specified RD Connection Broker servers. Ensure that at least one server is available and the Remote Desktop Management (rdms), RD Connection Broker (tssdis), or RemoteApp and Desktop Connection (tscpubrpc) services are running.

MS has never recommended this setup. It's never been a hard-coded limit though until Windows 2012 RTM. Engineers and administrator willing to deploy a Remote Desktop solution with a single physical server, were "forced" to install Hyper-V and configure a minimum of 2 VMs: 1 to act as DC and the other to host all RDS roles (RD Session Host, RD Connection Broker, RD Web Access, RD Licensing Server, RD Gateway).

MS has just released a "patch" to solve this situation. Servicing stack update 2871777 (date September 2013) fixes the aforementioned errors with installation an RD Connection Broker along with Active Directory. It's still not a recommended configuration but it's now possible ... as it used to be.

Details at:
Error description: http://support.microsoft.com/kb/2799605
Service stack update: http://support.microsoft.com/kb/2871777

Enjoy !

Tuesday, September 17, 2013

DFS, Shared Folders, Offline Files and "access denied" messages

Troubleshooting a permissions issue on a Windows 7 workstation, member of a domain with a Windows Server 2008 R2 file server, I faced a "funny" issue. Regardless of the user logged on and/or his/her permissions levels, I was getting "Access Denied" errors when accessing the folders inside a DFS (Distributed File System) Namespace. Using other paths and even the direct server name/IP allowed me to see the files, so it was not clearly an NTFS-level permissions problem.

Turned all my energies to DFS and the affected namespace. Everything was fine.

I changed my mind and thought that I would look at the Offline Files cache. Clicked on Manage Offline Files > View Offline Files. I navigated to the corresponding path of the shared folder in the offline files cache and got the same error ! The are various causes to this problem. I knew for sure there was not a NTFS permissions problem nor one of those issues related with too restrictive permissions on a root folder containing various shares inside.

Cleaning the Offline Files got the job. After following the steps listed here, everything was fine again.

Moral: not all "Access denied" messages you get when accessing a Windows shared folder (including those exposed by DFS - N) are related to Share or NTFS permissions. Offline Files, if enabled, might get in the way.

Wednesday, May 1, 2013

Installing Google Chrome on Ubuntu 13.04

PROBLEM
Installing Google Chrome on Ubuntu (13.04) may report dependency errors.

SOLUTION
Set up Google repo:
$ sudo sh -c 'echo "deb http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google.list'

Set up the repo key:
$ wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub | sudo apt-key add -

On Ubuntu 13.04 32-bits:
wget -c https://launchpad.net/ubuntu/+source/udev/175-0ubuntu19/+build/4325790/+files/libudev0_175-0ubuntu19_i386.deb

sudo dpkg -i libudev0_175-0ubuntu19_i386.deb

On Ubuntu 13.04 64-bits
$ wget -c https://launchpad.net/ubuntu/+source/udev/175-0ubuntu19/+build/4325788/+files/libudev0_175-0ubuntu19_amd64.deb

$ sudo dpkg -i libudev0_175-0ubuntu19_amd64.deb

Update the repo:
$ sudo apt-get update

Install Google Chrome:
$ sudo apt-get install google-chrome-stable

Enjoy !

Tuesday, June 5, 2012

MCTS 70-640 Active Directory - DNS Delegation practice issues

Description
Studying the book of Microsoft Press MCTS 70-640: Configuring Windows Server 2008 Active Directory, Second Edition, I faced a funky issue when doing the practice exercises of Chapter 9 - Lesson 1 Understanding and Installing Domain Name System. The practice is about configuring a DNS delegation from a new domain root tree (northwindtraders.com) in the forest (treyresearch.net), created as part  of the practice. Then a child domain (intranet.treyresearch.net) for treyresearch.net is created as well.

I set up my lab using 3 virtual machines: SERVER10, SERVER20, SERVER30. After finishing Exercise 2, issues started to show up. The newly created domain root tree wasn't working as expected:

  • The DNS logs had error messages stating that DomainDnsZone could not be created. As a matter of fact, the northwindtraders.com zone in SERVER20 (master of this zone) didn't contain the zone DomainDnsZone as it was supposed to.
  • The DFSR service had another bunch of reported issues (found using repadmin).
  • AD replication wasn't acting properly.

... Bottom line: not working.

I ran the exercises from scratch 2 times: same results. I tried disabling Ipv6, creating Reverse Lookup Zones, manually recreating the delegation... nothing.

My findings
My VMs had Internet access and the domain names used in the book are actually registered on the Internet and owned by Microsoft. Hmm... 3rd test. I used the following domain names: treyresearch.local and northwindtraders.lab. This names are not registered on the Internet. Result: Worked !!!

I'm not 100% sure that the issues were related to the fact of the domain names being publicly known. Maybe, as the Windows DNS servers are configured by default with a set of Root Servers allowing for Internet DNS names resolution  with the initial configuration.

Comments on this topic are all welcome.


Monday, May 14, 2012

Exchange 2007 OWA: Could not find a mailbox for S-1-...

Running Windows 2008 R2 SP1 with Exchange 2007 SP3, single server setup (discouraged, I know), I've recently deleted an existing user's mailbox (which automatically also deletes the user object from Active Directory) using the Exchange Management Console (EMC) running on the same server. Then, I decided to connect the mailbox to a new user account. The wizard in EMC completed successfully and showing the properties of the mailbox in Exchange displayed the number of items stored inside it, the date of last access, etc. After that, I tried accessing the new account through OWA and a nice message showed up:

Could not find a mailbox for S-1-...
The message was longer and included the well-known sentence suggesting to contact the local Administrator... myself ;-) The SID displayed on the message didn't match the SID of the new user account.

Solution: I reset the password of the new user in AD, went back to OWA and voilà !! Before doing that, I even tried restarting the Exchange Information Store service without success.



Tuesday, November 8, 2011

Exchange 2010 SP1 and OWA messages limit

As an Exchange 2010 SP1 administrator, you might be forced to increase the limits imposed by Exchange to the size of the messages it can handle. Those limits ensure, among other things, that the server will not easily be the victim of DoS attacks due to over-sized messages.

One place where you can modify those limits (you should modify other limits actually, like connectors limits), is in EMC at Organization Configuration > Hub Transport > Global Settings > Transport Settings:


According to the help page of the dialog, if you clear the check boxes of Maximum receive/send size (KB), you configure your server with no limits at the Organization level. This sets the configuration for the transport as "unlimited". There's a little trick here and it's related with OWA. If you go now to OWA and try attaching a "big" file, say, 25 MB, OWA will complain saying:


"The following files weren’t attached because they exceed the maximum size limit for attachments (5 MB)"

AFAIK, OWA has a default limit of 35 MB (which is less than our 25 MB file). Well, that's correct as far as you don't set the Organization level transport limit to "unlimited". This makes OWA to believe that "there are not limits configured" instead of "there are no limits"; given this, OWA imposes a 5 MB limit. To solve the problem, simply specify a value to the limits shown in the dialog window above. The maximum value is 2097151 (almost 2 GB) which I think it's plenty for anyone around.