TechPublishing Now MS Certified

TechPublishing Now MS Certified
Professor Robert McMillen, MBA Microsoft Certified Trainer and Solutions Expert

Monday, May 31, 2010

Windows 2008 Administrator disabled on new installs

I couldn't believe it but I had it happen twice since R2 came out. The administrator for the domain is disabled for some reason. Going in under another adminstrator name or using safe mode with the administrator account allows you to reactivate it using the command:
Net User Administrator /active:yes
What will Microsoft think of to make our lives miserable next?

Sunday, May 30, 2010

More Studying!

I am now studying for the 70-647 Microsoft Enterprise test. It seems to be similar to the 649 so hopefully it won't be that big of a stretch.
I noticed a couple things about SSTP VPN this week. A couple of weeks ago I posted a config on how to set it up. I noticed a couple of problems since then. On Windows 2008 R1, there is a bug thta keeps this form working. I haven't figured out why yet, but I will. On R2 it works just as I had explained, but on Vista computers you may have to add a regsitry command that Microsoft recommends.
On Vista I can connect to the SSTP VPN but I can't pass any traffic. Microsoft says to do this:
  1. Start Registry Editor (Regedit.exe).
  2. In Registry Editor, locate the following registry key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  3. Set the following registry value:
    Value Name: IPEnableRouter
    Value type: REG_DWORD
    Value Data: 1
    A value of 1 enables TCP/IP forwarding for all network connections that are installed and used by this computer.
  4. Quit Registry Editor.
I made these changes and it works great. Give it a try.

Thursday, May 27, 2010

Passed the test

Today I took the 70-649 upgrade to 2008 test. Passed with a 970. I was so happy to get that one over with. Now just one more test to be a 2008 Enterprise MCITP. Then I think I will go back to making more How To Videos on You Tube. http://youtube.com/user/clickx3
I was pretty worried about this one so I over studied for it if that's possible. I took the test when it first came out in 2008 and failed it. There just wasn't good study materials back then. New tests are like that. But now there is a wealth of good stuff and I was able to use it to pass the test.

Friday, May 14, 2010

Blackberry Server Issue

We had a customer yesterday that had their Blackberry server suddenly stop sending mail. I remoted into the server and found that they had an SRP identifier connection error.
The key started with a T instead of an S. That told me that they were using a temporary key and it just expired on them.
They had the key that started with an S but even after I installed it there was a connection error.
The issue with this is that you have to call RIM for support, and if you don't have a contract you either have to pay for the ticket or explain to them they just need to activate a key that they already sent you.
Fortunately I had a contract so it was not as big of a problem but it still took several hours before I could get them to figure out how to activate their own key.
Well, at least we get paid by the hour, and it wasn't our mistake.

Thursday, May 13, 2010

Exchange 2003 store keeps dismounting

We have a customer that had their Exchange store crash. Normally we can restart or remount the store fairly easily, or at worst restore from backup. It didn't work for this customer, so I had to do something more drastic.
I used the eseutil /p command followed by the store path to repair the databases. I don't normally use this because it could damage the store further. Exchange 2003 is just a big Access database, unlike Exchange 2007 which is SQL.
Access is not very robust when you start messing with links from email to headers, but in this case it was the only solution.
After running the repair I had to delete the E00 files and then run eseutil again with the /d switch to defragment the database. It really fragments a lot when you run the /p, so this is to speed the store back up again.
Everything mounted great after that, but the next day it crashed again. I looked at all the log files and noticed just before it crashed that the backup program was running, so I disabled it and fixed the store the same way again. It was all good for five more minutes until it crashed again. Then I suspected a hard drive sector problem.
This time I defragged the hard drives, and then rebooted and ran a scandisk. It found a lot of errors. After it rebooted I ran the fix again, and this time it stuck. No more crashing.
But the hard drives are on their way out so we had to sell the customer a new server because this one was many years old. Planned obsolescence is an awesome business model.

Wednesday, May 5, 2010

Dealing with inexperienced users

I stayed late in Seattle last night fixing and replacing a firewall. I'm not a big Sonicwall fan. They have a high failure rate with my customers, but sometimes you get stuck with them because they already have a lot of them before I start assisting them. I got it all fixed up around 9 PM.
The next morning I get a panicked call that no one is working. I think maybe I now have three bad Sonicwalls, as the first two went down on me in the past few month. But it turned out to be very different from that. I remotely logged into the firewall and saw everything still up and running, so I called them back and asked them to tell me the issue. The first lady said "the computer has a strange message. It says the screen is locked". It turns out that they never do that. They only log off or shut their computers off so that was a new screen for them (despite having used computers for so many years they couldn't remember their first one).
I told her to hit ctl-alt-del and type in her password. It worked and she was happily working away.
The next computer user said that her computer was on but the screen was off, and she wanted to know what I had done to her computer. Apparantly her computer never went to sleep before, so I told to press any key.
After doing so the monitor came on and everything was working.
How can people not know the basic functions of their computers? Well it's like this. Non technical people only do the bare minimum on the computer to do their job. If anything deviates from that they get extremely stressed. Some to the point of being in tears and losing sleep.
If you are new to IT then you will learn this as well. They aren't stupid. They're just complacent.

Monday, May 3, 2010

SSTP VPN setup

I just setup my first SSTP VPN. There are just a few difference from PPTP and it’s more secure and faster to use. You only need to port forward 443 to the server. The documentation out there leaves out key things for people who want to set one up with a single NIC that’s behind a firewall like we mostly do.

First go to server manager and then add roles. Choose to add the Web IIS role and click next. Go with all the defaults except go ahead and check all the boxes under the security section.
Complete the install and open up IIS. Click on the server on left and then double click the server certificates on the right. Create a domain certificate. Fill in the blanks, but the only important one is the common name. You have to create an A record for a public common name with the DNS host like Network Solutions. If you already have one then go ahead use that.

You have to have an internal certification authority already installed. This is by default on all SBS servers, but you may have to do this manually by adding the certificate services role if you don’t. If you already have one then it will show up in the list. You can call the friendly name anything you want, and click finish.

Next go back into roles and add the Network policy and access services role. Choose Routing and remote access services and the remote access service and routing options. The new role appears. Open it and right click on the Routing and remote access option and choose to Configure and enable.
Choose custom and only the VPN option.

Change the VPN client on the workstation to use SSTP as its first choice and log in.