Share iT…

Last week microsoft released Windows Management Framework (WMF) 3.0 which includes Powershell 3.0 (KB2506146 for Windows 2008 SP2 and KB2506143 for Windows Server 2008 R2) as an optional Windows update. So everyone can approve and install the update via Windows update, WSUS or any other updating mechanism you are using.

But installing this update on a Small Business Server (SBS) 2008 and 2011 or on an Exchange Server 2007 and 2010 will give all kind of trouble.

Symptoms for an Exchange Server:
Installation of Exchange update rollups will fail one of the errors is: error code of 80070643.

The Exchange Team wrote this blog about this issue. It states: “Windows Management Framework 3.0 (specifically PowerShell 3.0) is not yet supported on any version of Exchange except Exchange Server 2013. If you install Windows Management Framework 3.0 on a server running Exchange 2007 or Exchange 2010, you will encounter problems, such as Rollups that will not install, or the Exchange Management Shell may not run properly.”

Symptoms for a Small Business Server:
When running some SBS wizards like the Fix My Network wizard it will end up with errors about access denied for the Exchange Management Shell.
Also other kind of problems may occur with the Exchange and / or SharePoint 2010 Management Shell and as written for Exchange Servers installation of Exchange update rollups may fail.

On the Small Business Server Blog there is a post on these issues.

Recommendation for both Exchange and Small Business Servers is to NOT install the Windows Management Framework 3.0 update at this time. If you already installed the update and encoutered the previously described problems, uninstall the update. Your server should be fine when it comes back online after a restart.

Update:
There is another problem reported in the Small Business Technet forum uninstallation of the also removes a registry key that gives problems to the event log. This is the key that is deleted: “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WINEVT \ Channels \ ForwardedEvents”

Anytime later in the same post there is a mention that the updates are removed from Microsoft Update:

As a result of these regressions and feedback from customers and experts like you, we have expired the WMF 3.0 Update for all platforms (Windows 7, Server 2008, and Server 2008 R2) as of 5:07 pm PDT.

doug neal
Microsoft Update (MU)

When you logon to a Windows Server 2008 (R2) server with a Administrator account, Server Manager is started automatically. If you don’t want the server manager to start automatic you can prevent this by setting the following registry key:

Create a new Dword value “DoNotOpenServerManagerAtLogon” in the registry key HKEY_CURRENT_USER – Software – Microsoft – Servermanager and set the value to 1

Next time you logon the Server Manager will not be started at logon. You have to set this key for every user you want to prevent automatic startup, because it is a user setting.

After tranfering the first 4 operation master roles without a problem from windows 2003 to the new windows 2008 server, the Schema Master role gave an error using the Active Directory Schema mmc add-in:

The parameter is incorrect.
The transfer of the current Operation Master could not be preformed.

Solution: First check if the windows 2003 role owner is alive and you can reach that server. You can check which server holds the role “netdom query fsmo”. If that all is fine try moving the role with ntdsutil.
Open a command prompt on your windows 2008 server and type: ntdsutil
Type roles and then press ENTER
Type connections, ENTER
Type connect to server , ENTER
Type q, ENTER
Type Transfer schema master, ENTER
You will get a warning message choose Yes to continue.
Then type q and again q to exit ntdsutil.

You can use: Transfer domain naming master, Transfer infrastructure master, Transfer PDC and Transfer RID master if you also would transfer the other FSMO roles with ntdsutil.

When you see the following evntlog error: Event ID 10016, Source:’DistributedCOM. “The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.”

Solution: If you don’t know witch application is given this error, you can copy the GUID behind CLSID and start the registry editor (regedit.exe) and search for the GUID. You will find witch application is creating this error.
After you know that you start Administrative Tools – Component Services. Expand Component Services, Computers, My Computer, DCOM Config. Then find the found application, in this case IIS WAMREG, choose properties and go to the security tab.

Then at Launch and Activation Permissions, choose customize (if not already chjoosen) and Edit.
Add the user account given in the event error, in this case Network Service account and give the account allow Local Launch and Local Activation rights. After that close all windows and restart IIS service.

Update: There is a similar error about another CLSID but the options to change permissions are greyed out. Read here how to solve this issue.

When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:

“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.” “The logon attempt failed”

Solution: This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:

Start local group policy editor, start – run – gpedit.msc
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
Enable the policy, click Show and enter the value “TERMSRV/*” into the list.

Do the same thing for the following policies:
“Allow Delegating Saved Credentials”, “Allow Delegating Default Credentials with NTLM-only Server Authentication” en “Allow Delegating Default Credentials”

Close the policy editor,
open a command prompt and use “gpupdate /force” to apply the policy directly

When starting a windows 2008 (R2) RemoteApp from or depends on a network mapped drive you get the error “The program did not start on the remote computer.”

Solution: The problem is caused because the program is hosted on or depends on a network mapped drive. When starting a RemoteApp the program doesn’t wait till the logon script script is finished but just start the program directly and cannot find the right drive or program.
Workarround is to map the network drive persistant so it’s available before the RemoteApp program starts or create a batch file as RemoteApp so you can first map the network drive and then start the program.

When you close a Windows 2008 terminal server or Windows 2008 R2 remote desktop services RemoteApp the sessions stays in disconnected state.

Solution: Since Windows 2008 there is a local / group policy called ‘Set time limit for logoff of RemoteApp sessions’. You can set the policy for both computer as user configuration.

For windows 2008: Administrative Templates \ Windows Components \ Terminal Services \ Terminal Server \ Session Time Limits
For windows 2008 R2: Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Session Time Limits

For migrating printer drivers and setting from a Windows 2003 SBS server to a Windows 2008 SBS server. I first updated all printers on the Windows 2003 SBS server so they have x64 drivers installed. After that I used printbrm(ui) on a Windows 2008 server to export all drivers and settings to a export file. This file I copied to my new Windows 2008 SBS server and tried to import it using printbrm(ui). When finished I got a lot of warnings and errors and most printers were not created. The following event id 37 was logged:

“Printbrm.exe (the Printer Migration Wizard or the command-line tool) could not restore driver HP LaserJet 4200 PCL 6 (Windows NT x86) while restoring print queues from a file. Error reported: 0x80070bb8. The specified print monitor is unknown.
. This can occur if the driver requires a file that Printbrm.exe did not back up or if the user does not have permission to install drivers on the destination computer.”

The problem was not the driver or not enough permissions. But when you take a look at the Windows 2003 SBS server in the printer properties, advanced tab, Print Processor properties, for the failing printers the print processor didn’t use the winprint – raw processor, but a HP and some characters – raw processor.

Solution: For some strange reason the export function doesn’t export the print processor. Change the print processor to winprint raw, make a new export and import that file everything works fine.

After importing if needed it self chooses to use a other print processor available at the new server.