Share iT…

Last week microsoft released Windows Management Framework (WMF) 3.0 which includes Powershell 3.0 (KB2506146 for Windows 2008 SP2 and KB2506143 for Windows Server 2008 R2) as an optional Windows update. So everyone can approve and install the update via Windows update, WSUS or any other updating mechanism you are using.

But installing this update on a Small Business Server (SBS) 2008 and 2011 or on an Exchange Server 2007 and 2010 will give all kind of trouble.

Symptoms for an Exchange Server:
Installation of Exchange update rollups will fail one of the errors is: error code of 80070643.

The Exchange Team wrote this blog about this issue. It states: “Windows Management Framework 3.0 (specifically PowerShell 3.0) is not yet supported on any version of Exchange except Exchange Server 2013. If you install Windows Management Framework 3.0 on a server running Exchange 2007 or Exchange 2010, you will encounter problems, such as Rollups that will not install, or the Exchange Management Shell may not run properly.”

Symptoms for a Small Business Server:
When running some SBS wizards like the Fix My Network wizard it will end up with errors about access denied for the Exchange Management Shell.
Also other kind of problems may occur with the Exchange and / or SharePoint 2010 Management Shell and as written for Exchange Servers installation of Exchange update rollups may fail.

On the Small Business Server Blog there is a post on these issues.

Recommendation for both Exchange and Small Business Servers is to NOT install the Windows Management Framework 3.0 update at this time. If you already installed the update and encoutered the previously described problems, uninstall the update. Your server should be fine when it comes back online after a restart.

Update:
There is another problem reported in the Small Business Technet forum uninstallation of the also removes a registry key that gives problems to the event log. This is the key that is deleted: “HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ WINEVT \ Channels \ ForwardedEvents”

Anytime later in the same post there is a mention that the updates are removed from Microsoft Update:

As a result of these regressions and feedback from customers and experts like you, we have expired the WMF 3.0 Update for all platforms (Windows 7, Server 2008, and Server 2008 R2) as of 5:07 pm PDT.

doug neal
Microsoft Update (MU)

When you logon to a Windows Server 2008 (R2) server with a Administrator account, Server Manager is started automatically. If you don’t want the server manager to start automatic you can prevent this by setting the following registry key:

Create a new Dword value “DoNotOpenServerManagerAtLogon” in the registry key HKEY_CURRENT_USER – Software – Microsoft – Servermanager and set the value to 1

Next time you logon the Server Manager will not be started at logon. You have to set this key for every user you want to prevent automatic startup, because it is a user setting.

When doing a migration from Small Business Server (SBS) 2003 to SBS 2008, SBS 2011 or Windows server standard version, one of the first things you should do is run the SBS 2003 Best Practices Analyzer and of course check your event log for known problems.

One of the issues I see often is the sysvol, journal wrap Event ID 13568, Source NtFrs in the File Replication Eventlog.

———————————————————————————————————————————–
The File Replication Service has detected that the replica set “DOMAIN SYSTEM VOLUME (SYSVOL SHARE)” is in JRNL_WRAP_ERROR.

If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.———————————————————————————————————————————–

Fixing this issue is in most cases relative simple just add the “Enable Journal Wrap Automatic Restore” registry key noted in the event log and change the value to “1” and restart the “File Replication Service” service.

Before changing the registry key I would recommend to make a backup from the C:\Windows\Sysvol folder.

But after doing that there appeared a new warning message in the File Replication Eventlog, Event ID 13566, Source Ntfrs.

———————————————————————————————————————————–
File Replication Service is scanning the data in the system volume. computer <domain name> cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.———————————————————————————————————————————–

As stated you have to wait a while, but I could wait as long as I want but the sysvol share doesn’t appear.

Solution: At the end the solution seems to be that the ntfrs jet database was corrupted. To solve the problem:

Stop the “File Replication Service” service

Rename the “C:\windows\ntfrs\jet” folder

Start the “File Replication Service” service

One other thing that could happen is the folders under Windows\Sysvol are moved to a subfolder called “NtFrs_PreExisting_See_EventLog”. If you have more than one domain controller this is no problem and the folders will be replicated from another domain controller, but if you only have one domain controller which is mostly the case when using SBS. You can copy the right folders back from the backup you made before, or just move them out of the “NtFrs_PreExisting_See_EventLog” folder to one level up.

Solve these problems before you are starting your migration otherwise you will run into replication errors.

As the most of you know, Hyper-V does not support usb redirection. But with some relative easy steps we can redirect our usb disk to a Hyper-V virtual machine.

First on your Hyper-V Server host open Server Manager and select Disk Management

Then select your usb disk and right mouse click and choose Offline.

When done we close Server Management and open Hyper-V Manager. Select the settings of the virtual machine you would like to attach the usb drive to.

Select IDE Controller or SCSI Controller. Before you choose let me explain why I would choose the SCSI controller instead of the IDE controller for an usb redirected drive. A Hyper-V virtual machine can only boot from an IDE hard drive, you can only add a dvd drive on an IDE controller, you can only add 4 IDE devices. Another thing I would prefer to add an usb disk to the SCSI controller is I can add or remove disks to the virtual machine when it is running, to add an IDE controller disk I need to stop the virtual machine then add the disk and then start the virtual machine.

Now to add your usb disk to you virtual machine we choose Add

Now we choose for Physical hard disk: and choose the disk we would to add. If you have more disks available you can choose from a simple pull down list. You will only see here the disks that are set to offline so that was the first step we had to do. If you would like to add an internal hard disk you have to put it offline before you can add it.

Note: before you set another disk offline be sure there are no operating, system or application files on it because otherwise these or your whole server will crash.

When finished choose OK on the bottom of the screen and the disk is added to your virtual machine.

When we are going to look at your virtual machine and open Disk Management.

You will see the disk directly attached and you can use it within your virtual machine

If you would remove the drive from the virtual machine, go back to your Hyper-V Manager virtual machine settings on your host server.

Select the drive and choose remove and choose Apply or OK at the bottom of the screen.

After you have removed the disk from the virtual machine go back to Disk Management

Right click the drive and choose Online. Now the drive is available on your host server.

You can use this if you need to copy some files directly from the usb disk to the virtual machine or vice versa. Another thing you could use this is for is Windows / SBS backup this needs a local attached disk, although I don’t think this is a supported configuration! You can even if you have chosen for the SCSI controller change the backup disk when your virtual machine is running.

After tranfering the first 4 operation master roles without a problem from windows 2003 to the new windows 2008 server, the Schema Master role gave an error using the Active Directory Schema mmc add-in:

The parameter is incorrect.
The transfer of the current Operation Master could not be preformed.

Solution: First check if the windows 2003 role owner is alive and you can reach that server. You can check which server holds the role “netdom query fsmo”. If that all is fine try moving the role with ntdsutil.
Open a command prompt on your windows 2008 server and type: ntdsutil
Type roles and then press ENTER
Type connections, ENTER
Type connect to server , ENTER
Type q, ENTER
Type Transfer schema master, ENTER
You will get a warning message choose Yes to continue.
Then type q and again q to exit ntdsutil.

You can use: Transfer domain naming master, Transfer infrastructure master, Transfer PDC and Transfer RID master if you also would transfer the other FSMO roles with ntdsutil.

When you see the following evntlog error: Event ID 10016, Source:’DistributedCOM. “The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {61738644-F196-11D0-9953-00C04FD919C1} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.”

Solution: If you don’t know witch application is given this error, you can copy the GUID behind CLSID and start the registry editor (regedit.exe) and search for the GUID. You will find witch application is creating this error.
After you know that you start Administrative Tools – Component Services. Expand Component Services, Computers, My Computer, DCOM Config. Then find the found application, in this case IIS WAMREG, choose properties and go to the security tab.

Then at Launch and Activation Permissions, choose customize (if not already chjoosen) and Edit.
Add the user account given in the event error, in this case Network Service account and give the account allow Local Launch and Local Activation rights. After that close all windows and restart IIS service.

Update: There is a similar error about another CLSID but the options to change permissions are greyed out. Read here how to solve this issue.

When using remote desktop connection to connect to windows server 2008, 2008 R2, sbs 2008, vista or windows 7 and would use saved credentials. This doesn’t work when you start the connection you get the following error:

“Your system administrator does not allow the use of saved credentials to logon to the remote computer computername/ipadress because its identity is not fully verified. Please enter new credentials.” “The logon attempt failed”

Solution: This happens when trying to connect to a computer / server in another domain and no trust relationships exists. Windows then steps back to use NTLM and the default domain machine policy prohibits use of saved credentials. You can change this domain based or for a individual machine:

Start local group policy editor, start – run – gpedit.msc
Go to Local Computer Policy –> Computer Configuration –> Administrative Templates –> System –> Credentials Delegation
Edit “Allow Delegating Saved Credentials with NTLM-only Server Authentication”
Enable the policy, click Show and enter the value “TERMSRV/*” into the list.

Do the same thing for the following policies:
“Allow Delegating Saved Credentials”, “Allow Delegating Default Credentials with NTLM-only Server Authentication” en “Allow Delegating Default Credentials”

Close the policy editor,
open a command prompt and use “gpupdate /force” to apply the policy directly

When starting a windows 2008 (R2) RemoteApp from or depends on a network mapped drive you get the error “The program did not start on the remote computer.”

Solution: The problem is caused because the program is hosted on or depends on a network mapped drive. When starting a RemoteApp the program doesn’t wait till the logon script script is finished but just start the program directly and cannot find the right drive or program.
Workarround is to map the network drive persistant so it’s available before the RemoteApp program starts or create a batch file as RemoteApp so you can first map the network drive and then start the program.

When you close a Windows 2008 terminal server or Windows 2008 R2 remote desktop services RemoteApp the sessions stays in disconnected state.

Solution: Since Windows 2008 there is a local / group policy called ‘Set time limit for logoff of RemoteApp sessions’. You can set the policy for both computer as user configuration.

For windows 2008: Administrative Templates \ Windows Components \ Terminal Services \ Terminal Server \ Session Time Limits
For windows 2008 R2: Administrative Templates \ Windows Components \ Remote Desktop Services \ Remote Desktop Session Host \ Session Time Limits

For migrating printer drivers and setting from a Windows 2003 SBS server to a Windows 2008 SBS server. I first updated all printers on the Windows 2003 SBS server so they have x64 drivers installed. After that I used printbrm(ui) on a Windows 2008 server to export all drivers and settings to a export file. This file I copied to my new Windows 2008 SBS server and tried to import it using printbrm(ui). When finished I got a lot of warnings and errors and most printers were not created. The following event id 37 was logged:

“Printbrm.exe (the Printer Migration Wizard or the command-line tool) could not restore driver HP LaserJet 4200 PCL 6 (Windows NT x86) while restoring print queues from a file. Error reported: 0x80070bb8. The specified print monitor is unknown.
. This can occur if the driver requires a file that Printbrm.exe did not back up or if the user does not have permission to install drivers on the destination computer.”

The problem was not the driver or not enough permissions. But when you take a look at the Windows 2003 SBS server in the printer properties, advanced tab, Print Processor properties, for the failing printers the print processor didn’t use the winprint – raw processor, but a HP and some characters – raw processor.

Solution: For some strange reason the export function doesn’t export the print processor. Change the print processor to winprint raw, make a new export and import that file everything works fine.

After importing if needed it self chooses to use a other print processor available at the new server.