Categories
Windows

How to know \Device\Harddisk#\DR# is which physical hard disk?

How to know \Device\Harddisk#\DR# is which physical hard disk?

Under Windows environment, we are used to the drive letter such as C: or D: drive but the error in the Windows Event Viewer normally point out the faulty device in the different format \Device\?Harddisk#\DR# or \Device\HarddiskVolume# (e.g. \Device\Harddisk0\DR0). So, how can find/locate the correct hard disk / device?

Problem: The drive detected a controller error on \Device\Harddisk0\DR0

Below are the example of event log:

Log Name: System

Source: disk

Event ID: 11

Level: Error

General/detail: The drive detected a controller error on \Device\Harddisk0\DR0.

 

 

Solution: To find the error disk \Device\Harddisk0\DR0

  1. Download WinObj from https://technet.microsoft.com/en-us/library/bb896657.aspx
  2. Right-click on downloaded WinObj and run as administrator
  3. Search through \Device\Harddisk# until you find your faulty device (e.g. \DR0)
  4. You can see one or multiple Partition with SymbolicLink Type. (in my example, I got \Device\HarddiskVolume1 to 8 are belong to this device/disk). Note this down for the next step.

    WinObj \Device\Harddisk0
    \Device\Harddisk0
  5. Click on \GLOBAL?? in the left panel, then click on the “SymLink” column in the right panel in order to have the result sort in SymLink.
  6. Find / locate \Device\HarddiskVolume# value you found in the step #4
  7. You will notice that the name of the volume in the first column. There will be multiple entries that include volume GUID, drive letter, etc. From my result below, I can see that my C: drive is located in this \Device\Harddisk0\DR0 disk.WinObj \GLOBAL??

 

References & Resources:

https://technet.microsoft.com/en-us/library/bb896657.aspx

http://serverfault.com/questions/153513/identifying-a-physical-disk-from-its-windows-device-description

https://support.microsoft.com/en-us/kb/159865

Categories
DNS

Free DDNS as dyndns alternative

DDNS stands for Dynamic Domain Name Systems that allow you to associate your dynamic changed public IP with a domain host name. DDNS allow you to access your home/office computer that serve as ftp service, remote desktop, email and webiste by referring the the domain host name.

The most famous ddns provider is DynDNS but unfortunately Dyn will discontinue their free dynamic DNS account on 7 May 2014.

Normally the user who use the dynamic DNS is the the home user or small business that might not afford for the paid ddns service. Therefore, below are some of alternate free DDNS to replace dyndns

 

Afraid.org

URL: http://freedns.afraid.org/

Free hostnames for DDNS: 5

Review: Provide free DNS hosting as well that allow you to configure static and dynamic DNS record under your own domain name. Support most of the open source router such as DD-WRT, OpenWRT, pfSense. Provided with Windows and Linux dynamic DNS update client.

 

DNS Exit

URL: http://www.dnsexit.com/

Free hostnames for DDNS: (not specify)

Review: Provide free DNS hosting that allow to configure static and dynamic DNS record under your own domain name. Provided with Windows and Linux update client

 

Duck DNS

URL: http://duckdns.org/

Free hostnames for DDNS: (not specify)

Review: Allow to sign-in using Facebook, Reddit and Google account. Provide with multiple ddns update method in http://duckdns.org/install.jsp

 

No-IP

URL: https://www.noip.com/

Free hostnames for DDNS: 3

Review: Provide Dynamic DNS Update Client for Windows. Easily to setup and configure.

Remark: Not recommended because it require for web login every 30 days in order to keep your account active

 

Other free alternative dynamic DNS provider

DNSdynamic http://www.dnsdynamic.org/
Change IP http://www.changeip.com/
ZoneEdit http://www.zoneedit.com/
Zonomi http://www.zonomi.com/
CJB http://www.cjb.net/
3322 http://www.3322.org/
DHIS http://www.dhis.org/
DNS Made Easy http://www.dnsmadeeasy.com/
DynDNS.dk http://dyndns.dk/

 

Categories
Office

Outlook 2013 hang in loading profile

Outlook 2013 hang in loading profile

Environment:

Microsoft Outlook 2013 (32-bit) running in Windows 7 (64-bit)

Problem:

Microsoft Outlook suddenly not working. Outlook hang in “Loading profile” stage. We was working previously.

 

Troubleshoot task perform:

Task performed Result
Delete and recreate Outlook Profile Outlook still hang
Launch Outlook with safe mode (Outlook /safe) Successfully launch Outlook. Only a temporally solution.
Disable and remove all the Outlook add-in Outlook still hang
Restart computer Outlook still hang
Repair Microsoft Office Outlook still hang
Remove and Re-install Microsoft Office 2013 It is working but the problem happen again after some time
Disable cache mode Outlook still hang

 Solution: Disable the Hardware Acceleration

1. Modify registy by running “regedit

2. Go to HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common

3. Create a new Key and name is as ” Graphics

4. Select Graphics key, right-click on the empty area in right panel and create a new DWORD (32-bit) value with name of “DisableHardwareAcceleration

5. Enter value data as 1 for DisableHardwareAcceleration

DisableHardwareAcceleration
DisableHardwareAcceleration

Outlook 2013 should work fine now.

 

Categories
Vulnerability

How to test Heartbleed Bug

What is SSL Heartbleed Bug in simple English?

Basically it is a program bug/vulnerability in the SSL/TLS encryption that is widely use by most of the Internet applications such as website, VPN, email, etc. This allow the attacker to read/steal the your communication information. For more detail, you can check out http://heartbleed.com/ and http://www.kb.cert.org/vuls/id/720951

SSL heartbleed bug

How to test Heartbleed Bug

Below are some of the useful links that allow you to check whether your HTTPS website is vulnerable to Heartbleed bug

Qualys SSL Labs: https://www.ssllabs.com/ssltest/

Heartbleed test: http://filippo.io/Heartbleed/

Critical Watch Heartbleed Tester: http://heartbleed.criticalwatch.com/

LastPass Heartbleed bug test: https://lastpass.com/heartbleed/

Heartbleed checker: http://possible.lv/tools/hb/

 

Categories
Android

Latest JellyBam is now known as BAM-Rom

Latest JellyBam is now known as BAM-Rom

The last version for JellyBam is 10.3.0. There will not be any further JellyBAM version such as 10.4.0 or 10.5.0. Now the JellyBAM is known as BAM-Rom or BAM-Android.

JellyBAM 10.3.0
JellyBAM 10.3.0

I was using JellyBam 10.3.0 (or in fact, 10.x.x version)  on my Samsung Galaxy Note N700. It was very unstable, it crash/reboot from time to time especially when using Waze and Camera. The battery energy consumption also very poor. It

Now the new version is under the name BAM-Rom or BAM-Android. I upgrade/flash it with BAM-Rom_v1.0.0-RC1_JellyBean and it seem to work better and lighter.

BAM-Rom_v1.0.0-RC1_JellyBean
BAM-Rom_v1.0.0-RC1_JellyBean

 

Althought now BAM-Rom still in  1.0.0-RC1 (base on Android 4.3 version) but BAM-Rom is  more stable compare to Jelly Bam 10.x.x. I strongly recommend the JellyBAM 10.x.x user to upgrade to BAM-Rom if you encounter stability issue on JellyBam also.

The new RC-2 version is going to release in these few days. Will update to 1.0.0-RC2 as soon as it released. According to http://bam-android.com/forum/bam-rom/release-notes/553-bam-android-rom-1-0-0-rc2, below are some of the new features in BAM-Rom 1.0.0-RC2.
– New Android base: 4.3.1
– Fixed an issue with default Paranoid Preferences for HDPI devices such as i9100
– Fixed screenshoot issue on certain devices
– Fixed many memory leaks on systemUI
– BAMControl: Added Gestures Anywhere from ChameleonOS
– New fixes and addition to active display
– Update proprietary files and device tree for every supported device
– Fixed and improved the translations of every app
– New PA Hybrid engine
– New 4G/LTE toggle
– Fix statusbar clock am/pm
– Fix for wifi connection between p2p and and GO devies
– Fix notifications shortcuts
– New supported devices by codename: captivatemtd, e970, e973, honami, n5110, ovation, p970, steelhead, u8860, venturi, vs920, ypg1

 

Reference & Resource

Download BAM-Rom from:

http://get.bam-android.com/
http://goo.im/devs/BAM

 

 

Categories
Windows

Renew SSL certificate for Domain Controller LDAPS

Renew SSL Certificate for Domain Controller LDAPS

If you have created SSL certificate for LDAP over SSL on Domain Controller thru internal Microsoft Standalone CA as shown in LDAP over SSL for Domain Controller article, you might face the problem in renewing this certificate using MMC/GUI.

When you try to Renew This Certificate With The Same Key using the certificate mmc, you will get the following error:

 

Enrollment Error
The request contains no certificate template information.

 

 

Solution

1. From the Domain Controller that you need to renew the certificate, find the certificate thumbprint. Below are the steps for find the certificate thumbprint

a.) Open the Microsoft Management Console (MMC) snap-in for certificates.
b.) In the Console Root window’s left pane, click Certificates (Local Computer).
c.) Expand the Personal folder
d.) Expand the Certificates folder
e.) Double-click on your target certificate.
f.) In the Certificate dialog box, click the Details tab.
g.) Scroll through the list of fields till you find the Thumbprint.
h.) Copy the hexadecimal characters from the box.  For example, the thumbprint “a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”.

2. Create cert-renew.inf as shown below and paste the certificate thumbprint you gathered in the previous step for RenewalCert. Make sure you put in open and close quote if the certificate thumbprint have space in between

;—————– cert-renew.inf —————–[Version]Signature=”$Windows NT$”[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the DC
UseExistingKeySet = TRUE
MachineKeySet = TRUE
RenewalCert=”a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”

;———————————————–

3. Go into cmd prompt, create the certificate request

certreq -new cert-renew.inf cert-renew.req

4. Submit Certificate request to internal stand-alone CA

certreq -submit cert-renew.req

You will notice the RequestID will be provided if the certificate request successfully submitted to internal CA

5. Approve the certificate for the internal CA

6. Back to the Domain Controller that request for for certificate. Retrieve the certifcate

certreq -retrieve RequestID cert-renew.cer

7. Accept the certificate in your machine

certreq -accept cert-renew.cer

 

 

Categories
Windows

Drop down menu not working in IE 9

Certain Internet Explorer (IE) especially IE9 is having problem for drop down menu for some website (even sharepoint portal/website). Basically, the drop down menu is not working in IE9.

I have tried a couple of solution such as reset IE setting/configuration, enable compatibility view, etc but non is working. Finally, I solve it by disabled certain IE add-ons. Certain users that still have problem will need to start the IE without any add-ons.

Below is the screen capture to create shortcut on the user’s desktop that will start Internet Explorer (IE) without any add-on.

iexplore -extoff

Internet Explore (No-AddOn)

Internet Explore started without add-on

 

Categories
Exchange

Migrate Public Folder to Exchange 2010

Migrate Public Folder to Exchange 2010

One of the challenges for Microsoft Exchange 2003/2003 migration to Exchange 2010 is Public Folder. It can be very complicated and time-consuming if the Public Folder size is huge of lot of folders. The Public Folder is required for Outlook 2003 to continue access to Exchange 2010 server.
Microsoft Exchange provided the following PowerShell script for Public Folder migration in\v14\ Server\Scripts:

PowerShell Script Task Description
AddReplicaToPFRecursive.ps1 Add a server to the replication list
AggregatePFData.ps1 Aggregate data across all public folder replicas
RemoveReplicaFromPFRecursive.ps1 Remove a server from the replication list
MoveAllReplicas.ps1 Replace a server in the replication list
ReplaceReplicaOnPFRecursive.ps1 Replace a server in the replication list with a new server

 

Add new Exchange 2010 Server into Public Folder replication list

Launch the Exchange Management Shell and the go to the Exchange script folder:

cd $exscripts

 

Let’s say you current environment have either or both the EX2003 and EX2007. The new Exchange 2010 server name is EX2010. Below is the command you need to run in EXC2010 server.

To replicate all the non-system public folders for the top root to EX2010:

.\AddReplicaToPFRecursive.ps1 –TopPublicFolder \ –ServerToAdd  EX2010

 

To replicate all the System folders to EX2010:

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_SUBTREE” -ServerToAdd EX2010

 

*The replication might take up to days or even week depending on your Public Folder size

Common mistake or misconception:

  1. Make sure the ServerToAdd is the new Exchange 2010 server that you need you has a replica of Public Folder.
  2. Not to worry about which server is currently holding which part/folder of the Public Folder. The AddReplicaToPFRecursive.ps1 command to find by itself and then add to new server
  3. Do not point ServerToAdd to existing old server (Exchange 2003 or 2007 server) because it will add the Public Folder replica to this old server.  It might cause this old server to jam up if there is not enough space to hold all the public folder copy (because most of these old Exchange servers are running almost out of this space). 

 

To verify the Public Folder was replicated to new server:

Get-PublicFolder -Recurse | fl Name, Replicas

 

To verify the System Folders was replicated to new server:

Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas

 

Remove Public Folder from old server

To remove Public Folder replica from old server:

.\RemoveReplicaFromPFRecursive.ps1 –TopPublicFolder \ -ServerToRemove EX2003

 

To move all the Public Folder (including System folders) from old server (EX2003) to new server (EX2010):

.\MoveAllReplicas.ps1 –server EX2003 –NewServer EX2010

 

PowerShell cmd-let to verify Public Folder replica and replication:

Get-PublicFolder -Recurse | fl Name, Replicas

Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas

Get-PublicFolderStatistics -server E2010

Get-PublicFolderStatistics -server E2003

 

Additional clean-up task

Some of the System folder might not have the new Exchange 2010 server in the replication list. Here are the steps for check:

.\Get-PublicFolder “\NON_IPM_Substree\Schedule+ Free Busy” -recurse |fl name, replicas

If case that new Exchange 2010 server in not holding the Schedule+ Free Busy replica, you might get the event id 14029 with the error message of “Couldn’t find an Exchange 2010 or later public folder server with a replica of the free/busy folder…”

event id 14029
event id 14029

Perform the following command to resolve event id 14029 issue:

.\AddReplicaToRecursive.ps1 -TopPublicFolder “\NON_IPM_Substree\Schedule+ Free Busy” -ServerToAdd EX2010

 

Perform the same checking and rectification for other System folder (e.g. EForms Registry and Offline Address Book)

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_Subtree\EFORMS REGISTRY” -ServerToAdd EX2010

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_Subtree\OFFLINE ADDRESS BOOK” -ServerToAdd EX2010

 

Move Offline Address Book (OAB) generation to new Exchange 2010 server (that holds the Mailbox role)

Move-OfflineAddressBook “Default Offline Address List” –Server EX2010

 

Reference and Resource

http://technet.microsoft.com/en-us/library/aa997966.aspx

http://memphistech.net/?p=147

http://support.microsoft.com/kb/822931

http://smtp25.blogspot.com/2010/08/remove-public-folders-from-exchange.html

http://www.logicspot.net/?p=112

 

Categories
Windows

LDAP over SSL for Domain Controller

LDAPS over SSL (LDAPS) for Domain Controller

Each of Domain Controller have Lightweight Directory Access Protocol – LDAP (port 389) open for authentication for 3rd party application/system such as firewall/VPN appliance. The LDAP protocol is insecure because the data is sent in the clear text format. Therefore, we need LDAPS (LDAP over SSL) to encrypt and secure the communication. The default port for LDAPS is 636.

If your Active Directory is installed with Enterprise CA then most likely you will have digital certificate and LDAPS activated for all the domain controller by itself. Below are the steps to request the digital certificate for the domain controller server from Microsoft Stand-alone CA and the LDAPS will be activated automatically.

1. Make sure you have at least one Microsoft Stand-alone CA installed in your organization

2. From the domain controller server that you need the LDAPS, create certificate.inf file as shown in the example below in order to generate the certificate request file

;—————– certificate.inf —————–[Version]Signature=”$Windows NT$[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the Domain Controller
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

;———————————————–

3. Create the certificate request file by the following command

certreq -new certificate.inf certificate.req

4. Submit the certificate request file to the Stand-alone CA

certreq -submit certificate.req

The system will prompt you with the option to choose with stand-alone CA you want to submit. Take not on the certificate request id

5. In the Stand-alone Certificate Authority (CA), under “Pending Requests“, right-click on the request ID, select All Tasks – Issue. The certificate will goes into “Issued Certificates” folder.

Pending Requests

6. Retrieve the certificate from the domain controller that requesting the certificate

certreq -retrieve <request id> certificate.cer

certreq

7. Import the certificate into the Personal store of the Computer Account

Certificate - personal store 1 Certificate - personal store 2 Certificate - personal store 3 Certificate - personal store 4 Certificate - personal store 5

8. Test the LDAPS using ldp

LDAP over SSL connection

LDAP over SSL result

9. You can now proceed with LDAP over SSL integration with 3rd party system/application

10. For Windows 2008 Server, you night need to import the certificate into Active Directory Domain Services certificate store

Active Directory Domain Services

Resources and References:

To renew the SSL certificate created by this post, please go to Renew SSL certificate for Domain Controller LDAPS

http://support.microsoft.com/kb/321051

http://technet.microsoft.com/en-us/library/dd941846(WS.10).aspx

Lightweight Directory Access Protocol

Categories
Windows

Remote Desktop (RDP) Tricks and Tips

Remote Desktop (RDP) Tricks and Tips

Modify Remote Desktop Listening Port

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

PortNumber

  1. Double-click on the PortNumber to modify the RDP port number
  2. Select the Decimal base and modify the value data for the PortNumber. Default is 3389. The value should be within between 1025 and 65535
  3. Click OK and quit Registry Editor.
  4. Reboot the computer or restart “Remote Desktop Services service

 

Connect to remote desktop using different port

If you want to connect to remote desktop using customized port number (default is 3389)

  1. Run mstsc (optional steps: Click Start, click All ProgramsAccessoriesCommunicationsRemote Desktop Connection)
  2. In the Computer box, enter the IP address or host name for the computer that you need to connect and then follow by a colon “:” together with the port number
  3. Below are some of the example:
Example 1: MyServer is the host name and 3388 is the customized port number

MyServer:3388

Example 2: 192.168.1.10 is the IP address of the computer and 3390 is the customized port number

192.168.1.10:3390

  1. Click Connect.

Alternatively, you can use the follow command:

mstsc  /v:servername:portnumber

Example: mstsc /v:MyServer:3388

 

Activate Remote Desktop remotely using registry editor

Enable Remote desktop via the registry

  1. Run regedit (Registry Editor)
  2. On the File menu, click Connect Network Registry.
  3. In the Select Computer dialog box, type the computer name and then click Check Names.
  4. In the Enter Network Password dialog box, provide Domain Admins credentials for the domain of the server, and then click OK.
  5. After the computer name resolves, click OK.
  6. Locate the following registry subkey in the computer node:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

fDenyTSConnections

  1. Double-click on the fDenyTSConnection to edit the DWORD value. Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled)
  2. Restart the computer. (You can restart the remote computer using “shutdown /m \\computername /r”

 

Multiple RDP session for single user

By default, Remote Desktop (RDP)/Terminal Services in Windows 2008 will be using the same RDP session if you are using the same username. Unlike Windows 2003 that you can have different session under same user name. Below are the registry key to allow multiple RDP session for single user in Windows 2008

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:
  1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
  1. If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
  2. Modify fSingleSessionPerUser value:

0              Allow multiple sessions per user

1              Force each user to a single session

fSingleSessionPerUser

  1. Click OK and quit Registry Editor.
  2. Restart “Remote Desktop Services service” or Reboot the computer

 

RDP to the console session

In certain case, we need to connect to the console session of the server so that we can start/monitor certain legacy application that is not started via Windows Services. The administrator needs to login the server first and only start the application manually.

Use the following command to remote desktop to the server into console session:

For Windows Vista, 7, 2008 , Windows XP SP2 and above

Mstsc /admin

mstsc /admin

For Windows XP SP1 and before:

Mstsc /console

 

Resource and References:

http://oreilly.com/windows/archive/server-hacks-remote-desktop.html

http://support.microsoft.com/kb/306759

http://support.microsoft.com/kb/304304

http://remotedesktoprdp.com/Force-Single-Session-Allow-Multiple-Sessions-Per-User.aspx