Categories
Windows

How to know \Device\Harddisk#\DR# is which physical hard disk?

How to know \Device\Harddisk#\DR# is which physical hard disk?

Under Windows environment, we are used to the drive letter such as C: or D: drive but the error in the Windows Event Viewer normally point out the faulty device in the different format \Device\?Harddisk#\DR# or \Device\HarddiskVolume# (e.g. \Device\Harddisk0\DR0). So, how can find/locate the correct hard disk / device?

Problem: The drive detected a controller error on \Device\Harddisk0\DR0

Below are the example of event log:

Log Name: System

Source: disk

Event ID: 11

Level: Error

General/detail: The drive detected a controller error on \Device\Harddisk0\DR0.

 

 

Solution: To find the error disk \Device\Harddisk0\DR0

  1. Download WinObj from https://technet.microsoft.com/en-us/library/bb896657.aspx
  2. Right-click on downloaded WinObj and run as administrator
  3. Search through \Device\Harddisk# until you find your faulty device (e.g. \DR0)
  4. You can see one or multiple Partition with SymbolicLink Type. (in my example, I got \Device\HarddiskVolume1 to 8 are belong to this device/disk). Note this down for the next step.

    WinObj \Device\Harddisk0
    \Device\Harddisk0
  5. Click on \GLOBAL?? in the left panel, then click on the “SymLink” column in the right panel in order to have the result sort in SymLink.
  6. Find / locate \Device\HarddiskVolume# value you found in the step #4
  7. You will notice that the name of the volume in the first column. There will be multiple entries that include volume GUID, drive letter, etc. From my result below, I can see that my C: drive is located in this \Device\Harddisk0\DR0 disk.WinObj \GLOBAL??

 

References & Resources:

https://technet.microsoft.com/en-us/library/bb896657.aspx

http://serverfault.com/questions/153513/identifying-a-physical-disk-from-its-windows-device-description

https://support.microsoft.com/en-us/kb/159865

Categories
Windows

Renew SSL certificate for Domain Controller LDAPS

Renew SSL Certificate for Domain Controller LDAPS

If you have created SSL certificate for LDAP over SSL on Domain Controller thru internal Microsoft Standalone CA as shown in LDAP over SSL for Domain Controller article, you might face the problem in renewing this certificate using MMC/GUI.

When you try to Renew This Certificate With The Same Key using the certificate mmc, you will get the following error:

 

Enrollment Error
The request contains no certificate template information.

 

 

Solution

1. From the Domain Controller that you need to renew the certificate, find the certificate thumbprint. Below are the steps for find the certificate thumbprint

a.) Open the Microsoft Management Console (MMC) snap-in for certificates.
b.) In the Console Root window’s left pane, click Certificates (Local Computer).
c.) Expand the Personal folder
d.) Expand the Certificates folder
e.) Double-click on your target certificate.
f.) In the Certificate dialog box, click the Details tab.
g.) Scroll through the list of fields till you find the Thumbprint.
h.) Copy the hexadecimal characters from the box.  For example, the thumbprint “a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”.

2. Create cert-renew.inf as shown below and paste the certificate thumbprint you gathered in the previous step for RenewalCert. Make sure you put in open and close quote if the certificate thumbprint have space in between

;—————– cert-renew.inf —————–[Version]Signature=”$Windows NT$”[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the DC
UseExistingKeySet = TRUE
MachineKeySet = TRUE
RenewalCert=”a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”

;———————————————–

3. Go into cmd prompt, create the certificate request

certreq -new cert-renew.inf cert-renew.req

4. Submit Certificate request to internal stand-alone CA

certreq -submit cert-renew.req

You will notice the RequestID will be provided if the certificate request successfully submitted to internal CA

5. Approve the certificate for the internal CA

6. Back to the Domain Controller that request for for certificate. Retrieve the certifcate

certreq -retrieve RequestID cert-renew.cer

7. Accept the certificate in your machine

certreq -accept cert-renew.cer

 

 

Categories
Windows

Drop down menu not working in IE 9

Certain Internet Explorer (IE) especially IE9 is having problem for drop down menu for some website (even sharepoint portal/website). Basically, the drop down menu is not working in IE9.

I have tried a couple of solution such as reset IE setting/configuration, enable compatibility view, etc but non is working. Finally, I solve it by disabled certain IE add-ons. Certain users that still have problem will need to start the IE without any add-ons.

Below is the screen capture to create shortcut on the user’s desktop that will start Internet Explorer (IE) without any add-on.

iexplore -extoff

Internet Explore (No-AddOn)

Internet Explore started without add-on

 

Categories
Windows

LDAP over SSL for Domain Controller

LDAPS over SSL (LDAPS) for Domain Controller

Each of Domain Controller have Lightweight Directory Access Protocol – LDAP (port 389) open for authentication for 3rd party application/system such as firewall/VPN appliance. The LDAP protocol is insecure because the data is sent in the clear text format. Therefore, we need LDAPS (LDAP over SSL) to encrypt and secure the communication. The default port for LDAPS is 636.

If your Active Directory is installed with Enterprise CA then most likely you will have digital certificate and LDAPS activated for all the domain controller by itself. Below are the steps to request the digital certificate for the domain controller server from Microsoft Stand-alone CA and the LDAPS will be activated automatically.

1. Make sure you have at least one Microsoft Stand-alone CA installed in your organization

2. From the domain controller server that you need the LDAPS, create certificate.inf file as shown in the example below in order to generate the certificate request file

;—————– certificate.inf —————–[Version]Signature=”$Windows NT$[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the Domain Controller
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0

[EnhancedKeyUsageExtension]

OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication

;———————————————–

3. Create the certificate request file by the following command

certreq -new certificate.inf certificate.req

4. Submit the certificate request file to the Stand-alone CA

certreq -submit certificate.req

The system will prompt you with the option to choose with stand-alone CA you want to submit. Take not on the certificate request id

5. In the Stand-alone Certificate Authority (CA), under “Pending Requests“, right-click on the request ID, select All Tasks – Issue. The certificate will goes into “Issued Certificates” folder.

Pending Requests

6. Retrieve the certificate from the domain controller that requesting the certificate

certreq -retrieve <request id> certificate.cer

certreq

7. Import the certificate into the Personal store of the Computer Account

Certificate - personal store 1 Certificate - personal store 2 Certificate - personal store 3 Certificate - personal store 4 Certificate - personal store 5

8. Test the LDAPS using ldp

LDAP over SSL connection

LDAP over SSL result

9. You can now proceed with LDAP over SSL integration with 3rd party system/application

10. For Windows 2008 Server, you night need to import the certificate into Active Directory Domain Services certificate store

Active Directory Domain Services

Resources and References:

To renew the SSL certificate created by this post, please go to Renew SSL certificate for Domain Controller LDAPS

http://support.microsoft.com/kb/321051

http://technet.microsoft.com/en-us/library/dd941846(WS.10).aspx

Lightweight Directory Access Protocol

Categories
Windows

Remote Desktop (RDP) Tricks and Tips

Remote Desktop (RDP) Tricks and Tips

Modify Remote Desktop Listening Port

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

PortNumber

  1. Double-click on the PortNumber to modify the RDP port number
  2. Select the Decimal base and modify the value data for the PortNumber. Default is 3389. The value should be within between 1025 and 65535
  3. Click OK and quit Registry Editor.
  4. Reboot the computer or restart “Remote Desktop Services service

 

Connect to remote desktop using different port

If you want to connect to remote desktop using customized port number (default is 3389)

  1. Run mstsc (optional steps: Click Start, click All ProgramsAccessoriesCommunicationsRemote Desktop Connection)
  2. In the Computer box, enter the IP address or host name for the computer that you need to connect and then follow by a colon “:” together with the port number
  3. Below are some of the example:
Example 1: MyServer is the host name and 3388 is the customized port number

MyServer:3388

Example 2: 192.168.1.10 is the IP address of the computer and 3390 is the customized port number

192.168.1.10:3390

  1. Click Connect.

Alternatively, you can use the follow command:

mstsc  /v:servername:portnumber

Example: mstsc /v:MyServer:3388

 

Activate Remote Desktop remotely using registry editor

Enable Remote desktop via the registry

  1. Run regedit (Registry Editor)
  2. On the File menu, click Connect Network Registry.
  3. In the Select Computer dialog box, type the computer name and then click Check Names.
  4. In the Enter Network Password dialog box, provide Domain Admins credentials for the domain of the server, and then click OK.
  5. After the computer name resolves, click OK.
  6. Locate the following registry subkey in the computer node:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

fDenyTSConnections

  1. Double-click on the fDenyTSConnection to edit the DWORD value. Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled)
  2. Restart the computer. (You can restart the remote computer using “shutdown /m \\computername /r”

 

Multiple RDP session for single user

By default, Remote Desktop (RDP)/Terminal Services in Windows 2008 will be using the same RDP session if you are using the same username. Unlike Windows 2003 that you can have different session under same user name. Below are the registry key to allow multiple RDP session for single user in Windows 2008

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:
  1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
  1. If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
  2. Modify fSingleSessionPerUser value:

0              Allow multiple sessions per user

1              Force each user to a single session

fSingleSessionPerUser

  1. Click OK and quit Registry Editor.
  2. Restart “Remote Desktop Services service” or Reboot the computer

 

RDP to the console session

In certain case, we need to connect to the console session of the server so that we can start/monitor certain legacy application that is not started via Windows Services. The administrator needs to login the server first and only start the application manually.

Use the following command to remote desktop to the server into console session:

For Windows Vista, 7, 2008 , Windows XP SP2 and above

Mstsc /admin

mstsc /admin

For Windows XP SP1 and before:

Mstsc /console

 

Resource and References:

http://oreilly.com/windows/archive/server-hacks-remote-desktop.html

http://support.microsoft.com/kb/306759

http://support.microsoft.com/kb/304304

http://remotedesktoprdp.com/Force-Single-Session-Allow-Multiple-Sessions-Per-User.aspx

 

Categories
Small Business Server

Windows Small Business Server 2011 Essentials Review

Windows Small Business Server 2011 Essentials (Review)

  • Formal code name: Aurora
  • As the name suggested, it is suit to small business that currently do not have any server. It serve as the first server for the company that provide the file and print sharing,  data backup, remote access, etc. Basically it is just a Windows Server 2008 R2 with additional small business add-on like Small Business Dashboard and Launchpad, server health monitor, etc.
  • Simple licensing model and low cost with Server license only. No Client Access Licenses (CALs) required.
  • Limitation of 25 PC/users. (whereas limitation for Windows SBS 2011 Standard is 75 users/devices)
  • In case the company expanded and required further services like email and collaboration service then this is the ideal platform because Windows Small Business Server (SBS) 2001 Essentials provide integration with Microsoft online cloud services like Office 365 (with hosted Exchange mail and SharePoint collaboration services) and CRM. (compare the Windows SBS 2011 Standard, the Exchange and SharePoint is hosted in premises within the server)
  • Additional feature that is no provided Windows Small Business Server 2011Essentials is PC/workstation backup that allow backup of client computer into server.
  • SBS 2011 must own the Active Directory FSMO master roles. Of course that additional Domain Controller and member servers are supported.

Small Business Server (SBS) Essential vs. Standard Comparison

SBS 2011 Essential main differentiators:

Tailored for Online Services integration

–          Cross-premise solution with Office 365

–          Retain local core infrastructure

–          Simple, single sign-on experiences

–          Server and Workstation Backup

–          Maximum of 25 users/PC supported

–          Low start-up cost because no Client Access License (CAL) required.

SBS 2011 Standard main differentiators:

Fully On-Premise Solution

–          Email services with Exchange Server 2010

–          Collaboration services with SharePoint Foundation 2010

–          Windows Server Update Servers for local server/computer Windows Update

–          Only server backup

–          Maximum of 75 Users/devices supported

–          Each user require Client Access License (CAL)

 

 

Small Business Server (SBS) 2011 Essentials System Requirements

Component Requirement
Process Maximum of 2 physical sockets supported, no limit on the processor cores)x64 processor with minimum:

  • 1.4GHz for single processor
  • 1.3GHz for dual processor

 

Memory (RAM) Minimum : 2 GBRecommended: 4 GB

Maximum: 32 GB

Hard disk (System Partition) 160 GB
Network Adapter Gigabit Ethernet network port
Backup drive (Optional) USB 2.0 or faster external hard disk drive (Recommended to have 2 or more external  USB hard disk for additional data redundancy and backup retention period)

 

References and Resources:

Windows Small Business Server Editions: http://www.microsoft.com/en-us/server-cloud/windows-small-business-server/editions.aspx

Windows Small Business Server 2011 download:

 

SBS 2011 Essentials trial version download: http://technet.microsoft.com/en-us/evalcenter/gg604826.aspx

 

SBS 2011 Standard trial version download:  http://technet.microsoft.com/en-us/evalcenter/gg492833.aspx

 

 

 

 

 

 

 

 

 

 

Categories
Windows 8

Where to download Windows 8 Developer Preview

Where to download Windows 8 Developer Preview

Microsoft announce the availablity of Windows 8 Developer Preview for download in:

Windows 8 Developer Preview with developer tools, Englisth X64 (64-bit)

Windows 8 Developer Preview, Englisth X64 (64-bit)

Windows 8 Developer Preview, Englisth x86 (32-bit)

Windows 8 Developer Preview is currently work in the following virtual environment:

  • Hyper-V in Windows 8 Developer Preview
  • Hyper-V in Windows Server 2008 R2
  • VMware Workstation 8.0 for Windows
  • VirtualBox 4.1.2 for Windows

 

References / Resources:

http://msdn.microsoft.com/en-us/windows/apps/br229516

Categories
Windows

Extend Windows Server Partition Size without reformat

Extend Windows Server Partition Size without reformat

There are lot of case we need to addin more hard disk space for the server. Of course you have the option to create it as new partition/drive but it might not work certain application/data that must stick within the existing partition. Basically below are the steps to extend or resize the existing partition for Windows 2003 Server and above

  1. Insert the new harddisk into the server
  2. If currently using RAID1, you have to convert it to RAID5 in the RAID Management software (each brand of server will have different RAID management tool. e.g. HP Array Configuration Utility)
  3. If currently using RAID5, just extend RAID5 with new harddisk using RAID managment software. If might take up to 1 day depending on the size of harddisk and server speed.
  4. Extend the Logical Array with new free capacity in RAID Management software. This will take time as well.
  5. Use DiskPart which is available for Windows 2003 server and above. Run the following command in Dos/cmd prompt
DiskPart Disk Partitioning tool from Microsoft Windows 2003 server and above
List Volumes List the volumes/drive currently configured
Select Volume # Where # is the volume/drive gathered from the previous step
Extend Size=xxxx Where xxxx is the size in MB to grow volume. 1GB is 1024MB. If you use Extend without specifying the size, then it will use all the available free space

Reference

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/diskpart.mspx?mfr=true

http://h18000.www1.hp.com/products/servers/proliantstorage/software-management/acumatrix/index.html

Alternative

If you need perform more complicated hard disk managment task like shink or extend C: drive, you can try Parted Magic which come with GNU2 license.Just burn it into disc or USB drive and then boot it up. Personally I found the hardware (RAID/SCSI controller card) support is much more compare to certain commercial product.

Categories
Windows

Delete the cached files in Photo Printing Wizard

Delete the cached files in Photo Printing Wizard

When you print images from e-mail attachments from Microsoft Outlook by using the Microsoft Windows XP Photo Printing Wizard, the Photo Printing Wizard displays the old images that you do not want to print.

Solution

You can try Microsoft recommende solution in http://support.microsoft.com/kb/915106 but in might not work for certain case especially for photo printing in Microsoft Outlook

Check out the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security\OutlookSecureTempFolder

It refer to the folder for temporally storing of outlook printing files and it is randomly generated. For example: C:\Documents and Settings\user.name\Local Settings\Temporary Internet Files\OLK49\
Just copy the string and then paste it in Windows Explorer. Delete all the files in this folder.

Categories
Windows

Run Application as Windows 2008 Service

Run Application as Windows 2008 Service

Windows 2008 do not provide toolkit similar like SrvAny and InstSrv that allow you to wrap the application and run as Windows Services.

Solution

  1. Download Windows 2003 Resource Kit from Microsoft http://www.microsoft.com/downloads/en/details.aspx?FamilyID=9d467a69-57ff-4ae7-96ee-b18c4790cffd&displaylang=en
  2. Install the the Windows 2003 Resource Kit into any workstation or even Windows 2008 server. We only need the SrvAny.exe file from the resource kit
  3. Copy SrvAny.exe in C:\Windows\System32 of Windows 2008 Server
  4. Use “sc ” to create a new service that launches “srvany ” (e.g. sc create MyCustomService binPath= C:\Windows\System32\srvany.exe DisplayName= “My Custom Service” )
  5. Using RegEdit : create a “Parameters ” key for your service (e.g. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyCustomService\Paramaters\ )
  6. Using RegEdit : within the newly created “Parameters ” key , create a string value called “Application ” and enter the full path to the application you are wanting to run as a service. (No quotes required.)

Example:

Below is the steps to make Inadyn (Simple Dynamic DNS client) to run as service

1. Download inadyn http://www.inatech.eu/inadyn/ (for OpenDNS, please download from http://www.opendns.com/support/ddns_files/inadyn-win32.zip)

2. Extract inadyn into c:\inadyn and do the necessary configuration by editing inadyn.conf

3. Copy SrvAny.exe from fron Windows 2003 Resource Kit into C:\Windows\System32

4. Create the service by the following command in command prompt

sc create inadyn binPath= c:\Windows\System32\srvany.exe DisplayName= inadync start= delayed-auto

5. Adjust the registy key. Below is the sample registry file. Just save the following content into anyfile.reg and then double-click to file to import it into registry.

REGEDIT4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inadyn\Parameters]
; Edit the next line to show the full path to the inadyn.exe executable file. Note that any backslashes “\” in the path must be _doubled_ “\\”
“Application”=”C:\\inadyn\\inadyn.exe”
; Edit the next line to replace “username” and “password” with your OpenDNS user name and password. The “–alias” string is arbitrary, and is really only relevant to more complex setups
“AppParameters”=”–input_file C:\\inadyn\\inadyn.conf”

6. Completed. You should be able to see th inadyn in the Windows Services.

Reference:

http://www.opendns.com/support/article/190