How to know \Device\Harddisk#\DR# is which physical hard disk?
Under Windows environment, we are used to the drive letter such as C: or D: drive but the error in the Windows Event Viewer normally point out the faulty device in the different format \Device\?Harddisk#\DR# or \Device\HarddiskVolume# (e.g. \Device\Harddisk0\DR0). So, how can find/locate the correct hard disk / device?
Problem: The drive detected a controller error on \Device\Harddisk0\DR0
Below are the example of event log:
Log Name: System
Source: disk
Event ID: 11
Level: Error
General/detail: The drive detected a controller error on \Device\Harddisk0\DR0.
Solution: To find the error disk \Device\Harddisk0\DR0
Download WinObj from https://technet.microsoft.com/en-us/library/bb896657.aspx
Right-click on downloaded WinObj and run as administrator
Search through \Device\Harddisk# until you find your faulty device (e.g. \DR0)
You can see one or multiple Partition with SymbolicLink Type. (in my example, I got \Device\HarddiskVolume1 to 8 are belong to this device/disk). Note this down for the next step.
\Device\Harddisk0
Click on \GLOBAL?? in the left panel, then click on the “SymLink” column in the right panel in order to have the result sort in SymLink.
Find / locate \Device\HarddiskVolume# value you found in the step #4
You will notice that the name of the volume in the first column. There will be multiple entries that include volume GUID, drive letter, etc. From my result below, I can see that my C: drive is located in this \Device\Harddisk0\DR0 disk.
DDNS stands for Dynamic Domain Name Systems that allow you to associate your dynamic changed public IP with a domain host name. DDNS allow you to access your home/office computer that serve as ftp service, remote desktop, email and webiste by referring the the domain host name.
The most famous ddns provider is DynDNS but unfortunately Dyn will discontinue their free dynamic DNS account on 7 May 2014.
Normally the user who use the dynamic DNS is the the home user or small business that might not afford for the paid ddns service. Therefore, below are some of alternate free DDNS to replace dyndns
Review: Provide free DNS hosting as well that allow you to configure static and dynamic DNS record under your own domain name. Support most of the open source router such as DD-WRT, OpenWRT, pfSense. Provided with Windows and Linux dynamic DNS update client.
Review: Provide free DNS hosting that allow to configure static and dynamic DNS record under your own domain name. Provided with Windows and Linux update client
Basically it is a program bug/vulnerability in the SSL/TLS encryption that is widely use by most of the Internet applications such as website, VPN, email, etc. This allow the attacker to read/steal the your communication information. For more detail, you can check out http://heartbleed.com/ and http://www.kb.cert.org/vuls/id/720951
How to test Heartbleed Bug
Below are some of the useful links that allow you to check whether your HTTPS website is vulnerable to Heartbleed bug
The last version for JellyBam is 10.3.0. There will not be any further JellyBAM version such as 10.4.0 or 10.5.0. Now the JellyBAM is known as BAM-Rom or BAM-Android.
JellyBAM 10.3.0
I was using JellyBam 10.3.0 (or in fact, 10.x.x version) on my Samsung Galaxy Note N700. It was very unstable, it crash/reboot from time to time especially when using Waze and Camera. The battery energy consumption also very poor. It
Now the new version is under the name BAM-Rom or BAM-Android. I upgrade/flash it with BAM-Rom_v1.0.0-RC1_JellyBean and it seem to work better and lighter.
BAM-Rom_v1.0.0-RC1_JellyBean
Althought now BAM-Rom still in 1.0.0-RC1 (base on Android 4.3 version) but BAM-Rom is more stable compare to Jelly Bam 10.x.x. I strongly recommend the JellyBAM 10.x.x user to upgrade to BAM-Rom if you encounter stability issue on JellyBam also.
The new RC-2 version is going to release in these few days. Will update to 1.0.0-RC2 as soon as it released. According to http://bam-android.com/forum/bam-rom/release-notes/553-bam-android-rom-1-0-0-rc2, below are some of the new features in BAM-Rom 1.0.0-RC2.
– New Android base: 4.3.1
– Fixed an issue with default Paranoid Preferences for HDPI devices such as i9100
– Fixed screenshoot issue on certain devices
– Fixed many memory leaks on systemUI
– BAMControl: Added Gestures Anywhere from ChameleonOS
– New fixes and addition to active display
– Update proprietary files and device tree for every supported device
– Fixed and improved the translations of every app
– New PA Hybrid engine
– New 4G/LTE toggle
– Fix statusbar clock am/pm
– Fix for wifi connection between p2p and and GO devies
– Fix notifications shortcuts
– New supported devices by codename: captivatemtd, e970, e973, honami, n5110, ovation, p970, steelhead, u8860, venturi, vs920, ypg1
If you have created SSL certificate for LDAP over SSL on Domain Controller thru internal Microsoft Standalone CA as shown in LDAP over SSL for Domain Controller article, you might face the problem in renewing this certificate using MMC/GUI.
When you try to Renew This Certificate With The Same Key using the certificate mmc, you will get the following error:
Enrollment Error
The request contains no certificate template information.
Solution
1. From the Domain Controller that you need to renew the certificate, find the certificate thumbprint. Below are the steps for find the certificate thumbprint
a.) Open the Microsoft Management Console (MMC) snap-in for certificates.
b.) In the Console Root window’s left pane, click Certificates (Local Computer).
c.) Expand the Personal folder
d.) Expand the Certificates folder
e.) Double-click on your target certificate.
f.) In the Certificate dialog box, click the Details tab.
g.) Scroll through the list of fields till you find the Thumbprint.
h.) Copy the hexadecimal characters from the box. For example, the thumbprint “a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”.
2. Create cert-renew.inf as shown below and paste the certificate thumbprint you gathered in the previous step for RenewalCert. Make sure you put in open and close quote if the certificate thumbprint have space in between
Certain Internet Explorer (IE) especially IE9 is having problem for drop down menu for some website (even sharepoint portal/website). Basically, the drop down menu is not working in IE9.
I have tried a couple of solution such as reset IE setting/configuration, enable compatibility view, etc but non is working. Finally, I solve it by disabled certain IE add-ons. Certain users that still have problem will need to start the IE without any add-ons.
Below is the screen capture to create shortcut on the user’s desktop that will start Internet Explorer (IE) without any add-on.
One of the challenges for Microsoft Exchange 2003/2003 migration to Exchange 2010 is Public Folder. It can be very complicated and time-consuming if the Public Folder size is huge of lot of folders. The Public Folder is required for Outlook 2003 to continue access to Exchange 2010 server.
Microsoft Exchange provided the following PowerShell script for Public Folder migration in\v14\ Server\Scripts:
PowerShell Script
Task Description
AddReplicaToPFRecursive.ps1
Add a server to the replication list
AggregatePFData.ps1
Aggregate data across all public folder replicas
RemoveReplicaFromPFRecursive.ps1
Remove a server from the replication list
MoveAllReplicas.ps1
Replace a server in the replication list
ReplaceReplicaOnPFRecursive.ps1
Replace a server in the replication list with a new server
Add new Exchange 2010 Server into Public Folder replication list
Launch the Exchange Management Shell and the go to the Exchange script folder:
cd $exscripts
Let’s say you current environment have either or both the EX2003 and EX2007. The new Exchange 2010 server name is EX2010. Below is the command you need to run in EXC2010 server.
To replicate all the non-system public folders for the top root to EX2010:
*The replication might take up to days or even week depending on your Public Folder size
Common mistake or misconception:
Make sure the ServerToAdd is the new Exchange 2010 server that you need you has a replica of Public Folder.
Not to worry about which server is currently holding which part/folder of the Public Folder. The AddReplicaToPFRecursive.ps1 command to find by itself and then add to new server
Do not point ServerToAdd to existing old server (Exchange 2003 or 2007 server) because it will add the Public Folder replica to this old server. It might cause this old server to jam up if there is not enough space to hold all the public folder copy (because most of these old Exchange servers are running almost out of this space).
To verify the Public Folder was replicated to new server:
Get-PublicFolder -Recurse | fl Name, Replicas
To verify the System Folders was replicated to new server:
If case that new Exchange 2010 server in not holding the Schedule+ Free Busy replica, you might get the event id 14029 with the error message of “Couldn’t find an Exchange 2010 or later public folder server with a replica of the free/busy folder…”
event id 14029
Perform the following command to resolve event id 14029 issue:
Each of Domain Controller have Lightweight Directory Access Protocol – LDAP (port 389) open for authentication for 3rd party application/system such as firewall/VPN appliance. The LDAP protocol is insecure because the data is sent in the clear text format. Therefore, we need LDAPS (LDAP over SSL) to encrypt and secure the communication. The default port for LDAPS is 636.
If your Active Directory is installed with Enterprise CA then most likely you will have digital certificate and LDAPS activated for all the domain controller by itself. Below are the steps to request the digital certificate for the domain controller server from Microsoft Stand-alone CA and the LDAPS will be activated automatically.
1. Make sure you have at least one Microsoft Stand-alone CA installed in your organization
2. From the domain controller server that you need the LDAPS, create certificate.inf file as shown in the example below in order to generate the certificate request file
Subject = “CN=servername.domain.local” ; replace with the FQDN of the Domain Controller
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;———————————————–
3. Create the certificate request file by the following command
certreq -new certificate.inf certificate.req
4. Submit the certificate request file to the Stand-alone CA
certreq -submit certificate.req
The system will prompt you with the option to choose with stand-alone CA you want to submit. Take not on the certificate request id
5. In the Stand-alone Certificate Authority (CA), under “Pending Requests“, right-click on the request ID, select All Tasks – Issue. The certificate will goes into “Issued Certificates” folder.
6. Retrieve the certificate from the domain controller that requesting the certificate
certreq -retrieve <request id> certificate.cer
7. Import the certificate into the Personal store of the Computer Account
8. Test the LDAPS using ldp
9. You can now proceed with LDAP over SSL integration with 3rd party system/application
10. For Windows 2008 Server, you night need to import the certificate into Active Directory Domain Services certificate store
Double-click on the PortNumber to modify the RDP port number
Select the Decimal base and modify the value data for the PortNumber. Default is 3389. The value should be within between 1025 and 65535
Click OK and quit Registry Editor.
Reboot the computer or restart “Remote Desktop Services service”
Connect to remote desktop using different port
If you want to connect to remote desktop using customized port number (default is 3389)
Run mstsc (optional steps: Click Start, click All Programs – Accessories – Communications – Remote Desktop Connection)
In the Computer box, enter the IP address or host name for the computer that you need to connect and then follow by a colon “:” together with the port number
Below are some of the example:
Example 1: MyServer is the host name and 3388 is the customized port number
MyServer:3388
Example 2: 192.168.1.10 is the IP address of the computer and 3390 is the customized port number
192.168.1.10:3390
Click Connect.
Alternatively, you can use the follow command:
mstsc /v:servername:portnumber
Example: mstsc /v:MyServer:3388
Activate Remote Desktop remotely using registry editor
Enable Remote desktop via the registry
Run regedit (Registry Editor)
On the File menu, click Connect Network Registry.
In the Select Computer dialog box, type the computer name and then click Check Names.
In the Enter Network Password dialog box, provide Domain Admins credentials for the domain of the server, and then click OK.
After the computer name resolves, click OK.
Locate the following registry subkey in the computer node:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
Double-click on the fDenyTSConnection to edit the DWORD value. Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled)
Restart the computer. (You can restart the remote computer using “shutdown /m \\computername /r”
Multiple RDP session for single user
By default, Remote Desktop (RDP)/Terminal Services in Windows 2008 will be using the same RDP session if you are using the same username. Unlike Windows 2003 that you can have different session under same user name. Below are the registry key to allow multiple RDP session for single user in Windows 2008
Run regedit (Registry Editor)
Locate and then click the following registry subkey:
If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
Modify fSingleSessionPerUser value:
0 Allow multiple sessions per user
1 Force each user to a single session
Click OK and quit Registry Editor.
Restart “Remote Desktop Services service” or Reboot the computer
RDP to the console session
In certain case, we need to connect to the console session of the server so that we can start/monitor certain legacy application that is not started via Windows Services. The administrator needs to login the server first and only start the application manually.
Use the following command to remote desktop to the server into console session:
For Windows Vista, 7, 2008 , Windows XP SP2 and above
