How to know \Device\Harddisk#\DR# is which physical hard disk?
Under Windows environment, we are used to the drive letter such as C: or D: drive but the error in the Windows Event Viewer normally point out the faulty device in the different format \Device\?Harddisk#\DR# or \Device\HarddiskVolume# (e.g. \Device\Harddisk0\DR0). So, how can find/locate the correct hard disk / device?
Problem: The drive detected a controller error on \Device\Harddisk0\DR0
Below are the example of event log:
Log Name: System
Source: disk
Event ID: 11
Level: Error
General/detail: The drive detected a controller error on \Device\Harddisk0\DR0.
Solution: To find the error disk \Device\Harddisk0\DR0
Download WinObj from https://technet.microsoft.com/en-us/library/bb896657.aspx
Right-click on downloaded WinObj and run as administrator
Search through \Device\Harddisk# until you find your faulty device (e.g. \DR0)
You can see one or multiple Partition with SymbolicLink Type. (in my example, I got \Device\HarddiskVolume1 to 8 are belong to this device/disk). Note this down for the next step.
\Device\Harddisk0
Click on \GLOBAL?? in the left panel, then click on the “SymLink” column in the right panel in order to have the result sort in SymLink.
Find / locate \Device\HarddiskVolume# value you found in the step #4
You will notice that the name of the volume in the first column. There will be multiple entries that include volume GUID, drive letter, etc. From my result below, I can see that my C: drive is located in this \Device\Harddisk0\DR0 disk.
If you have created SSL certificate for LDAP over SSL on Domain Controller thru internal Microsoft Standalone CA as shown in LDAP over SSL for Domain Controller article, you might face the problem in renewing this certificate using MMC/GUI.
When you try to Renew This Certificate With The Same Key using the certificate mmc, you will get the following error:
Enrollment Error
The request contains no certificate template information.
Solution
1. From the Domain Controller that you need to renew the certificate, find the certificate thumbprint. Below are the steps for find the certificate thumbprint
a.) Open the Microsoft Management Console (MMC) snap-in for certificates.
b.) In the Console Root window’s left pane, click Certificates (Local Computer).
c.) Expand the Personal folder
d.) Expand the Certificates folder
e.) Double-click on your target certificate.
f.) In the Certificate dialog box, click the Details tab.
g.) Scroll through the list of fields till you find the Thumbprint.
h.) Copy the hexadecimal characters from the box. For example, the thumbprint “a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”.
2. Create cert-renew.inf as shown below and paste the certificate thumbprint you gathered in the previous step for RenewalCert. Make sure you put in open and close quote if the certificate thumbprint have space in between
Certain Internet Explorer (IE) especially IE9 is having problem for drop down menu for some website (even sharepoint portal/website). Basically, the drop down menu is not working in IE9.
I have tried a couple of solution such as reset IE setting/configuration, enable compatibility view, etc but non is working. Finally, I solve it by disabled certain IE add-ons. Certain users that still have problem will need to start the IE without any add-ons.
Below is the screen capture to create shortcut on the user’s desktop that will start Internet Explorer (IE) without any add-on.
One of the challenges for Microsoft Exchange 2003/2003 migration to Exchange 2010 is Public Folder. It can be very complicated and time-consuming if the Public Folder size is huge of lot of folders. The Public Folder is required for Outlook 2003 to continue access to Exchange 2010 server.
Microsoft Exchange provided the following PowerShell script for Public Folder migration in\v14\ Server\Scripts:
PowerShell Script
Task Description
AddReplicaToPFRecursive.ps1
Add a server to the replication list
AggregatePFData.ps1
Aggregate data across all public folder replicas
RemoveReplicaFromPFRecursive.ps1
Remove a server from the replication list
MoveAllReplicas.ps1
Replace a server in the replication list
ReplaceReplicaOnPFRecursive.ps1
Replace a server in the replication list with a new server
Add new Exchange 2010 Server into Public Folder replication list
Launch the Exchange Management Shell and the go to the Exchange script folder:
cd $exscripts
Let’s say you current environment have either or both the EX2003 and EX2007. The new Exchange 2010 server name is EX2010. Below is the command you need to run in EXC2010 server.
To replicate all the non-system public folders for the top root to EX2010:
*The replication might take up to days or even week depending on your Public Folder size
Common mistake or misconception:
Make sure the ServerToAdd is the new Exchange 2010 server that you need you has a replica of Public Folder.
Not to worry about which server is currently holding which part/folder of the Public Folder. The AddReplicaToPFRecursive.ps1 command to find by itself and then add to new server
Do not point ServerToAdd to existing old server (Exchange 2003 or 2007 server) because it will add the Public Folder replica to this old server. It might cause this old server to jam up if there is not enough space to hold all the public folder copy (because most of these old Exchange servers are running almost out of this space).
To verify the Public Folder was replicated to new server:
Get-PublicFolder -Recurse | fl Name, Replicas
To verify the System Folders was replicated to new server:
If case that new Exchange 2010 server in not holding the Schedule+ Free Busy replica, you might get the event id 14029 with the error message of “Couldn’t find an Exchange 2010 or later public folder server with a replica of the free/busy folder…”
event id 14029
Perform the following command to resolve event id 14029 issue:
Each of Domain Controller have Lightweight Directory Access Protocol – LDAP (port 389) open for authentication for 3rd party application/system such as firewall/VPN appliance. The LDAP protocol is insecure because the data is sent in the clear text format. Therefore, we need LDAPS (LDAP over SSL) to encrypt and secure the communication. The default port for LDAPS is 636.
If your Active Directory is installed with Enterprise CA then most likely you will have digital certificate and LDAPS activated for all the domain controller by itself. Below are the steps to request the digital certificate for the domain controller server from Microsoft Stand-alone CA and the LDAPS will be activated automatically.
1. Make sure you have at least one Microsoft Stand-alone CA installed in your organization
2. From the domain controller server that you need the LDAPS, create certificate.inf file as shown in the example below in order to generate the certificate request file
Subject = “CN=servername.domain.local” ; replace with the FQDN of the Domain Controller
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
;———————————————–
3. Create the certificate request file by the following command
certreq -new certificate.inf certificate.req
4. Submit the certificate request file to the Stand-alone CA
certreq -submit certificate.req
The system will prompt you with the option to choose with stand-alone CA you want to submit. Take not on the certificate request id
5. In the Stand-alone Certificate Authority (CA), under “Pending Requests“, right-click on the request ID, select All Tasks – Issue. The certificate will goes into “Issued Certificates” folder.
6. Retrieve the certificate from the domain controller that requesting the certificate
certreq -retrieve <request id> certificate.cer
7. Import the certificate into the Personal store of the Computer Account
8. Test the LDAPS using ldp
9. You can now proceed with LDAP over SSL integration with 3rd party system/application
10. For Windows 2008 Server, you night need to import the certificate into Active Directory Domain Services certificate store
Double-click on the PortNumber to modify the RDP port number
Select the Decimal base and modify the value data for the PortNumber. Default is 3389. The value should be within between 1025 and 65535
Click OK and quit Registry Editor.
Reboot the computer or restart “Remote Desktop Services service”
Connect to remote desktop using different port
If you want to connect to remote desktop using customized port number (default is 3389)
Run mstsc (optional steps: Click Start, click All Programs – Accessories – Communications – Remote Desktop Connection)
In the Computer box, enter the IP address or host name for the computer that you need to connect and then follow by a colon “:” together with the port number
Below are some of the example:
Example 1: MyServer is the host name and 3388 is the customized port number
MyServer:3388
Example 2: 192.168.1.10 is the IP address of the computer and 3390 is the customized port number
192.168.1.10:3390
Click Connect.
Alternatively, you can use the follow command:
mstsc /v:servername:portnumber
Example: mstsc /v:MyServer:3388
Activate Remote Desktop remotely using registry editor
Enable Remote desktop via the registry
Run regedit (Registry Editor)
On the File menu, click Connect Network Registry.
In the Select Computer dialog box, type the computer name and then click Check Names.
In the Enter Network Password dialog box, provide Domain Admins credentials for the domain of the server, and then click OK.
After the computer name resolves, click OK.
Locate the following registry subkey in the computer node:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
Double-click on the fDenyTSConnection to edit the DWORD value. Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled)
Restart the computer. (You can restart the remote computer using “shutdown /m \\computername /r”
Multiple RDP session for single user
By default, Remote Desktop (RDP)/Terminal Services in Windows 2008 will be using the same RDP session if you are using the same username. Unlike Windows 2003 that you can have different session under same user name. Below are the registry key to allow multiple RDP session for single user in Windows 2008
Run regedit (Registry Editor)
Locate and then click the following registry subkey:
If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
Modify fSingleSessionPerUser value:
0 Allow multiple sessions per user
1 Force each user to a single session
Click OK and quit Registry Editor.
Restart “Remote Desktop Services service” or Reboot the computer
RDP to the console session
In certain case, we need to connect to the console session of the server so that we can start/monitor certain legacy application that is not started via Windows Services. The administrator needs to login the server first and only start the application manually.
Use the following command to remote desktop to the server into console session:
For Windows Vista, 7, 2008 , Windows XP SP2 and above
Windows Small Business Server 2011 Essentials (Review)
Formal code name: Aurora
As the name suggested, it is suit to small business that currently do not have any server. It serve as the first server for the company that provide the file and print sharing, data backup, remote access, etc. Basically it is just a Windows Server 2008 R2 with additional small business add-on like Small Business Dashboard and Launchpad, server health monitor, etc.
Simple licensing model and low cost with Server license only. No Client Access Licenses (CALs) required.
Limitation of 25 PC/users. (whereas limitation for Windows SBS 2011 Standard is 75 users/devices)
In case the company expanded and required further services like email and collaboration service then this is the ideal platform because Windows Small Business Server (SBS) 2001 Essentials provide integration with Microsoft online cloud services like Office 365 (with hosted Exchange mail and SharePoint collaboration services) and CRM. (compare the Windows SBS 2011 Standard, the Exchange and SharePoint is hosted in premises within the server)
Additional feature that is no provided Windows Small Business Server 2011Essentials is PC/workstation backup that allow backup of client computer into server.
SBS 2011 must own the Active Directory FSMO master roles. Of course that additional Domain Controller and member servers are supported.
Small Business Server (SBS) Essential vs. Standard Comparison
SBS 2011 Essential main differentiators:
Tailored for Online Services integration
– Cross-premise solution with Office 365
– Retain local core infrastructure
– Simple, single sign-on experiences
– Server and Workstation Backup
– Maximum of 25 users/PC supported
– Low start-up cost because no Client Access License (CAL) required.
SBS 2011 Standard main differentiators:
Fully On-Premise Solution
– Email services with Exchange Server 2010
– Collaboration services with SharePoint Foundation 2010
– Windows Server Update Servers for local server/computer Windows Update
– Only server backup
– Maximum of 75 Users/devices supported
– Each user require Client Access License (CAL)
Small Business Server (SBS) 2011 Essentials System Requirements
Component
Requirement
Process
Maximum of 2 physical sockets supported, no limit on the processor cores)x64 processor with minimum:
1.4GHz for single processor
1.3GHz for dual processor
Memory (RAM)
Minimum : 2 GBRecommended: 4 GB
Maximum: 32 GB
Hard disk (System Partition)
160 GB
Network Adapter
Gigabit Ethernet network port
Backup drive (Optional)
USB 2.0 or faster external hard disk drive (Recommended to have 2 or more external USB hard disk for additional data redundancy and backup retention period)
Powerpoint 2003 alignment problem after kb2464588 patched
Some of the powerpoint file started to gave error/warning message “PowerPoint was unable to display some of the text, images, or objects on slides in this file….” as shown belew:
Solution
This might happen after you patch your Microsoft Office Powerpoint with kb2464588 patch. Remove the patch and it should work fine.
When you run Windows Update, make sure you excluded this kb2464588 patch until Microsoft have better patch or upprade your Microsoft Office to at least 2007 version