How to know \Device\Harddisk#\DR# is which physical hard disk?

How to know \Device\Harddisk#\DR# is which physical hard disk?

Under Windows environment, we are used to the drive letter such as C: or D: drive but the error in the Windows Event Viewer normally point out the faulty device in the different format \Device\?Harddisk#\DR# or \Device\HarddiskVolume# (e.g. \Device\Harddisk0\DR0). So, how can find/locate the correct hard disk / device?

Problem: The drive detected a controller error on \Device\Harddisk0\DR0

Below are the example of event log:

Log Name: System

Source: disk

Event ID: 11

Level: Error

General/detail: The drive detected a controller error on \Device\Harddisk0\DR0.



Solution: To find the error disk \Device\Harddisk0\DR0

  1. Download WinObj from
  2. Right-click on downloaded WinObj and run as administrator
  3. Search through \Device\Harddisk# until you find your faulty device (e.g. \DR0)
  4. You can see one or multiple Partition with SymbolicLink Type. (in my example, I got \Device\HarddiskVolume1 to 8 are belong to this device/disk). Note this down for the next step.

    WinObj \Device\Harddisk0
  5. Click on \GLOBAL?? in the left panel, then click on the “SymLink” column in the right panel in order to have the result sort in SymLink.
  6. Find / locate \Device\HarddiskVolume# value you found in the step #4
  7. You will notice that the name of the volume in the first column. There will be multiple entries that include volume GUID, drive letter, etc. From my result below, I can see that my C: drive is located in this \Device\Harddisk0\DR0 disk.WinObj \GLOBAL??


References & Resources:


Outlook 2013 hang in loading profile

Outlook 2013 hang in loading profile


Microsoft Outlook 2013 (32-bit) running in Windows 7 (64-bit)


Microsoft Outlook suddenly not working. Outlook hang in “Loading profile” stage. We was working previously.


Troubleshoot task perform:

Task performed Result
Delete and recreate Outlook Profile Outlook still hang
Launch Outlook with safe mode (Outlook /safe) Successfully launch Outlook. Only a temporally solution.
Disable and remove all the Outlook add-in Outlook still hang
Restart computer Outlook still hang
Repair Microsoft Office Outlook still hang
Remove and Re-install Microsoft Office 2013 It is working but the problem happen again after some time
Disable cache mode Outlook still hang

 Solution: Disable the Hardware Acceleration

1. Modify registy by running “regedit

2. Go to HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Common

3. Create a new Key and name is as ” Graphics

4. Select Graphics key, right-click on the empty area in right panel and create a new DWORD (32-bit) value with name of “DisableHardwareAcceleration

5. Enter value data as 1 for DisableHardwareAcceleration


Outlook 2013 should work fine now.



Renew SSL certificate for Domain Controller LDAPS

Renew SSL Certificate for Domain Controller LDAPS

If you have created SSL certificate for LDAP over SSL on Domain Controller thru internal Microsoft Standalone CA as shown in LDAP over SSL for Domain Controller article, you might face the problem in renewing this certificate using MMC/GUI.

When you try to Renew This Certificate With The Same Key using the certificate mmc, you will get the following error:


Enrollment Error
The request contains no certificate template information.




1. From the Domain Controller that you need to renew the certificate, find the certificate thumbprint. Below are the steps for find the certificate thumbprint

a.) Open the Microsoft Management Console (MMC) snap-in for certificates.
b.) In the Console Root window’s left pane, click Certificates (Local Computer).
c.) Expand the Personal folder
d.) Expand the Certificates folder
e.) Double-click on your target certificate.
f.) In the Certificate dialog box, click the Details tab.
g.) Scroll through the list of fields till you find the Thumbprint.
h.) Copy the hexadecimal characters from the box.  For example, the thumbprint “a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”.

2. Create cert-renew.inf as shown below and paste the certificate thumbprint you gathered in the previous step for RenewalCert. Make sure you put in open and close quote if the certificate thumbprint have space in between

;—————– cert-renew.inf —————–[Version]Signature=”$Windows NT$”[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the DC
UseExistingKeySet = TRUE
MachineKeySet = TRUE
RenewalCert=”a1 29 53 2e 12 3f 3d 35 53 2c f2 53 26 c2 4d 27 33 b2 6b 3c”


3. Go into cmd prompt, create the certificate request

certreq -new cert-renew.inf cert-renew.req

4. Submit Certificate request to internal stand-alone CA

certreq -submit cert-renew.req

You will notice the RequestID will be provided if the certificate request successfully submitted to internal CA

5. Approve the certificate for the internal CA

6. Back to the Domain Controller that request for for certificate. Retrieve the certifcate

certreq -retrieve RequestID cert-renew.cer

7. Accept the certificate in your machine

certreq -accept cert-renew.cer




Drop down menu not working in IE 9

Certain Internet Explorer (IE) especially IE9 is having problem for drop down menu for some website (even sharepoint portal/website). Basically, the drop down menu is not working in IE9.

I have tried a couple of solution such as reset IE setting/configuration, enable compatibility view, etc but non is working. Finally, I solve it by disabled certain IE add-ons. Certain users that still have problem will need to start the IE without any add-ons.

Below is the screen capture to create shortcut on the user’s desktop that will start Internet Explorer (IE) without any add-on.

iexplore -extoff

Internet Explore (No-AddOn)

Internet Explore started without add-on



Migrate Public Folder to Exchange 2010

Migrate Public Folder to Exchange 2010

One of the challenges for Microsoft Exchange 2003/2003 migration to Exchange 2010 is Public Folder. It can be very complicated and time-consuming if the Public Folder size is huge of lot of folders. The Public Folder is required for Outlook 2003 to continue access to Exchange 2010 server.
Microsoft Exchange provided the following PowerShell script for Public Folder migration in\v14\ Server\Scripts:

PowerShell Script Task Description
AddReplicaToPFRecursive.ps1 Add a server to the replication list
AggregatePFData.ps1 Aggregate data across all public folder replicas
RemoveReplicaFromPFRecursive.ps1 Remove a server from the replication list
MoveAllReplicas.ps1 Replace a server in the replication list
ReplaceReplicaOnPFRecursive.ps1 Replace a server in the replication list with a new server


Add new Exchange 2010 Server into Public Folder replication list

Launch the Exchange Management Shell and the go to the Exchange script folder:

cd $exscripts


Let’s say you current environment have either or both the EX2003 and EX2007. The new Exchange 2010 server name is EX2010. Below is the command you need to run in EXC2010 server.

To replicate all the non-system public folders for the top root to EX2010:

.\AddReplicaToPFRecursive.ps1 –TopPublicFolder \ –ServerToAdd  EX2010


To replicate all the System folders to EX2010:

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_SUBTREE” -ServerToAdd EX2010


*The replication might take up to days or even week depending on your Public Folder size

Common mistake or misconception:

  1. Make sure the ServerToAdd is the new Exchange 2010 server that you need you has a replica of Public Folder.
  2. Not to worry about which server is currently holding which part/folder of the Public Folder. The AddReplicaToPFRecursive.ps1 command to find by itself and then add to new server
  3. Do not point ServerToAdd to existing old server (Exchange 2003 or 2007 server) because it will add the Public Folder replica to this old server.  It might cause this old server to jam up if there is not enough space to hold all the public folder copy (because most of these old Exchange servers are running almost out of this space). 


To verify the Public Folder was replicated to new server:

Get-PublicFolder -Recurse | fl Name, Replicas


To verify the System Folders was replicated to new server:

Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas


Remove Public Folder from old server

To remove Public Folder replica from old server:

.\RemoveReplicaFromPFRecursive.ps1 –TopPublicFolder \ -ServerToRemove EX2003


To move all the Public Folder (including System folders) from old server (EX2003) to new server (EX2010):

.\MoveAllReplicas.ps1 –server EX2003 –NewServer EX2010


PowerShell cmd-let to verify Public Folder replica and replication:

Get-PublicFolder -Recurse | fl Name, Replicas

Get-PublicFolder -recurse \non_ipm_subtree |fl name, replicas

Get-PublicFolderStatistics -server E2010

Get-PublicFolderStatistics -server E2003


Additional clean-up task

Some of the System folder might not have the new Exchange 2010 server in the replication list. Here are the steps for check:

.\Get-PublicFolder “\NON_IPM_Substree\Schedule+ Free Busy” -recurse |fl name, replicas

If case that new Exchange 2010 server in not holding the Schedule+ Free Busy replica, you might get the event id 14029 with the error message of “Couldn’t find an Exchange 2010 or later public folder server with a replica of the free/busy folder…”

event id 14029
event id 14029

Perform the following command to resolve event id 14029 issue:

.\AddReplicaToRecursive.ps1 -TopPublicFolder “\NON_IPM_Substree\Schedule+ Free Busy” -ServerToAdd EX2010


Perform the same checking and rectification for other System folder (e.g. EForms Registry and Offline Address Book)

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_Subtree\EFORMS REGISTRY” -ServerToAdd EX2010

.\AddReplicaToPFRecursive.ps1 -TopPublicFolder “\NON_IPM_Subtree\OFFLINE ADDRESS BOOK” -ServerToAdd EX2010


Move Offline Address Book (OAB) generation to new Exchange 2010 server (that holds the Mailbox role)

Move-OfflineAddressBook “Default Offline Address List” –Server EX2010


Reference and Resource



LDAP over SSL for Domain Controller

LDAPS over SSL (LDAPS) for Domain Controller

Each of Domain Controller have Lightweight Directory Access Protocol – LDAP (port 389) open for authentication for 3rd party application/system such as firewall/VPN appliance. The LDAP protocol is insecure because the data is sent in the clear text format. Therefore, we need LDAPS (LDAP over SSL) to encrypt and secure the communication. The default port for LDAPS is 636.

If your Active Directory is installed with Enterprise CA then most likely you will have digital certificate and LDAPS activated for all the domain controller by itself. Below are the steps to request the digital certificate for the domain controller server from Microsoft Stand-alone CA and the LDAPS will be activated automatically.

1. Make sure you have at least one Microsoft Stand-alone CA installed in your organization

2. From the domain controller server that you need the LDAPS, create certificate.inf file as shown in the example below in order to generate the certificate request file

;—————– certificate.inf —————–[Version]Signature=”$Windows NT$[NewRequest]

Subject = “CN=servername.domain.local” ; replace with the FQDN of the Domain Controller
KeySpec = 1
KeyLength = 1024
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0


OID= ; this is for Server Authentication


3. Create the certificate request file by the following command

certreq -new certificate.inf certificate.req

4. Submit the certificate request file to the Stand-alone CA

certreq -submit certificate.req

The system will prompt you with the option to choose with stand-alone CA you want to submit. Take not on the certificate request id

5. In the Stand-alone Certificate Authority (CA), under “Pending Requests“, right-click on the request ID, select All Tasks – Issue. The certificate will goes into “Issued Certificates” folder.

Pending Requests

6. Retrieve the certificate from the domain controller that requesting the certificate

certreq -retrieve <request id> certificate.cer


7. Import the certificate into the Personal store of the Computer Account

Certificate - personal store 1 Certificate - personal store 2 Certificate - personal store 3 Certificate - personal store 4 Certificate - personal store 5

8. Test the LDAPS using ldp

LDAP over SSL connection

LDAP over SSL result

9. You can now proceed with LDAP over SSL integration with 3rd party system/application

10. For Windows 2008 Server, you night need to import the certificate into Active Directory Domain Services certificate store

Active Directory Domain Services

Resources and References:

To renew the SSL certificate created by this post, please go to Renew SSL certificate for Domain Controller LDAPS

Lightweight Directory Access Protocol


Remote Desktop (RDP) Tricks and Tips

Remote Desktop (RDP) Tricks and Tips

Modify Remote Desktop Listening Port

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:



  1. Double-click on the PortNumber to modify the RDP port number
  2. Select the Decimal base and modify the value data for the PortNumber. Default is 3389. The value should be within between 1025 and 65535
  3. Click OK and quit Registry Editor.
  4. Reboot the computer or restart “Remote Desktop Services service


Connect to remote desktop using different port

If you want to connect to remote desktop using customized port number (default is 3389)

  1. Run mstsc (optional steps: Click Start, click All ProgramsAccessoriesCommunicationsRemote Desktop Connection)
  2. In the Computer box, enter the IP address or host name for the computer that you need to connect and then follow by a colon “:” together with the port number
  3. Below are some of the example:
Example 1: MyServer is the host name and 3388 is the customized port number


Example 2: is the IP address of the computer and 3390 is the customized port number

  1. Click Connect.

Alternatively, you can use the follow command:

mstsc  /v:servername:portnumber

Example: mstsc /v:MyServer:3388


Activate Remote Desktop remotely using registry editor

Enable Remote desktop via the registry

  1. Run regedit (Registry Editor)
  2. On the File menu, click Connect Network Registry.
  3. In the Select Computer dialog box, type the computer name and then click Check Names.
  4. In the Enter Network Password dialog box, provide Domain Admins credentials for the domain of the server, and then click OK.
  5. After the computer name resolves, click OK.
  6. Locate the following registry subkey in the computer node:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server


  1. Double-click on the fDenyTSConnection to edit the DWORD value. Change the value data from 1 (Remote Desktop disabled) to 0 (Remote Desktop enabled)
  2. Restart the computer. (You can restart the remote computer using “shutdown /m \\computername /r”


Multiple RDP session for single user

By default, Remote Desktop (RDP)/Terminal Services in Windows 2008 will be using the same RDP session if you are using the same username. Unlike Windows 2003 that you can have different session under same user name. Below are the registry key to allow multiple RDP session for single user in Windows 2008

  1. Run regedit (Registry Editor)
  2. Locate and then click the following registry subkey:
  1. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer
  1. If the fSingleSessionPerUser value doesn’t exist, create a new DWORD value named fSingleSessionPerUser
  2. Modify fSingleSessionPerUser value:

0              Allow multiple sessions per user

1              Force each user to a single session


  1. Click OK and quit Registry Editor.
  2. Restart “Remote Desktop Services service” or Reboot the computer


RDP to the console session

In certain case, we need to connect to the console session of the server so that we can start/monitor certain legacy application that is not started via Windows Services. The administrator needs to login the server first and only start the application manually.

Use the following command to remote desktop to the server into console session:

For Windows Vista, 7, 2008 , Windows XP SP2 and above

Mstsc /admin

mstsc /admin

For Windows XP SP1 and before:

Mstsc /console


Resource and References:


Small Business Server

Windows Small Business Server 2011 Essentials Review

Windows Small Business Server 2011 Essentials (Review)

  • Formal code name: Aurora
  • As the name suggested, it is suit to small business that currently do not have any server. It serve as the first server for the company that provide the file and print sharing,  data backup, remote access, etc. Basically it is just a Windows Server 2008 R2 with additional small business add-on like Small Business Dashboard and Launchpad, server health monitor, etc.
  • Simple licensing model and low cost with Server license only. No Client Access Licenses (CALs) required.
  • Limitation of 25 PC/users. (whereas limitation for Windows SBS 2011 Standard is 75 users/devices)
  • In case the company expanded and required further services like email and collaboration service then this is the ideal platform because Windows Small Business Server (SBS) 2001 Essentials provide integration with Microsoft online cloud services like Office 365 (with hosted Exchange mail and SharePoint collaboration services) and CRM. (compare the Windows SBS 2011 Standard, the Exchange and SharePoint is hosted in premises within the server)
  • Additional feature that is no provided Windows Small Business Server 2011Essentials is PC/workstation backup that allow backup of client computer into server.
  • SBS 2011 must own the Active Directory FSMO master roles. Of course that additional Domain Controller and member servers are supported.

Small Business Server (SBS) Essential vs. Standard Comparison

SBS 2011 Essential main differentiators:

Tailored for Online Services integration

–          Cross-premise solution with Office 365

–          Retain local core infrastructure

–          Simple, single sign-on experiences

–          Server and Workstation Backup

–          Maximum of 25 users/PC supported

–          Low start-up cost because no Client Access License (CAL) required.

SBS 2011 Standard main differentiators:

Fully On-Premise Solution

–          Email services with Exchange Server 2010

–          Collaboration services with SharePoint Foundation 2010

–          Windows Server Update Servers for local server/computer Windows Update

–          Only server backup

–          Maximum of 75 Users/devices supported

–          Each user require Client Access License (CAL)



Small Business Server (SBS) 2011 Essentials System Requirements

Component Requirement
Process Maximum of 2 physical sockets supported, no limit on the processor cores)x64 processor with minimum:

  • 1.4GHz for single processor
  • 1.3GHz for dual processor


Memory (RAM) Minimum : 2 GBRecommended: 4 GB

Maximum: 32 GB

Hard disk (System Partition) 160 GB
Network Adapter Gigabit Ethernet network port
Backup drive (Optional) USB 2.0 or faster external hard disk drive (Recommended to have 2 or more external  USB hard disk for additional data redundancy and backup retention period)


References and Resources:

Windows Small Business Server Editions:

Windows Small Business Server 2011 download:


SBS 2011 Essentials trial version download:


SBS 2011 Standard trial version download:











Windows 8

Where to download Windows 8 Developer Preview

Where to download Windows 8 Developer Preview

Microsoft announce the availablity of Windows 8 Developer Preview for download in:

Windows 8 Developer Preview with developer tools, Englisth X64 (64-bit)

Windows 8 Developer Preview, Englisth X64 (64-bit)

Windows 8 Developer Preview, Englisth x86 (32-bit)

Windows 8 Developer Preview is currently work in the following virtual environment:

  • Hyper-V in Windows 8 Developer Preview
  • Hyper-V in Windows Server 2008 R2
  • VMware Workstation 8.0 for Windows
  • VirtualBox 4.1.2 for Windows


References / Resources:


Powerpoint 2003 alignment problem after kb2464588 patched

Powerpoint 2003 alignment problem after kb2464588 patched

Some of the powerpoint file started to gave error/warning message “PowerPoint was unable to display some of the text, images, or objects on slides in this file….” as shown belew:

PowerPoint was unable to display some of the text, images, or objects on slides in this file....


This might happen after you patch your Microsoft Office Powerpoint with kb2464588 patch. Remove the patch and it should work fine.


When you run Windows Update, make sure you excluded this kb2464588 patch until Microsoft have better patch or upprade your Microsoft Office to at least 2007 version

exclude kb2464588