IT Blog

Microsoft

Windows does not have enough information to verify this certificate.

by on Jun.27, 2011, under Microsoft

Here come SSL certificates again. In recent Operating Systems Microsoft made some changes in Root certificates by removing some of them. Probably the best way to illustrate this is try to install Java on Server 2008 R2. When you try to install it you’ll get the following error:
Error 1330. A file that is required cannot be installed because the cabinet file Data1.cab has an invalid digital signature. This may indicate that the cabinet file is corrupt.

(continue reading…)

6 Comments :, , , more...

Netdiag Failed (DNS test, Redir and Browser test, DC list test, Kerberos test)

by on May.27, 2011, under Microsoft

Although Windows Server 2003 has been with us a while I can across this issue recently. This only because most of the 2003 domain controller installations I had seen were 32bit. But recently I found a domain that had a mixture of 32bit and 64bit domain controllers.

You run netdiag on your Windows 2003 64bit domain controller and get many failures like the ones bellow:

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir

(continue reading…)

5 Comments : more...

IIS Admin service would not start with error -2146893809

by on May.25, 2011, under IIS, Microsoft

In the event viewer you should see error with Event ID 7024.
The IIS Admin Service service terminated with service-specific error %%-2146893809.

Here is a possible fix. For the service to start it needs RSA MachineKey and access to it. The Key is stored in C:\Users\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys(for Server 2008)  you should see some files in that location with the size of 2 or 3 Kbytes. Look for the file name that starts with ‘C23’. This is the key that is used by Microsoft Internet Information Server. Check the permissions on that key and make sure that ‘System’ and ‘Administrators’ have full control on this key. Once the permissions are set try starting IIS Admin service.

1 Comment : more...

How to point a client to different domain controller

by on May.16, 2011, under Microsoft

Here is a useful command that I’ve discovered.
Imagine a situation where you have a domain called domain.local with multiple domain controllers DC0, DC1 etc.
For some reason some clients are not working as expected or working slower. In my case it was when I tried to run gpresult /r on some clients it was taking ages to provide full details. To find out if any of the domain controllers is having problems I wanted quickly to change the domain controller that the affected client is using.
Back in the day when Windows NT 4 ruled the world there was a command called setprfdc (set preferred domain controller) nltest does something similar.

So first I wanted to find out what DC the client is using. Now there are many different ways but here is a command that I’ve used:
nltest /dsgetdc:domain.local
(continue reading…)

6 Comments :, , more...

dns.exe high memory usage in Server 2008 R2

by on May.11, 2011, under Microsoft

Here is an interesting problem with DNS service. I have a new domain with domain controller running Server 2008 R2. I’ve noticed that the server is using more memory than expected. The DNS service is using 605MB of RAM which way too much.

I’ve checked on the other domain which have Server 2003 R2 domain controller and DNS service on these domain contoller are using ~20MB. (continue reading…)

11 Comments :, , more...

SSL Certificate add failed, Error: 1312

by on Mar.25, 2011, under Microsoft

You are trying to bind SSL certificate ot a port number using the the following command:
netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

The command failes with error:
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated. (continue reading…)

1 Comment :, , more...

Change registry permissions

by on Mar.18, 2011, under Microsoft, Other

So lets say you need to change registry permissions and give all domain users full rights to a specific key HKEY_LOCAL_MACHINE\SOFTWARE\My_App.
You can use Group Policy but also you can use a batch file. Batch file can be setup to run on system startup or you could push it with SCCM if you have it installed.

To change registry permissions you can use regini.exe and it should be on every Windows host but I think there is a better and easier tool(well at least to me) and it is called SetACL. This tool can be used to manage not only registry permission but also File Permissions, Auditing etc.
First download SetACL and from the download package extract command line version as this is what will be used in the script to c:\temp. There are 2 versions 32bit and 64bit, choose the one you need. (continue reading…)

Leave a Comment :, , , more...

A problem occured while installing selected Windows SDK components. Unknown property.

by on Mar.09, 2011, under Microsoft, Other

Here is one of the problems that took me some time to figure out.
I had to install Microsoft Windows SDK for Windows 7 and .NET Framework 4 on Server 2008 R2. But it would not install.
There are 2 ways to install it:
Web install using winsdk_web.exe a small too that download all the files during installation.
ISO imgae that has all required files already.
I’ve tired both methods and bot of them failed almost instantly with the following error message:
A problem occured while installing selected Windows SDK components. Unknown property.

(continue reading…)

8 Comments :, more...

System.Exception: No certificate was found in the cert store for user

by on Mar.05, 2011, under Microsoft

Recently I’ve wrote about certificate problem in WCF applications. Here is another one:
When starting WCF application the following error is logged Event ID: 0

Internal exception occured: System.Exception: No certificate was found in the cert store for user: comp_1\WCF_AppUser

So first lets see what certificate is the application looking for. Locate the application files and open application config file with notepad.
Now search for serviceCertificate you should see the line like below:
<serviceCertificate storeLocation=”LocalMachine” storeName=”My” x509FindType=”FindBySubjectName” findValue=”*.domain.local”/>

As you can see the application is looking for * wildcard certificate called *.domain.local
Open Certificates management console and make sure that the certificate named in config file is there. If not, you need to import it.
(continue reading…)

Leave a Comment more...

How to read registry value remotely in all computers in the domain

by on Mar.04, 2011, under Microsoft, Other

I had a task to find out what versions of PowerShell we have installed on the computers in the domain.
PowerShell version is stored in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine\
There is a a string called PowerShell version and the value of the string is the version of the PowerShell that is installed on the computer.
After looking around I came up with the following script:

On Error Resume Next

Dim objGroup, objFSO, strFile, objFile

Const HKEY_LOCAL_MACHINE = &H80000002
Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True
Const ADS_SCOPE_SUBTREE = 2

strFile = “c:\powershell.txt”
(continue reading…)

1 Comment more...