Archive for the ‘Microsoft’ Category

Exchange no email flow January 1st 2022

01 Jan

Update Jan 3rd:
Microsoft has release a solution for this problem.

Looks like Microsoft has dropped us a present for New Year. This morning I found that no emails are flowing.
Quick look at event logs was showing FIPFS as a culprit. FIPFS Event id 5300

The FIP-FS “Microsoft” Scan Engine failed to load. PID: 15952, Error Code: 0x80004005. Error Description: Can’t convert “2201010003” to long.

The temporary workaround is to disable Anti malware scanning and restart Transport service. The script to disable Anti malware scanning is located in your Exchange script directory. From Exchange Management Shell do:

cd $exscripts
Restart-Service MSExchangeTransport

To confirm that it was disabled run:
Get-TransportAgent "Malware Agent"

The email should start flowing

Happy New Year!!!

Windows does not have enough information to verify this certificate.

27 Jun

Here come SSL certificates again. In recent Operating Systems Microsoft made some changes in Root certificates by removing some of them. Probably the best way to illustrate this is try to install Java on Server 2008 R2. When you try to install it you’ll get the following error:
Error 1330. A file that is required cannot be installed because the cabinet file has an invalid digital signature. This may indicate that the cabinet file is corrupt.


Netdiag Failed (DNS test, Redir and Browser test, DC list test, Kerberos test)

27 May

Although Windows Server 2003 has been with us a while I can across this issue recently. This only because most of the 2003 domain controller installations I had seen were 32bit. But recently I found a domain that had a mixture of 32bit and 64bit domain controllers.

You run netdiag on your Windows 2003 64bit domain controller and get many failures like the ones bellow:

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for reading.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir


IIS Admin service would not start with error -2146893809

25 May

In the event viewer you should see error with Event ID 7024.
The IIS Admin Service service terminated with service-specific error %%-2146893809.

Here is a possible fix. For the service to start it needs RSA MachineKey and access to it. The Key is stored in C:\Users\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys(for Server 2008)  you should see some files in that location with the size of 2 or 3 Kbytes. Look for the file name that starts with ‘C23’. This is the key that is used by Microsoft Internet Information Server. Check the permissions on that key and make sure that ‘System’ and ‘Administrators’ have full control on this key. Once the permissions are set try starting IIS Admin service.

How to point a client to different domain controller

16 May

Here is a useful command that I’ve discovered.
Imagine a situation where you have a domain called domain.local with multiple domain controllers DC0, DC1 etc.
For some reason some clients are not working as expected or working slower. In my case it was when I tried to run gpresult /r on some clients it was taking ages to provide full details. To find out if any of the domain controllers is having problems I wanted quickly to change the domain controller that the affected client is using.
Back in the day when Windows NT 4 ruled the world there was a command called setprfdc (set preferred domain controller) nltest does something similar.

So first I wanted to find out what DC the client is using. Now there are many different ways but here is a command that I’ve used:
nltest /dsgetdc:domain.local

dns.exe high memory usage in Server 2008 R2

11 May

Here is an interesting problem with DNS service. I have a new domain with domain controller running Server 2008 R2. I’ve noticed that the server is using more memory than expected. The DNS service is using 605MB of RAM which way too much.

I’ve checked on the other domain which have Server 2003 R2 domain controller and DNS service on these domain contoller are using ~20MB. (more…)

SSL Certificate add failed, Error: 1312

25 Mar

You are trying to bind SSL certificate ot a port number using the the following command:
netsh http add sslcert ipport= certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

The command failes with error:
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated. (more…)

Change registry permissions

18 Mar

So lets say you need to change registry permissions and give all domain users full rights to a specific key HKEY_LOCAL_MACHINE\SOFTWARE\My_App.
You can use Group Policy but also you can use a batch file. Batch file can be setup to run on system startup or you could push it with SCCM if you have it installed.

To change registry permissions you can use regini.exe and it should be on every Windows host but I think there is a better and easier tool(well at least to me) and it is called SetACL. This tool can be used to manage not only registry permission but also File Permissions, Auditing etc.
First download SetACL and from the download package extract command line version as this is what will be used in the script to c:\temp. There are 2 versions 32bit and 64bit, choose the one you need. (more…)

A problem occured while installing selected Windows SDK components. Unknown property.

09 Mar

Here is one of the problems that took me some time to figure out.
I had to install Microsoft Windows SDK for Windows 7 and .NET Framework 4 on Server 2008 R2. But it would not install.
There are 2 ways to install it:
Web install using winsdk_web.exe a small too that download all the files during installation.
ISO imgae that has all required files already.
I’ve tired both methods and bot of them failed almost instantly with the following error message:
A problem occured while installing selected Windows SDK components. Unknown property.


System.Exception: No certificate was found in the cert store for user

05 Mar

Recently I’ve wrote about certificate problem in WCF applications. Here is another one:
When starting WCF application the following error is logged Event ID: 0

Internal exception occured: System.Exception: No certificate was found in the cert store for user: comp_1\WCF_AppUser

So first lets see what certificate is the application looking for. Locate the application files and open application config file with notepad.
Now search for serviceCertificate you should see the line like below:
<serviceCertificate storeLocation=”LocalMachine” storeName=”My” x509FindType=”FindBySubjectName” findValue=”*.domain.local”/>

As you can see the application is looking for * wildcard certificate called *.domain.local
Open Certificates management console and make sure that the certificate named in config file is there. If not, you need to import it.

IT Blog

Just another blog on Network