This Blog is a supplement to my website. Please also visit: www.DavidCocke.com

Sunday, December 25, 2011

VMware Converting from Thick to Thin

Background

When you create a virtual disk in VMware you are offered to provision it as "thick" or "thin".  Thick meaning a 120GB virtual hard drive will result in a 120GB vmdk file.  Thin meaning the vmdk file will grow based on the actual used space of the virtual hard drive.

As I began creating and converting physical machines or from VMware Workstation to our VSphere servers, I didn't really pay attention to whether they were set for Thick or Thin provisioning.  But as I started exploring backup options of our virtual server farm it quickly became obvious that we needed to convert those machines that were configured as Thick drives to Thin ones so that we could save on backup storage space and decrease the amount of time it was taking to back them up over the network.


But how do you convert one to the other?  Apparently going from Thin to Thick is easy, but doing the opposite is not as straight forward.

From what I've read if you have VMware VCenter, you simply right-click on the machine and convert it, but we don't have that.  Even in VMware workstation there doesn't seem to be an easy option.  I also found some rather elaborate scripts that people have written, but I wanted something a little more fool-proof and something I could control rather than trusting my soul to a script I didn't write.


In the end I found that I could do it using the free VMware vCenter Converter Standalone Client.

How-To

The following are the steps I went through to convert the disks in a virtual machine from Thick to Thin.  In this case I was working with a virtual machine that is running on a VSphere 5 server.  This step-by-step also assumes you're already familiar with the Standalone converter.


1) First shutdown the virtual machine.

2) Open VMware Converter and choose the "Convert Machine" button and follow the wizard.  You will select your source and target.  For my source the virtual machine name was FLAKE so I made my target name be FLAKE_X.  This means my source vmdk file for drive C: happens to be FLAKE.vmdk but my converted one will be named FLAKE_X.vmdk.  Just name your new machine with a suffix you'll recognize later.  

This machine also has a drive D: so the original vmdk file is FLAKE_1.vmdk and after the conversion it will be FLAKE_X_1.vmdk.  You might also consider browsing your Datastore in the vCenter Client before you begin to get a sense of how the current vmdk files are named.

To do this, click on the root (or top) of the list of Virtual Machines, then click the Configuration tab, under Hardware click Storage, then right-click on the Datastore you want and choose Browse Datastore.

3) In my case I'm converting to the same VSphere server (target) but the original virtual machine was on Datastore2 and there isn't enough free space on that volume to hold the converted disks.  So for the target destination I chose Datastore1.  The point here is you might want to do some math to make sure you have enough free space to do the conversion.  If you have sufficient space, choose your target to be the same Datastore as the source as this will save you time when you move the vmdk files later.


4) In the wizard when you get to the Options screen on the section that says Data to copy, choose the Edit button.  In there you will see the pull-down options under the Type column to choose Thin for each drive. After this, no other changes are needed so click to Finish the wizard and the conversion will begin.  Even on a modest sized drive(s) this will take some time, so go to lunch.  My conversion of drives that total 200GB in size estimated 9 hours, so I went to bed.


Another side note of interest.  When running the vCenter Converter client on XP it gives you a percentage of your progress and a time estimate.  When running this on a Windows 7 machine it just says it is running and no time estimate or progress bar so you're left guessing how long it takes.


5) Once the conversion is complete you can move the newly created vmdk file(s) to the same location as the original.  If you created your new VM on the same datastore this will only take a few seconds.  This is that time-saving step I mentioned before.  In my case, since I had a minimal amount of space on the original Datastore I left the new vmdk files alone for now.

To relocate the vmdk files open the vSphere Client, click on the root (or top) of the list of Virtual Machines, then click the Configuration tab, under Hardware click Storage, then right-click on the Datastore you want and choose Browse Datastore.  Drill down until you find your new vmdk file(s) and right-click on it and choose Move to.


6) Now edit the Virtual Machine settings of your original VM (the source) and remove each hard disk from the configuration and then add them back but point to the new "Thin" disk files.  

As a side note, after you click to remove the drives do not click OK on the configuration screen before you add the new drives.  Otherwise it will also remove your disk controller (typically a SCSCI controller) and if you had a unique controller defined you would need manually to redefine it the same as it was before.


7) Start your virtual machine and verify that it boots correctly.


8) Then you can browse the datastore and delete the old "Thick" vmdk files.  

In my case (because of my storage space issues), I powered down the VM again, deleted the Thick files from Datasore2 and then moved the "Thin" vmdk files from the Datastore1 to Datastore2.  Then I edited the VM again to point the drives to the new locations of the vmdk files.

9) When you are finished you can right-click on the newly created VM (the target or FLAKE_X in this example) and choose to Delete From Disk.


Conclusion


Although this is a time-consuming process I estimate we are saving close to a Terabyte in storage space across our VSphere servers and even more on our backup devices.


I just wish I could find a tool for my waistline to convert it from Thick to Thin.


Happy Thinning!!






VMware Converter - SQL_CANTOPEN Error

While working with the VMware vCenter Converter Standalone Client (in my case version 5.0) I kept getting the following error while trying to convert machines:

A general system error occurred: SQL_CANTOPEN: unable to open database file

After some research I find this error message has been around for awhile and also happens with previous versions of the Converter.  Some say network errors can cause it.

In my case it was the CrashPlan backup client that was causing it.  Forcing CrashPlan to sleep during my conversions corrected my issues.  I also read that for some disabling antivirus software corrected it for them.

So basically anything that could be locking files on the computer your running the VMware Converter software on is where you should look and not the machine being converted.  It was driving me crazy and I thought it was the target VSphere Server that was the issue.


Thursday, December 15, 2011

Windows 7 - Preparing your computer for first use

After using Symantec System Recovery 2011 (aka Symantec Backup Exec System Recovery) to restore an image backup of a physical Windows 7 machine to a virtual machine using the "Restore Anywhere" option, I was left with a machine that was stuck on the message: "Setup is preparing your computer for first use"

The "Restore Anywhere" option is a way of saying I am restoring to disimiliar hardware.  Also, I tried the restore to VMware VSphere 5 and VMware Workstation 7 and I had the same results.

Below are some steps that helped me resolve this.

While you see the message "Setup is preparing your computer for first use" you can press Shift F10 on the keyboard and you will see a command prompt.
Type in taskmgr.exe and you will get the Windows Task Manager
Look for a process called windeploy.exe and kill it (End Task)
Then you are taken to the Windows Logon screen where you can login normally.

Then follow these steps:

1. Within Windows, Click Start - Run, type 'regedit.exe' and press Enter.
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\Setup
3. Within HKEY_LOCAL_MACHINE\SYSTEM\Setup you will need to change the following values:

Here is an example of what the registry values could look like
"SetupType"=dword:00000000
 "SystemSetupInProgress"=dword:00000002
 "SetupPhase"=dword:00000004
 "CmdLine"="C:\OOB\Windeploy.exe"
 "OOBEInProgress"=dword:00000001

This is what the values needed to be changed to:
"SetupType"=dword:00000000
 "SystemSetupInProgress"=dword:00000000
 "SetupPhase"=dword:00000000
 "CmdLine"="" (This field should be Blank )
 "OOBEInProgress"=dword:00000000
 

Now click START and run MSCONFIG.EXE

On the General tab you may see it set for Selective Startup, and on the Boot tab you will see a reference to a Windows installation that is in "Recovery".




This is where it is confusing, but on the General tab, under Selective Startup, check the box that says "Use original boot configuration", and you will see it immediately uncheck the "Selective Startup" and check the "Normal Startup".  Also if you now look at the Boot tab you will see another bootable installation.





Now reboot, and you'll likely get a nasty message from the Boot Manager that says it cannot boot.  So you boot from your Windows 7 CD and choose the Repair Option.  It will detect the issue, correct it, and reboot.

And now finally you should have a working Windows 7 machine again.
 

Saturday, December 3, 2011

Lock Out

I want to tell a story of a customer that called me yesterday.  I'm sharing this story in hopes that these steps can be of help to someone else in the future.  Their Active Directory domain administrator password was changed somehow and there was no way to login to the primary server (Domain Controller).  This customer is in another state, and I mention this only to point out that my only access to them was from remote across the Internet.

Since I had previously done work for them on their Web Server, I at least had a way to remote in to that server, but since the domain admin credentials were not working I had to authenticate using the Web Server's local admin credentials.  Once connected I used VNC to get to the primary server's console, and we tried various password combinations but could not login as Administrator.

I found a free tool called ADManager Plus, and once installed on their Web Server I was able to query Active Directory and get a list of User Names and could at least see the last time those Users had authenticated.  I knew from my previous work that some of the accounts that existed were disabled, but this tool did not show which ones were active versus disabled. 

ADManager Plus can be found here:
http://www.manageengine.com/products/free-windows-active-directory-tools/download.html

Since we could see at least one account in the list that I recognized as being used by their primary application vendor and knowing that account likely already had Admin privileges, my hope was to login with that account and then reset the Administrator password.  The application vendor was very helpful and gave me several password combinations to try, but unfortunately none of them worked.

The customer also contacted a local IT Vendor and once on site, they tried a procedure similar to the one found here:

HOW TO: Reset your Lost 2003 Active Directory Admin Password
http://www.geeksaresexy.net/2009/03/12/how-to-reset-your-lost-2003-active-directory-admin-password/

The above steps basically have you wrap a password reset tool into a service and it attempts to change the password as the server is booting up.  Unfortunately this didn't work either.  It has worked for many others, which is why I wanted to still reference it as an option.

After some research, I thought perhaps I could use the Net.exe commands in Windows to reset the password, but in order to try I would need some way to get to the primary server's command prompt.

So I downloaded PSEXEC to their Web Server.  PSEXEC is a utility now owned and maintained by Microsoft that allows you to execute remote commands to another machine on the network.


Download PSEXEC here:

So let's say the Primary Server's name in this example is ALPHA.  I issued the following command from the Web Server's command prompt:

psexec \\ALPHA cmd

This allowed me to run cmd.exe (the command console) on the ALPHA server.  And now I could issue commands on the Primary Server.  This is also the step in which we were very lucky (or Blessed).  Typically in order for PSEXEC to do its magic it has to authenticate to the remote machine.  How is it I was able to issue this command when the Administrator account was inaccessible?  I can only assume that this server had previously authenticated before the Administrator password was changed and thus still had a valid security token.  I can't help but wonder that if we had rebooted this Web Server before now, if this step would have been impossible.

I tried using the Net.exe commands on the Primary Server but then realized that for some reason, Net.exe didn't exist on this server.  I'm not sure why since this is Server 2003 it should have been there.  After further reading, using the Net.exe commands might not have worked anyway since this is a Domain Controller.  I still wanted to mention this, as it could prove useful to someone in another scenario.

In the example below, the username whose password we are trying to reset is sunrise and the new password we want is Password2, and the /domain switch is supposed to indicate that we want to change it for the domain user called sunrise as opposed to a local user called sunrise.

net user sunrise Password2 /domain

More information about How to Use the Net User Command can be found here:  http://support.microsoft.com/kb/251394

I then came across some Active Directory commands such as:

dsquery - Query Acive Directory
dsadd - Add Users
dsmod - Modify Users

Please see How To Use the Directory Service Command-Line Tools to Manage Active Directory Objects in Windows Server 2003 here:
http://support.microsoft.com/kb/322684

I also found this site which gives some great examples on using these commands:
http://www.sadikhov.com/forum/index.php?/topic/84286-examples-for-dsadd-dsquery-dsget-dsmove-dsmod-dsrm/

In the end, we had success when I issued the following command:

dsmod user "CN=sunrise,CN=Users,DC=acme,DC=local" -pwd Password2

In the above example:
The username we wanted to change the password for is: sunrise
The Domain Name is: acme.local
The container that holds the username sunrise is: Users
The new password we want is: Password2

Once the sunrise password was changed, I logged into the Primary Server and then was able to change the Administrator password.

So to recap the successful steps:

Open a Remote Console on the Domain Controller
psexec \\ALPHA cmd 

Change the password of an account that already has Administrator Priviledges
dsmod user "CN=sunrise,CN=Users,DC=acme,DC=local" -pwd Password2

Friday, December 2, 2011

Malware hides all files and shortcuts

On several occasions we are called in to look at a computer that has been infected with malware or a virus.  And the malware has hidden every file (and shortcut) on the entire hard drive.  You notice this right away when you click on the START menu and nothing is there.  And when you open the C: drive in Windows Explorer, you also see nothing.

I wanted to document this fix for this for my own quick reference and hope it can be of help to others as well.

From a Command Prompt use this command:

attrib -r -h c:\*.* /s /d
This changes the attributes of each file to not be read-only or hidden and does this for all files and folders including subdirectories. 

Malware can also sometimes mess with file associations and leave you with inability to run EXE files or open documents or shortcuts.  I found this great website with a ready reference of fixes for these types of issues:



Saturday, November 12, 2011

Android Camera Phone to Picasa Web to Computer

I have been experimenting with Picasa Desktop and Picasa Web trying to figure out the best way to manage photos taken from my Android camera phone. 

Thanks to the Google+ app for Android it can automatically send photos you take on your phone to your Google+ account and then they are viewable in your Picasa Web account.  But the linkages are one-way and not bi-directional.

In the video below I demonstrate the various ways to get the photos from your phone to the computer as well as deleting them.


You may prefer to watch directly on YouTube

As a side note, this was also my first attempt at making a screen-capture video, so it's a little unpolished.

Saturday, October 1, 2011

SSL not working on Windows Server 2003

We have a customer that physically moved their server from one location to another. This was a server that had not been rebooted in over 6 months.


After we moved it and brought it back up I began to realize the SSL on the web server was not working.  I first thought I had made a mistake in the firewall rules since it was a new firewall at a new site on a different ISP.  But later began to realize that it was the server itself.  


If you tried to connect to the page with http port 80 it worked, but if you go https port 443 you get absolutely nothing, no errors just does not display.  There were also no errors in the Windows Error Logs.  I did iisreset until I was blue in the face, but no change.  


Then I decided to replace the certificate with a self-signed certificate:
  • In IIS, right-click on website (Default Web Site in my case) and choose Properties
  • Go to the Directory Security tab and choose the Server Certificates button
  • Choose the option to Replace the current certificate
  • Then I choose my self-signed certificate
Then magically the website began to show the SSL page, albeit with a security warning because it is a self-signed certificate.  Then I replaced it again with the valid certificate issued by the Trusted Certificate Authority (GeoTrust in this case).  But then I was back to my original symptom of no page displayed at all.

Then I decided to delete the certificate altogether and re-import it (thankfully I had saved it in a folder when we first installed it), but that too didn't work.  Then it occurred to me, that if I deleted the public certificate, I may have also deleted or broke the private key chain.

After Googling I found this very helpful article:



I followed the instructions, but the magical command line that made it work was rather unclear in their article since they did not give an example.

So let me clarify it here.  If you delete a certificate and then re-import it, you will need to repair the private key store to re-link it.

When you look at the certificate's Serial Number you will see it has spaces in it.  You have to include the spaces in your command line. 

Example: 

certutil -repairstore my "02 85 03"

Over the years I have dealt with SSL, I've had lots of errors and mistakes, but this was the first time I've encountered a situation that there was no errors, no clues, it just didn't work.  Hoping this might help someone else.



Friday, September 16, 2011

Windows 7 Accessing Mapped Network Drives

Today I ran into a situation on a Windows 7 install that I previously fought several months ago, but this time I vowed to document it so I can find the fix more quickly in the future.

Problem:  You have a Windows 7 PC connected to a domain.  The login scripts will map network drives for you.  Once logged in the user can see their mapped drive, H:\ for example.  But when you run a cmd prompt as an Administrator you cannot see drive H:\ or any drive that is mapped.

The reverse might also be true.  If the drive is mapped while under the context of Administrator, then the local user cannot see it.

Solution: Microsoft says this is by design, and maybe so, but it is still a pain-point.  The current user and the "run as local administrator" are considered two different contexts and each have a separate security token.  A workaround is to modify a registry key to allow both contexts to share the tokens.

  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
  • And if it does not exist create a new Key (DWord value) called EnableLinkedConnections with a value of 1
  • Then reboot


Sunday, July 24, 2011

Using Plantronics Bluetooth Headset as a Dictation Microphone

Unbelievable. I have just made something happen that I never thought was actually possible.  I am dictating this blog post via a Plantronics Bluetooth headset; the kind you would normally use to connect to your cell phone.  I'm so excited I just had to share this.

For years I used a feature phone and really had no need for a Bluetooth headset. In fact many of the phones I've had over the years did not support Bluetooth.  Now that I have a Sprint Evo 4G Android device it's almost impossible to cradle in your neck without dropping it.  I've been using the speakerphone a lot but occasionally I'm in a noisy environment and that's just not acceptable.

Today I purchased a Plantronics Voyager Pro+ Bluetooth headset, and I'm extremely happy with it.  One of the features of this headset is that it can connect up to two phones or devices.  This has come in very handy for me as I can dictate on the computer with the headset but when a phone call comes in I can press the button on the headset and be immediately connected to the caller.  And when we hang up, I'm immediately connected back to the computer to continue with my dictation.

I use Dragon NaturallySpeaking for the dictation software.  I Googled around trying to see if I could find a particular Bluetooth headset that was known to work with Dragon NaturallySpeaking and although I found some Bluetooth devices that were specifically meant to connect to a computer I did not see one that was primarily meant to connect with a cell phone that can also be used to connect to the computer.

I wanted to post the ingredients that I used in case someone else was curious if this can be done.

The ingredients:
In reading the reviews on the Best Buy website for the Rocketfish micro Bluetooth adapter I was concerned whether this would work at all because many consumers have purchased this device and could not make it work successfully on Windows 7 64-bit.  But because it was the only Bluetooth adapter that Best Buy carried in their store I thought I'd give it a try.  I had no trouble installing the drivers and getting the PC to recognize the device.  In fact it paired up with my headset right away.  But trying to get Windows 7 to understand I wanted to use this headset as a microphone did take a little bit finagling.

Ulmately, I went to Windows Control Panel and chose the Sound applet and on the Playback tab I selected my computer speakers at the default playback device that way I can still listen to sounds and music through my computer speakers.  Then on the Recording tab I selected my Bluetooth headset microphone as my default recording device.

Then using Dragon NaturallySpeaking's DragonBar I selected the Audio menu and used the Check Microphone option.  From there I was able to pick the Bluetooth headset as my recording device and follow the wizard to adjust the audio levels.

This all just happened and I've only had a short time to play with it but I've already had one phone call come in so I know it works.

Man, I love technology!  Especially when it works.

Monday, July 11, 2011

The specified printer driver is currently in use

I worked on a printing problem today for a user.  This is Windows XP.  For any network printer that was an HP LaserJet P2015 in her list she could not print to it.  If you right-clicked on the printer in the list and chose properties you would get the following message "The specified printer driver is currently in use."

If you opened the Print Server Properties page and tried to uninstall the printer driver you could also get an error message saying he could not uninstall because it was in use.

To resolve this I first deleted any network printer that was an HP LaserJet P2015 from her list of printers.  I then stopped the print spooler service.  Then used regedit and went to the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
and deleted the reference to the HP LaserJet P2015.

Then restarted the Printer Spooler service.  Went to the Print Server Properties page (click START, Printers and Faxes, then in the menus click on File, and then Server Properties).  Click on the drivers tab and choose to add a new printer driver.  Once the driver was installed I reattached the network printers and had no further errors.

Thanks to the following website for help locating the registry key above:
http://members.shaw.ca/bsanders/FAQPrinting.htm

Saturday, June 25, 2011

Copy an SSL Certificate from one Server to Another

I have customer that received a new web server from a vendor.  We needed to transfer the SSL certificate from the old web server to the new one.  I have many times created and/or renewed SSL certificates for websites, but this was the first time I needed to transfer it from one to another.


I found this great resource that stepped me through the process:

How to Move or Copy an SSL Certificate from one Server to Another

Turns out it was super easy.  The important things to remember are:

  • The name must be exactly the same (such as mysite.myplace.com)
  • The original certificate issued by the SSL provider must have the private key marked as exportable
It also helped that the old and new Windows servers used the same version of IIS.

Tuesday, June 7, 2011

QR Codes

I have a new Android phone and kept seeing these funny looking barcodes so I decided to learn more. Here is a quick reference for my friends and colleagues.

They are called QR Codes (Quick Response Codes).

Found a great video on CNET that gives a great general overview of how you can use this day to day:

Wikipedia gives you a more detailed and technical description:

On this website you can use their tool to create your own QR Codes:

For my Android phone I'm using an app called Barcode Scanner. I have a Sprint EVO 4G with an 8 megapixel camera and this Barcode Scanner app does amazingly well for several types of one and two dimensional barcodes.


The QR Code below will take you to my website:


Friday, April 22, 2011

Mouse not working in MS Word 2002 SP3 Office XP

Worked on a Windows XP computer today that has Microsoft Word 2002 SP3 (This is part of MS Office XP). When you open Word and type some text, you cannot highlight that text or click on it in any way with your mouse.

Using your mouse to click the menus works OK, and you can highlight the text using the keyboard.
This symptom was unique to certain people's profiles on this machine. Others logged into this machine did not have the problem.

I'm not totally sure what fixed it. I was trying the options listed in this Microsoft Support article (link below) including the Fix-It button and after a couple of steps would try it again.


I think the cure was deleting all template files (*.dot) from this directory:
C:\Documents and Settings\username\Application Data\Microsoft\Templates\
I was about to do the step regarding COM Add-Ins (have to open Word for that) and viola it was working.

I had already tried deleting the normal.dot file from this and other folders, but that didn't help.




Sunday, April 10, 2011

Errors installing Microsoft Security Essentials

During the install of Microsoft Security Essentials I was receiving the following errors:
  • 0x80070643
  • 0x8004FF37
In the end I found a Windows OneCare Cleanup Tool here:

This machine never had OneCare installed, but as I watched the cleanup tool do its work I noticed it was cleaning up older versions of Windows Antimalware and Windows Defender. This machine did have Windows Defender once upon a time.

For what its worth the Cleanup Tool wanted a reboot, but I declined, and MSE installed successfully.


Rogue antivirus still showing after removal

While in Spiceworks I noticed a computer that said it had two antivirus packages installed. One was legitimate (Symantec Endpoint) and the other was called "Personal Internet Security". After Googling I find this is malware; a fake antivirus package.

I found that once upon a time this machine had been infected with this. Somehow it had registered itself with Windows Security Center thus was still showing as an installed antivirus package. Funny thing too, it said it was current on its virus definitions.

To correct this I issued the following commands from a CMD prompt on that PC:

net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt

As I understand it, if you had an issue where no antivirus package was being found by Windows Security Center, the above commands might work for that too.

After issuing the above commands, I forced Spiceworks to rescan and it correctly identified that just Symantec Endpoint was installed.

Friday, April 8, 2011

System Restore eating up disk space

Today I was working on a PC that kept failing backups. Once I started the backup I was intrigued at how long it estimated to complete. Upon further investigation I could see that the disk space used was over 45 Gigabytes. This is extremely high for this PC.

Using TreeSize Free it reported only 13 Gigabytes being used. TreeSize Free cannot access the hidden System Volume Information folder. It then occurred to me that the System Restore might be the culprit.

As it turns out on Windows XP, the default for System Restore is to use up to 12% of the total disk space. This is huge when you consider the size of hard drives today. Obviously I wanted to reduce this size not only on this machine but for many others that we are responsible for.

Many thanks to Steen Kirkby's Blog for leading me in the right direction.

Using one of our favorite tools called VNCscan we were able to create some scripts to help roll-out the changes to several computers at once.

By reducing all of the computers to use just 1% of their total hard drive space will save us a ton of space on our backup volumes. On the troubled PC that started all of this, we went from using over 45 Gigabytes of space to just 13 Gigabytes.

In VNC Scan we broke this up into three scripts.

Script 1 - System Restore Cap to 1 percent (a CMD script)
%SYSTEMDRIVE%
cd \temp\vncscan

:: The following sets the maximum percentage of disk space used by System Restore

REG ADD "HKLM\Software\Microsoft\Windows NT\Currentversion\SystemRestore" /v DiskPercent /t REG_DWORD /d 1 /f

REG ADD "HKLM\Software\Microsoft\Windows NT\Currentversion\SystemRestore\Cfg" /v DiskPercent /t REG_DWORD /d 1 /f

ECHO Now you must stop and restart System Restore
PAUSE

Script 2 - System Restore OFF (a VBS script)
strComputer = "."
set objWmi = GetObject("winmgmts://" & strComputer & _
"/root/default:SystemRestore")
objWmi.Disable("")
WScript.Echo "System Restore disabled"

Script 3 - System Restore ON (a VBS script)
strComputer = "."
set objWmi = GetObject("winmgmts://" & strComputer & _
"/root/default:SystemRestore")
objWmi.Enable("")
WScript.Echo "System Restore enabled"

Hoping this will help someone else in the future.







Tuesday, April 5, 2011

Manually Updating GoToMyPC

Since GoToMyPC released their IPad client I have been wanting to try it out. I finally learned that in order for it to work your PC must be running at least version 7.x of their software.

If I went to a PC that had version 6.x you're supposed to be able to right-click the tray icon and "Check for Updates" but it always said I had the latest version.

Finally found this web page:


At the very bottom in fine print they tell you to manually upgrade click this link:

I went there, had to login first, but was then offered the download. Had to install it twice to get it to take, and even after it took, it then told me I had an update to apply. By the way, this is on a Windows XP SP3 machine.

This update process is obviously very buggy.

Sunday, April 3, 2011

Geocode Searching in TweetDeck

I've been playing around with doing localized searches of Twitter messages using TweetDeck for Windows. I haven't tried other flavors of TweetDeck, but would expect them to work too.

In this example we'll use the main Knoxville, TN Post Office as our center point. Our post office is located at:

1237 E Weisgarber Rd, Knoxville TN

So, go to http://geocoder.us and type in the address you want to be the center point (typically your home address).



The format you will use in TweetDeck is
geocode:Latitude,Longitude,distance

Distance can be expressed in Miles (mi) or Kilometers (km)

Now in TweetDeck, add a new search column and use the examples below:

To find all Tweets with a 5 Mile Radius:
geocode:35.943316,-84.011165,5mi

To find all Tweets in a 10 Mile radius that contain the word "fun":
fun geocode:35.943316,-84.011165,5mi


You could also do similar searches from the Twitter.com search website http://search.twitter.com.

There you can define searches that contains a "Place" such as Knoxville, Atlanta, Boston, etc. You can also use a Zip Code.

Find all Tweets within 5 Miles of the 37909 zip code:

In Twitter's search box you enter: near:37909 within:5mi



Find all tweets within 15 Miles of Knoxville that contain the words "Krispy Kreme":

In Twitter's general search you enter: "Krispy Kreme" near:Knoxville within:15mi



Wednesday, March 30, 2011

MS Office XP - Word does not display a document

We have a client that uses Office XP throughout their organization. I know, Office 2011 is the latest. They also have Windows XP. We have had intermittent issues with Microsoft Word.
Now that we have had repeated success in solving the problem I wanted to document it here in hopes it will help someone else.

Symptom: When you double-click a Word document or open a document as an attachment from Outlook, Word will open but just displays a blank document and not the one you wanted. However, if you first open Word, and then click File, Open, you can select a document and it opens correctly.

The Fix: Make a change on the command line in the File Associations Menu.
  • Open Windows Explorer
  • Click on Tools, Folder Options, and then select the File Types tab.
  • Go to the DOC extension and click the Advanced button.
  • On the list of Actions, select the Open action. Then choose edit.
  • Refer to picture below, but you will add "%1" to the end of the command line.

After saving this change you should be able to double-click a document and open it. If you are using Roaming Profiles, be sure to log off from Windows to save these changes.

Comments: We have yet to figure out what causes this problem to occur. In researching the issue we think it could be having Word as your default editor in Outlook. So as we encounter this issue we are changing the option in Outlook to NOT use Word as the Editor.

Another odd thing, is that if you install MS Office XP fresh on a user's profile, the command line above does not have a "%1" and yet it works fine.


Xmarks.com - Great Service

I had something interesting happen to me today. Well, interesting to me. Starting last night I was having trouble syncing my favorites/bookmarks with Xmarks. This morning the problems continued. I looked around on their website to see if they had announced any issues. I found a post in their forums that a handful of other people were having issues as well. I sent a Tweet (on Twitter of course) about the fact that I was having problems. I didn't send it to them mind you, I just tweeted to the world and then also shared it with my co-workers who also depend upon Xmarks. To my shock this afternoon I received a direct tweet from Xmarks acknowledging that there had been a problem and they resolved it. Wow! Now I'm still relatively new to Twitter, and maybe this happens frequently, but this is awesome. Wish I could Tweet about high taxes and then have my Congressman respond telling me my worries are over. Xmarks was already at the top of my favorite software but this kind of great customer response is something I wish all of my vendors would take note of. Thank you Xmarks/LastPass for such great products.

Saturday, March 26, 2011

offline changes not synchronized

Had a user that kept getting messages about "offline changes not synchronized". You could see that the server was online, but no matter what would not sync the changes.

This is Windows XP SP3 and connecting to Server 2003.

Found this Microsoft Support article that fixed the issue. Used the "Fix It" button, applied and rebooted.


Apparently the User's Offline Files (CSC or Client Side Caching) cache and database was corrupted.


Friday, March 25, 2011

Cannot print from Adobe Reader 9.4.2

A user called saying they could not print from Adobe Reader. They could print to their local printer but not to their network color laser printer. When they tried it acted like it sent it to the printer, but nothing showed up in the print queue.

I found this is a known issue with Adobe Reader 9.4.2. I updated it to 9.4.3 and it corrected the issue.


Outlook will not open hyperlinks

Worked on an interesting problem today. A user called me and she could not open any website by clicking on a link in her email. She is using Windows XP Service Pack3, Outlook 2007, and Internet Explorer 8.

When she clicked on a link from her email, Outlook gave this message:

"This operation has been cancelled due to restrictions in effect on this computer."


As it turned out this was not an Outlook problem at all. It was a problem with Internet Explorer. We first reset it to defaults but that didn't help. Then I noticed that if you saved a website address to the Desktop and tried to open it, Windows would ask you which program to open it with. In other words, there was no default web browser.

To fix it, I opened Firefox and let it be the default web browser. Then I opened Internet Explorer and when it asked, said it could now be the default web browser.

Then we could open links from Windows and Outlook normally.


Sunday, March 20, 2011

Active Directory Sync problems

Last Thursday evening and into Friday morning I worked on a server that had a hard drive crash. Another annoying example where a mirrored drive did no good at all. At any rate, spent most of the night restoring from an image backup.

The next morning I had calls that some users could not login to the domain. On one computer I unjoined and rejoined the computer to the domain and it worked, but not so for others I tried. No user account could login to these machines. I logged in as local admin and could see in the error logs it was complaining of Kerberos errors.

This environment has two domain controllers and both are Server 2003. The server that crashed was a secondary domain controller. On that server I could see lots of various error messages in the logs and it was incredibly slow. The master domain controller complained the name of the secondary controller was invalid.

I didn't record all of the errors I found but here is the one that stood out and ultimately led me to the fix.

Note: So as to protect the identity of my client, let's refer to the Master Domain Controller as PARENT and the Secondary Domain Controller as CHILD.


Had this error on CHILD:

Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 1864
Date: 3/18/2011
Time: 2:51:22 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: CHILD
Description:
This is the replication status for the following directory partition on the local domain controller.

I went here to download the Windows Server Support Tools for both the PARENT and CHILD servers. Although I appreciate Microsoft for providing these tools, as important as Active Directory is, I don't understand why they do not provide the same functionality as repadmin and netdom in the Windows GUI.

Ran this command on both servers: repadmin /showreps

On CHILD it said authentication failure (meaning it could not authenticate to PARENT).

On PARENT is said "Target Principal Name is Incorrect" (meaning it could not find the CHILD server).

Ran this command on CHILD:

netdom resetpwd /server:PARENT /user:customerdomain\administrator /password:adminpassword

This basically reset the kerberos encryption key to allow them to start talking to each other.

Kept running this command again every few minutes on both servers: repadmin /showreps

After about 10 minutes they both began talking to each other again and all errors disappeared. After rebooting the client PCs that were having trouble we could then login to the domain normally.