How to fix the “Could not connect to Group Policy Client service” Error

Recently a few of our Windows Vista machines have experienced a problem after removing Script Logic Desktop Authority from them, causing non-admin users to not be able to log into the machine.

GP-Client-service-error-large

The message that appears is
“Could not connect to Group Policy Client service. Please consult your system administrator.”
but strangely sometimes manifests as
“Windows could not connect to the system event notification service . Please consult your system administrator.”

After seeing this message, a normal user is dropped back to the Ctrl-Alt-Del logon screen.

This is how you can solve the problem if you are experiencing a similar problem

1. Log on to the machine as administrator
2. click start and into the search box type “Event Viewer” and press enter
3. Look in the Windows Logs under System for any Warnings or Errors. The error message will be something like Windows cannot process Group Policy Client Side Extension (Daci). Exception (in my case it was daci which is part of the script logic desktop authority program)
4. On the details tab, take a note of the GUID for the faulty client side extension
5. click start and into the search box type “regedit” and press enter
6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions and then click on the string that represents your faulty GP Extension.
7. click on the file menu and choose export and save a backup of the file.
8. Once the registry is backed up you can delete the folder that corresponds to the GUID
9. Do a restart and log on as a normal user.

Problem solved!

How not to move your iTunes music!

This is a bit of a lesson to myself on how iTunes is set up and the bizzareness of it all.
I was at a client’s to fix their laptop that was running sluggish and on which skype was refusing to work on. On inspection, I found that the primary partition was running seriously low on space and as such the file system was incredibly fragmented.

move-itunes-library-large
A quick scan with treesize showed the the majority of the hard drive space was being used up by the client’s music in iTunes. Luckily the hard drive was partitioned into two drives and the seccond partition was practically empty and had ample space if I was to move the mucus across to it.
Firing up iTunes, I went into the settings and told the program to use a folder on the second partition as the primary store for the music. After applying the settings, nothing happened an the mucsic was still on the primary partition. Digging a little deeper, I found that I needed to tell iTunes to we catalog it’s music and it would then move the music across to the new location – the. All I would need to do is delete the music from the old location under my music.
After about 40 mins, the music had finished copying across so I went ahead and deleted the iTunes folder in my music, emptied the recycle bin and started a full defrag of the system drive using myDefrag.
This is where my mistake was – instead of deleting just the music, I had accidently deleted the iTunes database as well, meaning that all of the client’s playlists and purchased songs list was lost. Add to the fact that a full defrag had taken place, there was no way that I was going to be able to recover the files with an undelete utility. Bugger!
Luckily, I was able to rebuild the libarary by adding the moved files back into iTunes and then syncing the client’s iPhone and iPod with iTunes to recreate the playlists. Enven the purchased songs were playable though they were not showing up in their own little playlist. The client was happy with the results, I got his laptop up to normal speed and most importantly got skype running.
The moral of the story?
Do not delete everything from the iTunes folder if moving your music and always take a backup of the database first. Pretty common sense really, but even us IT guys slip up once in a while!

How to fix McAfee VirusScan Corporate update error.

McAfee Update Issue – Affecting corporate users world wide

McAfee released an Anti Virus update early morning on Wednesday 21st April that falsely detects a core windows file, svchost.exe as a virus. It then quarantines or deletes the file causing windows to become essentially useless.

This problem seems to be only affecting Windows XP SP3 machines at the moment.

Some of the symptoms of the affected PC’s are:

  • Loss of Task Bar and Start Menu
  • Unable to connect to the network or internet

This has been a major problem for many companies as the current fix, at least right now, requires each machine to be touched by IT, in person, to repair the bad update as well as the svchost.exe file. As can be imagined, when faced with automatic updates across a company of hundreds or thousands of users, an IT department quickly has a major headache on their hands.

This is adding to the frustration and is causing delays resolving the problem.

If you are struck with this problem, and feel confident enough, you can fix this problem yourself, taking the strain off of your IT department and also getting yourself back up and running again.

Please note: Although straight forward, you will be accessing windows system files and as such due care and caution are advised. Please read through this guide thouroghly before attempting to perform this fix. If at any stage you are unsure, seek professional advice.

This guide has been adapted from the official McAfee Document – False positive detection of w32/wecorl.a in 5958 DAT (for Corporate/Business users) – VirusScan Enterprise found at http://vil.nai.com/vil/5958_false.htm

To fix the problem

What you need:

  • A working PC with internet access
  • A usb stick/pendrive

Step 1 – Download

  1. Then download the Updated DAT file which is available from the McAfee Security Updates page at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise and save it to your USB Stick

Step 2 – Recovery

  1. Boot up the affected PC and insert the USB Stick
  2. Access Windows Task Manager by pressing Ctrl – Alt – Del on the keyboard
  3. From the File menu choose New Task (Run…)
  4. In the Create New Task box, Type explorer.exe and then press Enter
  5. This should bring up a windows explorer window that you can then use to navigate to the file system.
  6. Navigate to your USB Stick and double Click on the DAT update file that you downloaded earlier.
  7. Follow the instructions on screen to complete the update.
  8. Once complete, using the Windows Task Manager, once again from the File menu choose New Task (Run…)
  9. In the Create New Task box, Type “C:\program files\mcafee\virusscan enterprise\mcconsol.exe” /standalone and then press Enter
  10. This will bring up the management console for McAfee Virus Scan
  11. Double-click Quarantine Manager Policy, then click the Manager tab.
  12. Right-click the detection and select Restore.
  13. Restart your computer by using Windows Task Manager and from the file menu choosing Shutdown > Restart

That should get you up and running. If you are still having problems or would like someone else to do this for you, please get in touch

How to upgrade a Jailbroken iPhone 3Gs to 3.1.2

If your SHSH hashes for your iPhone have been logged to Cydia, you can upgrade your iPhone firmware to 3.1.2 with a bit of hacking.

Step 1

Check to make sure that your SHSH files are logged with Cydia

If this is the case, you are in luck and should be able to upgrade you iPhone.

Step 2

Download the iPhone 3.1.2 firmware from http://www.felixbruns.de/iPod/firmware/

Step 3

Edit your hosts file (usually located in C:\Windows\System32\drivers\etc\hosts) using notepad and add the following line to the bottom of the file.

74.208.105.171           gs.apple.com

This fools iTunes into pointing to the Cydia servers for the verification codes to confirm that the 3.1.2 firmware is allowed to be applied to your iPhone.

Step 4

Make sure your iPhone is fully charged (this reduces the risk of it turning off mid upgrade), plug it into your PC and fire up iTunes

Step 5

Once connected, in iTunes, click on your iPhone in the side bar Shift+Click on restore and browse to the 3.1.2 firmware that you downloaded.

Click OK and wait for iTunes to go through its motions.

Step 6

Once complete your iPhone will reboot and you will be given the option to restore your files and settings from a backup.

Choose your backup and then click continue.

iTunes will now restore your files and settings to your iPhone.

Make a cup of tea or something whilst waiting…

Step 7

Download your Jailbreak of choice. I use blackra1n – http://blackra1n.com/

Step 8

Jailbreak your iPhone following the instructions of the jailbreak program. For blackra1n, just launch the program and click “make it ra1n”

Job done!

Useful links:

iPhone Firmwares – http://www.felixbruns.de/iPod/firmware/

Blackra1n – http://blackra1n.com/

Pwnage Tool – http://blog.iphone-dev.org/

Youtube Video by tysiphonehelp for blackra1n – http://www.youtube.com/watch?v=u7DnqOS1njU

Exchange Activesync not working on WM6

I just had a problem where one of our user’s HTC tytn ii phones was refusing to sync with exchange over the mobile network. I conducted the usual action of veryfying the password but could not find the problem. So I googled for the error code 85010014 which came up with loads of articles about resetting outlook – but I wasn’t using outlook, I was using activesync.
Back on the device I checked to see if I could navigate to OWA in Internet explorer which pulled up an error 500 code. This made me think that it could be the Internet connection but everyone else was connecting fine.
The next step was to doable the hspda connection and connect the device to the internal wireless – still not syncing!
Could it be the user account? I removed the exchange account from the device and set up mine in it’s place to test my theory. Mine synced fine and I could even connect to OWA as well.
I set the users account back up and got the user to enter their password and straight away the device started syncing!

The moral of the story is – if exchange activesync is playing up, it only takes a few mins to delete the account and start again as opposed to troubleshooting less likely suspects. The error code produced is a ‘general error’ so use a ‘general’ fix to rectify it.

Some Windows VPN connections through ISA 2006 failing

Having successfully set up our company’s ISA 2006 Server, tested it from home and on a few mobile networks, I confidently distubuted the instructions to the staff of how to set up and gain acces to the VPN.

A few days later, I was sitting back and admiring my success, when i recieved a phone call from a user stating that they are connected to the VPN but cannot access our terminal server.

A bit confused, I asked the user to disconnect and then try again, walking me through what they were doing. The user was not doing anything wrong!

It’s connecting to the network but it cannot see the network.

An nslookup confirmed that the connecting device was trying to use their local broadband router as the primary name server – no wonder it cannot see the devices on our network!

I assumed that windows would change the binding order and place the VPN connection to the top of the list allowing it first choice for name resolution.

Aparrently i assumed wrong and it does not work like that!

After some research and googling, i found a solution to the problem in a form of the Microsoft KB311218 (http://support.microsoft.com/kb/311218) unfortunately the solution provided was not adequate for an end user and also ad to be used everytime the connection VPN was established. What i needed was a script that could do this on the fly and also some way of packaging it up in a user friendly way.

This lead me to Connection Manager Administration Kit (CMAK) which is something i was looking into for when I implemented IPsec, which was the next stage of the VPN rollout.

Basicly CMAK is a way for administrators to preconfigure VPN settings and package them up to a neat executable that end users can install without having to mess about with the settings. It also has the ability to run pre, post and disconnect scripts automatically making it ideal if I actually had the script to fix the problem.

I performed a search for CMAK scripts and KB311218. After a while I found an amazing script by Torgeir Bakken, a Microsift MVP in Scripting and WMI at http://www.ureader.com/message/89324.aspx it seemed to me that someone else was in the same boat as me back in 2005!

Here is the script:

Const HKLM = &H80000002

sComputer = “.”

Set oReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” _

& sComputer & “\root\default:StdRegProv”)

sKeyPath = “SYSTEM\CurrentControlSet\Services\Tcpip\Linkage”

sValueName = “Bind”

oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues

arValuesNew = Array()

For i = 0 To UBound(arValues)

If i = 0 Then

If LCase(arValues(i)) = “\device\ndiswanip” Then

‘ entry is alredy first in the list, no point in continuing

Exit For

Else

‘ put NdisWanIp in the first element in the new array

ReDim Preserve arValuesNew(0)

arValuesNew(0) = “\Device\NdisWanIp”

End If

End If

If LCase(arValues(i)) <> “\device\ndiswanip” Then

iCountNew = UBound(arValuesNew) + 1

ReDim Preserve arValuesNew(iCountNew)

arValuesNew(iCountNew) = arValues(i)

End If

Next

If UBound(arValuesNew) > -1 Then

oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew

End If

By running this script, the VPN connection is placed at the top of the list. Excellent! Now just package it up with the rest of the settings using the CMAK and you are good to go!

A bit more searching and I found a tutorial that explians everything, and even uses the script, with step by step guides.The title is a bit misleading but the content is sound.

I discovered it a bit late but i’m glad i worked things out for myself. However, in the future i will probably just refer to this article as it takes the guesswork out of things.

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html

Setting up WSS3 email support and recieving SMTP error: missing adsiisex.dll

The time has come to set up our Windows Sharepoint Services installation to receive emails. One of the first things that you need to do is install the SMTP service on the sharepooint server using add/remove windows components.

So you go through the motions:

  1. Click Start, Control Panel, Add or Remove Programs.
  2. Click the Add/Remove Windows Components button.
  3. Select the Application Server component and click Details.
  4. Select the Internet Information Services (IIS) component and click Details.
  5. Scroll down through the list and check the box next to SMTP Service, as shown in. Click OK, OK, and Next.

But instead of a nice and quick install you are presented with:

setup-cannot-copy-adsiisex.dll
setup-cannot-copy-adsiisex.dll

Setup cannot copy the file adsiiex.dll

No problem, just point the browser to your i386 folder on your win 2003 cd and all is well – Wrong! It’s not there!

You need to Extract the file from the cab file IMS.CAB and then point the browser to that file instead. The quickest way to do that is to fire up a command prompt and run the following command.

expand -F:* D:\I386\IMS.CAB C:\temp\ims

where D:\i386\IMS.CAB is the path to the CAB file and C:\temp\ims is a temp folder (which needs to exist before running the command)

This will solve your problem and allow you to complete your install of the SMTP Service

Edit Sharepoint sites for free!

A bit late but still worth a post, Microsoft has announced (in April 2009) that Microsoft SharePoint Designer 2007 is now free!
Go over to SharePoint Designer 2007 Download to get your free copy.

For those who don’t know much about SharePoint Designer, here is an excerpt from Microsoft:

Build solutions faster to enhance team productivity and efficiency

Use Office SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code.

  • Automate business processes such as document approval, custom event notification, and other collaboration tasks with the Workflow Designer.
  • Create reporting and tracking applications using data views and forms to easily gather and aggregate data from outside your site and from SharePoint lists and document libraries on the Web site.
  • Get started fast with pre-built Microsoft Windows SharePoint Services Application Templates, which are fully customizable and extensible using Office SharePoint Designer 2007.
  • Extend your solutions by building advanced interactive Microsoft ASP.NET pages. Insert and edit controls with the same powerful activity menus and control property grid previously found only in development tools such as Microsoft Visual Studio 2005.

Continue reading “Edit Sharepoint sites for free!”

Hard times and tightening budgets…

Money is tight, redundancies are possible and projects postponed.  Whilst budget cuts by some degree are inevitable, careful planning for the downturn will impact your business in a positive way.

Being forced to ‘do more with less’, forces you to look at problems in new ways and take an approach that you may not have looked at, wielding innovative results.

Often regarded as an area with high running costs, IT is likely to be one of those areas where businesses will look at in order to try and shave a few zeros off their overheads.

Faced with the prospect of reduced resources it can be daunting to cut back on IT, an area that integrates with the business on so many levels, but it is possible to cut back without cutting out.

Continue reading “Hard times and tightening budgets…”

Microsoft Distributed Transaction Coordinator Warning

Well I got a new error today other day on one of our domain controllers after doing a restart. A bit of a bug in Windows 2003 SP1 and easy enough to fix. The error is:

Event Type:    Warning
Event Source:    MSDTC
Event Category:    SVC
Event ID:    53258
Date:        05/01/2009
Time:        08:23:06
User:        N/A
Computer:    APOLLO
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Continue reading “Microsoft Distributed Transaction Coordinator Warning”