Some Windows VPN connections through ISA 2006 failing

Having successfully set up our company’s ISA 2006 Server, tested it from home and on a few mobile networks, I confidently distubuted the instructions to the staff of how to set up and gain acces to the VPN.

A few days later, I was sitting back and admiring my success, when i recieved a phone call from a user stating that they are connected to the VPN but cannot access our terminal server.

A bit confused, I asked the user to disconnect and then try again, walking me through what they were doing. The user was not doing anything wrong!

It’s connecting to the network but it cannot see the network.

An nslookup confirmed that the connecting device was trying to use their local broadband router as the primary name server – no wonder it cannot see the devices on our network!

I assumed that windows would change the binding order and place the VPN connection to the top of the list allowing it first choice for name resolution.

Aparrently i assumed wrong and it does not work like that!

After some research and googling, i found a solution to the problem in a form of the Microsoft KB311218 (http://support.microsoft.com/kb/311218) unfortunately the solution provided was not adequate for an end user and also ad to be used everytime the connection VPN was established. What i needed was a script that could do this on the fly and also some way of packaging it up in a user friendly way.

This lead me to Connection Manager Administration Kit (CMAK) which is something i was looking into for when I implemented IPsec, which was the next stage of the VPN rollout.

Basicly CMAK is a way for administrators to preconfigure VPN settings and package them up to a neat executable that end users can install without having to mess about with the settings. It also has the ability to run pre, post and disconnect scripts automatically making it ideal if I actually had the script to fix the problem.

I performed a search for CMAK scripts and KB311218. After a while I found an amazing script by Torgeir Bakken, a Microsift MVP in Scripting and WMI at http://www.ureader.com/message/89324.aspx it seemed to me that someone else was in the same boat as me back in 2005!

Here is the script:

Const HKLM = &H80000002

sComputer = “.”

Set oReg = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\” _

& sComputer & “\root\default:StdRegProv”)

sKeyPath = “SYSTEM\CurrentControlSet\Services\Tcpip\Linkage”

sValueName = “Bind”

oReg.GetMultiStringValue HKLM, sKeyPath, sValueName, arValues

arValuesNew = Array()

For i = 0 To UBound(arValues)

If i = 0 Then

If LCase(arValues(i)) = “\device\ndiswanip” Then

‘ entry is alredy first in the list, no point in continuing

Exit For

Else

‘ put NdisWanIp in the first element in the new array

ReDim Preserve arValuesNew(0)

arValuesNew(0) = “\Device\NdisWanIp”

End If

End If

If LCase(arValues(i)) <> “\device\ndiswanip” Then

iCountNew = UBound(arValuesNew) + 1

ReDim Preserve arValuesNew(iCountNew)

arValuesNew(iCountNew) = arValues(i)

End If

Next

If UBound(arValuesNew) > -1 Then

oReg.SetMultiStringValue HKLM, sKeyPath, sValueName, arValuesNew

End If

By running this script, the VPN connection is placed at the top of the list. Excellent! Now just package it up with the rest of the settings using the CMAK and you are good to go!

A bit more searching and I found a tutorial that explians everything, and even uses the script, with step by step guides.The title is a bit misleading but the content is sound.

I discovered it a bit late but i’m glad i worked things out for myself. However, in the future i will probably just refer to this article as it takes the guesswork out of things.

http://www.isaserver.org/tutorials/work-around-VPN-clients-split-DNS.html

Setting up WSS3 email support and recieving SMTP error: missing adsiisex.dll

The time has come to set up our Windows Sharepoint Services installation to receive emails. One of the first things that you need to do is install the SMTP service on the sharepooint server using add/remove windows components.

So you go through the motions:

  1. Click Start, Control Panel, Add or Remove Programs.
  2. Click the Add/Remove Windows Components button.
  3. Select the Application Server component and click Details.
  4. Select the Internet Information Services (IIS) component and click Details.
  5. Scroll down through the list and check the box next to SMTP Service, as shown in. Click OK, OK, and Next.

But instead of a nice and quick install you are presented with:

setup-cannot-copy-adsiisex.dll
setup-cannot-copy-adsiisex.dll

Setup cannot copy the file adsiiex.dll

No problem, just point the browser to your i386 folder on your win 2003 cd and all is well – Wrong! It’s not there!

You need to Extract the file from the cab file IMS.CAB and then point the browser to that file instead. The quickest way to do that is to fire up a command prompt and run the following command.

expand -F:* D:\I386\IMS.CAB C:\temp\ims

where D:\i386\IMS.CAB is the path to the CAB file and C:\temp\ims is a temp folder (which needs to exist before running the command)

This will solve your problem and allow you to complete your install of the SMTP Service

Increasing your site exposure through WordPress Ping Lists

There is no use writing great content if no one knows that it is published. One way of increasing your wordpress site’s exposure is to edit the ping list.

When you publish a post in wordpress, it has the ability to send out a notification to multiple websites designed to track and aggregate posts.The sites that it notifies are stored in the Ping List

By default wordpress has only one entry in the list: http://rpc.pingomatic.com/ which means that you are only notifying one site of your update.

The theory is that by adding to the list you can notify more sites and thus increase your chances of exposure.

A bit of research and i came across a post on  Vladimir Prelovac Site that has a decent list:

http://api.moreover.com/RPC2
http://bblog.com/ping.php
http://blogsearch.google.com/ping/RPC2
http://ping.weblogalot.com/rpc.php
http://ping.feedburner.com
http://ping.syndic8.com/xmlrpc.php
http://ping.bloggers.jp/rpc/
http://rpc.pingomatic.com/
http://rpc.weblogs.com/RPC2
http://rpc.technorati.com/rpc/ping
http://topicexchange.com/RPC2
http://www.blogpeople.net/servlet/weblogUpdates
http://xping.pubsub.com/ping

To use this list you need to log into your wordpress admin panel, go to Settings > Writing and then scroll down to Update Services. Copy and paste the list into the box and then click Save Changes

There are more extensive lists out there and i recommend tweaking this list based on the content of your site, however tempting what you don’t want to do is drop a massive list into there as no one likes a spammer and quality is always better than quanitiy!

Edit Sharepoint sites for free!

A bit late but still worth a post, Microsoft has announced (in April 2009) that Microsoft SharePoint Designer 2007 is now free!
Go over to SharePoint Designer 2007 Download to get your free copy.

For those who don’t know much about SharePoint Designer, here is an excerpt from Microsoft:

Build solutions faster to enhance team productivity and efficiency

Use Office SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code.

  • Automate business processes such as document approval, custom event notification, and other collaboration tasks with the Workflow Designer.
  • Create reporting and tracking applications using data views and forms to easily gather and aggregate data from outside your site and from SharePoint lists and document libraries on the Web site.
  • Get started fast with pre-built Microsoft Windows SharePoint Services Application Templates, which are fully customizable and extensible using Office SharePoint Designer 2007.
  • Extend your solutions by building advanced interactive Microsoft ASP.NET pages. Insert and edit controls with the same powerful activity menus and control property grid previously found only in development tools such as Microsoft Visual Studio 2005.

Continue reading “Edit Sharepoint sites for free!”

Hard times and tightening budgets…

Money is tight, redundancies are possible and projects postponed.  Whilst budget cuts by some degree are inevitable, careful planning for the downturn will impact your business in a positive way.

Being forced to ‘do more with less’, forces you to look at problems in new ways and take an approach that you may not have looked at, wielding innovative results.

Often regarded as an area with high running costs, IT is likely to be one of those areas where businesses will look at in order to try and shave a few zeros off their overheads.

Faced with the prospect of reduced resources it can be daunting to cut back on IT, an area that integrates with the business on so many levels, but it is possible to cut back without cutting out.

Continue reading “Hard times and tightening budgets…”

Microsoft Distributed Transaction Coordinator Warning

Well I got a new error today other day on one of our domain controllers after doing a restart. A bit of a bug in Windows 2003 SP1 and easy enough to fix. The error is:

Event Type:    Warning
Event Source:    MSDTC
Event Category:    SVC
Event ID:    53258
Date:        05/01/2009
Time:        08:23:06
User:        N/A
Computer:    APOLLO
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Continue reading “Microsoft Distributed Transaction Coordinator Warning”

Investigating! See, I have these feet…

“I’m telling you about my feet! My investigating feet.”

Feet in the sense that i have just installed ubuntu on my laptop which comes pre configured with gnome which has a footprint as it’s logo – yes very loose link but i felt the need to reference red dwarf and it’s my blog so i will do as i please :p

Although my feet (sorry – laptop) is not my primary machine, it is my most used machine for general surfing of the interwebs and word processing, mainly due to the ease of working anywhere around the house etc. Its the kind of pickup and go element that makes it so handy.

Continue reading “Investigating! See, I have these feet…”

Outlook failed to start correctly last time. – and it goes on forever!!

I had this problem a about half a year ago where Outlook 2003 on terminal server would come up with a safe mode message for every user everytime they started it. At the time i solved the problem however a few weeks ago it came back and I couldn’t for the life of me remember how to fix it.

One of the uses of my blog is to document any bits of obscure IT related problems and their solutions so that if they happen to me again in the future i can just look up the solution without having to trawl google and waste time sifting through all the crap. Kinda like an IT helpdesk knowledgebase but for me.

So here goes:

When using Outlook 2003 on a Windows 2000 terminal server, you may receive the following error:

Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

No matter what you click Outlook opens – Yay.

No! The next time you launch Outlook you get the prompt again. And so on….

This is because when Outlook 2003 crashes or fails to load, the program generates this error message when you restart it. Safe Mode is a special operating mode that disables several of Outlook’s features but at least lets the program load so you can see existing emails and access other elements of the software.

What is happening here is that the program is not clearing the entry in the computer’s registry so it continues to display the error message.

To fix the problem you need to go into the registry on the server and do a search for “Resiliency” there will be quite a few entries (dependant on the number of terminal server users), you need to delete every entry that referrs to Outlook it should be something along the lines of:

HKLM\Software\Microsoft\Windows NT\Current Version\Terminal Server\Install\Software\Microsoft\Office\11.0\Outlook\Resiliency

and

HK_USERS\S-x-xxxx….\…..\Software\Microsoft\Office\11.0\Outlook\Resiliency

Once these keys have been deleted the message should go away.

Google Chrome – Google joins the browser race

Google have joined the web browser race by releasing the beta of their upcoming web browser today: Google Chrome.

Based on open source technology, the browser brings in some new ideas to offer increased robustness and speed such as a task manager for the browser so that you can monitor what sites are hogging your bandwidth, spawing a new independent process for each tab reducing memory problems and browser hangs and a completely rewritten javascript virtual machine that complies code instead of interpreting it.

I will definately be downloading a copy to try out, who knows it may actually live up to it’s claims!

the Google comic detailing the features can be found here: http://www.google.com/googlebooks/chrome/

Terminal Server protocol error

Sometimes we have a problem with Windows Update and Terminal server that messes with the protocol causing the following error:

The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

To fix this simply do the following:

  1. On the client, navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.
  2. Click MSLicensing.
  3. On the Registry menu, click Export Registry File.
  4. In the File name box, type mslicensingbackup, and then click Save.
  5. If you need to restore this registry key in the future, double-click mslicensingbackup.reg.
  6. On the Edit menu, click Delete, and then click Yes to confirm the deletion of the MSLicensing registry subkey.
  7. Close Registry Editor, and then restart the computer.

When the client is restarted, the missing registry key is rebuilt.