System Center Config Manager 2012 R2 Error 0x80004005 when loading task sequence on Surface Pro 3

Windows Command Prompt time and date commands
Windows Command Prompt time and date commands

This is an interesting one that i came across recently whilst trying to deploy an image to a brand new Microsoft Surface Pro 3.

I had two sitting on the bench ready to deploy our stock Windows 8.1 image. The first Surface PXE booted fine and jumped straight into the task sequence as normal however the second one came up with an error 0x80004005 when trying to look for the task sequences.

I knew that it wasn’t the image as surface numberone was working fine. I checked all of the usual things, replaced the ethernet cable etc and after a few reboots, I still had the same error.

After a little digging I found the solution.

The time in the UEFI BIOS was wrong.

The problem is that there is no option to change the time in the UEFI BIOS so you must change it using the PE environment instead:

  1. Make sure that your boot image has command support enabled.
  2. Boot into the Config Manager image.
  3. Before proceeding any further, press the F8 key (Fn + F8).
  4. At the command prompt type the ‘time’ command to change the current time.
  5. Next type the ‘date’ command and enter the correct date following the format for the locale of the PE.
  6. Verify that it has applied by typing

    time /t’

    and then

    date /t

  7. Close the command prompt and continue with your build.

 

Automate Windows 7 Enterprise Activation via ConfigMgr SCCM 2012

sccm

Recently we have been seeing more of our Windows 7 Enterprise Builds needing manual activation against our Enterprise KMS.

The manual process is to set the KMS server and then activate once booted into Windows using the following two commands:

slmgr /skms yourKMSserver.domain.com
slmgr /ato

Adding these two entries into our SCCM task sequence seems to work in principal but there is no silent switch resulting in a confirmation popup .

The solution to this is to use cscript.

In SCCM ConfigMgr, I created a new group in the Task Sequence called “Activate Windows” and added two Run Command line tasks underneath it.

The first task named “Set KMS” with the command line task of:

cscript c:\\windows\\system32\\slmgr.vbs /skms yourKMSserver.domain.com

The second named “Activate against KMS” with the command line task of:

cscript c:\\windows\\system32\\slmgr.vbs /ato

For more info about slmgr.vbs please see http://technet.microsoft.com/en-us/library/dn502540.aspx

SBS 2011 OWA Page Not Responding

When trying to access outlook web access on SBS 2011 by going to https://yourserver/owa.  You see the login prompt but after entering your credentials, you are faced with a blank page with https://yourserver/owa/auth.owa in the address bar.

Microsoft-Small-Business-Server-Logo-L

This is normally due to the Forms based authentication service not running. Sometimes it fails to start when a PC restarts.

To resolve the issue:

  1. Open Services
  2. Start the Microsoft Exchange Forms-Based Authentication Service

Job Done!

How to fix the “Could not connect to Group Policy Client service” Error

Recently a few of our Windows Vista machines have experienced a problem after removing Script Logic Desktop Authority from them, causing non-admin users to not be able to log into the machine.

GP-Client-service-error-large

The message that appears is
“Could not connect to Group Policy Client service. Please consult your system administrator.”
but strangely sometimes manifests as
“Windows could not connect to the system event notification service . Please consult your system administrator.”

After seeing this message, a normal user is dropped back to the Ctrl-Alt-Del logon screen.

This is how you can solve the problem if you are experiencing a similar problem

1. Log on to the machine as administrator
2. click start and into the search box type “Event Viewer” and press enter
3. Look in the Windows Logs under System for any Warnings or Errors. The error message will be something like Windows cannot process Group Policy Client Side Extension (Daci). Exception (in my case it was daci which is part of the script logic desktop authority program)
4. On the details tab, take a note of the GUID for the faulty client side extension
5. click start and into the search box type “regedit” and press enter
6. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions and then click on the string that represents your faulty GP Extension.
7. click on the file menu and choose export and save a backup of the file.
8. Once the registry is backed up you can delete the folder that corresponds to the GUID
9. Do a restart and log on as a normal user.

Problem solved!

How to fix McAfee VirusScan Corporate update error.

McAfee Update Issue – Affecting corporate users world wide

McAfee released an Anti Virus update early morning on Wednesday 21st April that falsely detects a core windows file, svchost.exe as a virus. It then quarantines or deletes the file causing windows to become essentially useless.

This problem seems to be only affecting Windows XP SP3 machines at the moment.

Some of the symptoms of the affected PC’s are:

  • Loss of Task Bar and Start Menu
  • Unable to connect to the network or internet

This has been a major problem for many companies as the current fix, at least right now, requires each machine to be touched by IT, in person, to repair the bad update as well as the svchost.exe file. As can be imagined, when faced with automatic updates across a company of hundreds or thousands of users, an IT department quickly has a major headache on their hands.

This is adding to the frustration and is causing delays resolving the problem.

If you are struck with this problem, and feel confident enough, you can fix this problem yourself, taking the strain off of your IT department and also getting yourself back up and running again.

Please note: Although straight forward, you will be accessing windows system files and as such due care and caution are advised. Please read through this guide thouroghly before attempting to perform this fix. If at any stage you are unsure, seek professional advice.

This guide has been adapted from the official McAfee Document – False positive detection of w32/wecorl.a in 5958 DAT (for Corporate/Business users) – VirusScan Enterprise found at http://vil.nai.com/vil/5958_false.htm

To fix the problem

What you need:

  • A working PC with internet access
  • A usb stick/pendrive

Step 1 – Download

  1. Then download the Updated DAT file which is available from the McAfee Security Updates page at: http://www.mcafee.com/apps/downloads/security_updates/dat.asp?region=us&segment=enterprise and save it to your USB Stick

Step 2 – Recovery

  1. Boot up the affected PC and insert the USB Stick
  2. Access Windows Task Manager by pressing Ctrl – Alt – Del on the keyboard
  3. From the File menu choose New Task (Run…)
  4. In the Create New Task box, Type explorer.exe and then press Enter
  5. This should bring up a windows explorer window that you can then use to navigate to the file system.
  6. Navigate to your USB Stick and double Click on the DAT update file that you downloaded earlier.
  7. Follow the instructions on screen to complete the update.
  8. Once complete, using the Windows Task Manager, once again from the File menu choose New Task (Run…)
  9. In the Create New Task box, Type “C:\program files\mcafee\virusscan enterprise\mcconsol.exe” /standalone and then press Enter
  10. This will bring up the management console for McAfee Virus Scan
  11. Double-click Quarantine Manager Policy, then click the Manager tab.
  12. Right-click the detection and select Restore.
  13. Restart your computer by using Windows Task Manager and from the file menu choosing Shutdown > Restart

That should get you up and running. If you are still having problems or would like someone else to do this for you, please get in touch

Setting up WSS3 email support and recieving SMTP error: missing adsiisex.dll

The time has come to set up our Windows Sharepoint Services installation to receive emails. One of the first things that you need to do is install the SMTP service on the sharepooint server using add/remove windows components.

So you go through the motions:

  1. Click Start, Control Panel, Add or Remove Programs.
  2. Click the Add/Remove Windows Components button.
  3. Select the Application Server component and click Details.
  4. Select the Internet Information Services (IIS) component and click Details.
  5. Scroll down through the list and check the box next to SMTP Service, as shown in. Click OK, OK, and Next.

But instead of a nice and quick install you are presented with:

setup-cannot-copy-adsiisex.dll
setup-cannot-copy-adsiisex.dll

Setup cannot copy the file adsiiex.dll

No problem, just point the browser to your i386 folder on your win 2003 cd and all is well – Wrong! It’s not there!

You need to Extract the file from the cab file IMS.CAB and then point the browser to that file instead. The quickest way to do that is to fire up a command prompt and run the following command.

expand -F:* D:\I386\IMS.CAB C:\temp\ims

where D:\i386\IMS.CAB is the path to the CAB file and C:\temp\ims is a temp folder (which needs to exist before running the command)

This will solve your problem and allow you to complete your install of the SMTP Service

Edit Sharepoint sites for free!

A bit late but still worth a post, Microsoft has announced (in April 2009) that Microsoft SharePoint Designer 2007 is now free!
Go over to SharePoint Designer 2007 Download to get your free copy.

For those who don’t know much about SharePoint Designer, here is an excerpt from Microsoft:

Build solutions faster to enhance team productivity and efficiency

Use Office SharePoint Designer 2007 to create and deploy interactive solutions on the SharePoint platform, without having to write code.

  • Automate business processes such as document approval, custom event notification, and other collaboration tasks with the Workflow Designer.
  • Create reporting and tracking applications using data views and forms to easily gather and aggregate data from outside your site and from SharePoint lists and document libraries on the Web site.
  • Get started fast with pre-built Microsoft Windows SharePoint Services Application Templates, which are fully customizable and extensible using Office SharePoint Designer 2007.
  • Extend your solutions by building advanced interactive Microsoft ASP.NET pages. Insert and edit controls with the same powerful activity menus and control property grid previously found only in development tools such as Microsoft Visual Studio 2005.

Continue reading “Edit Sharepoint sites for free!”

Microsoft Distributed Transaction Coordinator Warning

Well I got a new error today other day on one of our domain controllers after doing a restart. A bit of a bug in Windows 2003 SP1 and easy enough to fix. The error is:

Event Type:    Warning
Event Source:    MSDTC
Event Category:    SVC
Event ID:    53258
Date:        05/01/2009
Time:        08:23:06
User:        N/A
Computer:    APOLLO
Description:
MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Continue reading “Microsoft Distributed Transaction Coordinator Warning”

Outlook failed to start correctly last time. – and it goes on forever!!

I had this problem a about half a year ago where Outlook 2003 on terminal server would come up with a safe mode message for every user everytime they started it. At the time i solved the problem however a few weeks ago it came back and I couldn’t for the life of me remember how to fix it.

One of the uses of my blog is to document any bits of obscure IT related problems and their solutions so that if they happen to me again in the future i can just look up the solution without having to trawl google and waste time sifting through all the crap. Kinda like an IT helpdesk knowledgebase but for me.

So here goes:

When using Outlook 2003 on a Windows 2000 terminal server, you may receive the following error:

Outlook failed to start correctly last time. Starting Outlook in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Outlook in safe mode?

No matter what you click Outlook opens – Yay.

No! The next time you launch Outlook you get the prompt again. And so on….

This is because when Outlook 2003 crashes or fails to load, the program generates this error message when you restart it. Safe Mode is a special operating mode that disables several of Outlook’s features but at least lets the program load so you can see existing emails and access other elements of the software.

What is happening here is that the program is not clearing the entry in the computer’s registry so it continues to display the error message.

To fix the problem you need to go into the registry on the server and do a search for “Resiliency” there will be quite a few entries (dependant on the number of terminal server users), you need to delete every entry that referrs to Outlook it should be something along the lines of:

HKLM\Software\Microsoft\Windows NT\Current Version\Terminal Server\Install\Software\Microsoft\Office\11.0\Outlook\Resiliency

and

HK_USERS\S-x-xxxx….\…..\Software\Microsoft\Office\11.0\Outlook\Resiliency

Once these keys have been deleted the message should go away.

Terminal Server protocol error

Sometimes we have a problem with Windows Update and Terminal server that messes with the protocol causing the following error:

The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.

To fix this simply do the following:

  1. On the client, navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.
  2. Click MSLicensing.
  3. On the Registry menu, click Export Registry File.
  4. In the File name box, type mslicensingbackup, and then click Save.
  5. If you need to restore this registry key in the future, double-click mslicensingbackup.reg.
  6. On the Edit menu, click Delete, and then click Yes to confirm the deletion of the MSLicensing registry subkey.
  7. Close Registry Editor, and then restart the computer.

When the client is restarted, the missing registry key is rebuilt.