Memorise

Outlook on a Mac Keeps asking for password

I have deleted/repaired keychain but nothing has worked.

It does save password for a few hours, but then forgets it.

For Exchange I had this problem and a few others – this is how I fixed it:

Take a note of exchange server settings in Outlook->Preference, select the account click advance.

Locate your account setup file here: ~/Library/Group Containers/xxxx.Office/Outlook/Outlook 15 Profiles/Main Profile/Data/Exchange Accounts/xx/
(the file will not have any extension)

Delete the file, then go back to outlook and type the exchange server setting. This worked for me.

How do you locate my account set up file? who may not be familiar with macs, this is what you do:

  1. Open outlook
  2. Change the server
  3. Quit outlook (as the auto discover can work at any time and you may lock the file in the wrong state)
  4. Click on Spotlight Search the hour glass in the top right hand corner
  5. Type in ~/Library/Group Containers/
  6. Go through the directories until you come to the last folder indicated above.
  7. The file will not have an extension but will end in “ExchangeAccount”
  8. Right click on the file
  9. Select “get Info”
  10. check the “Locked” box
  11. Open outlook

If you are prompted for a password, even though you know it is there and correct, maybe insert the server without the “https://” proceeding it, then repeat the steps above.


RSOP – Invalid Name Space

RSOP – Invalid Name Space

Recently had an issue where an entire site was not downloading domain policies. After a thorough search and different attempts to fix the issue below batch file fixed the issue:

Windows Management Instrumentation fails due to receiving an event or error concerning missing or failure to load WMI Provider, or Invalid WMI class, or WMI Invalid Namespace.

Below are some common errors indicating issues with a WMI Provider or Class:

  • Failed to initialize all required WMI classes
  • Win32_processor: WMI: Invalid namespace
  • Win32_WMISetting: WMI: Invalid namespace
  • Win32_OperatingSystem: WMI: Invalid namespace
  • WBEM_E_NOT_FOUND 0x80041002
  • WBEM_E_PROVIDER_FAILURE 0x80041004
  • WBEM_E_INVALID_NAMESPACE 0x8004100E
  • WBEM_E_INVALID_CLASS 0x80041010
  • WBEM_E_PROVIDER_NOT_FOUND 0x80041011
  • WBEM_E_INVALID_PROVIDER_REGISTRATION 0x80041012
  • WBEM_E_PROVIDER_LOAD_FAILURE    0x80041013

Scenario 1: WMI Invalid Namespace

First we want to take any scripts or programs out of the equation by using local built in tools. The two most common tools used to check wmi functionality is the WMI console (winmgmt.msc) and Wbemtest (Windows Management Instrumentation Tester).

Ensure the Namespace in question actually exist and functional.

  1. Go to start-run and type in wmimgmt.msc
  2. Right click on Local Wmi Control (Local)and select properties
  3. On the general tab, if there is any failures noted on that box, that indicates a core WMI issue and most likely with the Cimv2namespace.
  4. Click on the Security tab and expand Root folder. This is where you will see all of the namespace listed for WMI
  5. Find the namespace referenced in the error message you are getting
  6. If you find the namespace is missing, do the following,

7. Go to start-run and type in wbemtest

8. Click on the “Connect Button

9. In the Namespace Box type in the path to the namespace for which getting invalid namespace error for. This path would have the same look and feel of a Windows Directory, so just as you see the structure in wmimgmt.msc console on the Securitytab, so is how you will type in path

Examples:

RootCimv2
RootMscluster
RootRSOPComputer

10. Click on the “Connect” button

11. Now all of the buttons should no longer be greyed out on the main wbemtest console page. Click on the “Enum Classes” button

12. Leave “Enter Superclass Name” blank and select “Recursive” then click OK. If you don’t get any error messages then you can access the name successfully without issue using built in Windows Management Instrumentation Tester

13. To test further, let’s see if we can access some classes.

make the following into a batch file

net stop winmgmt
pause
c:
cd c:\windows\system32\wbem
rd /S /Q repository
regsvr32 /s %systemroot%\system32\scecli.dll
regsvr32 /s %systemroot%\system32\userenv.dll
mofcomp cimwin32.mof
mofcomp cimwin32.mfl
mofcomp rsop.mof
mofcomp rsop.mflfor /f %%s in (‘dir /b /s *.dll’) do regsvr32 /s %%s
for /f %%s in (‘dir /b *.mof’) do mofcomp %%s
for /f %%s in (‘dir /b *.mfl’) do mofcomp %%smofcomp exwmi.mof
mofcomp -n:root\cimv2\applications\exchange wbemcons.mof
mofcomp -n:root\cimv2\applications\exchange smtpcons.mof

mofcomp exmgmt.mof

After running this re-run the GPUPDATE /force


Transfer Files Between Physical and Virtual Host on Hyper-V

Hyper-V users, there isn’t an easy way like what VMware is offering, however the following 5 ways should solve your problems.

Network File Sharing – Share files on a network like you usually do… 

1. On the virtual machine, create a folder on Desktop or any directory you preferred and give it a name.
2. Right click folder and select “Properties”
3. Select “Sharing” tab and click “Advanced Sharing…”
4. Tick “Share this folder” and select “Permissions”.
5. Give “Everyone” permissions like it shown on below picture.

6. Select OK to finish the sharing process.
7. Now what you need to do is, go back to your physical machine and access the shared folder by typing the “\computernameshared folder”.
8. Once you are on it and simply copy files over to the shared drive and it will start appearing on the virtual machine’s shared folder.

Remote Desktop map drive

1. Enable the Remote Desktop service on the virtual machine Server 2012 or other Windows OS, just make sure the Remote Desktop Service it is enabled so it can accept the service from client machine.
2. On Windows Server 2012 R2 to enabled Remote Desktop Service, go to “Server Manager” -> select “Local Server” from the left hand side menu.

3. Enable Remote Desktop by click on it, select “Allow remote connections to this computer” and un-tick the Recommended setting.

4. Now restart the virtual machine Server 2012.
5. Once the virtual machine Server 2012 is back and running, connect to the VM Server 2012 using Remote Desktop Connection.

6. On Remote Desktop Connection windows click “Local Resources”, under “Local devices and resources” tab click on “More”, expand “Drives” list and tick the drive you wanted to map.

7. Click OK and connect! Now see what you have on “My computer”!

8. Drag any files to the local drive on your PC and those files will appear on the Cloud VM server mapped drive.

Hyper-V USB offline

1. Make sure you have plugged the USB drive you are going to use to the computer.
2. Go to Start-> Control Panel -> Administrative Tools -> Computer Management
3. Select “Disk Management” from the left hand side menu
4. Right click the USB Drive and select “Offline”

 

5. Go to Hyper-V Manager and shutdown the running virtual machine
6. Right click the virtual machine and select “Settings”.
7. Select “SCSI Controller” and click “Add” a hard drive

8. Now select “Physical hard disk:” the USB drive you have just took offline on Disk Management.

 

9. Click “Apply” and OK to finish.
10. Start up the virtual machine and you should have the USB drive appeared on “My Computer”.


Migrating The Active Directory Certificate Service From Windows Server 2003 to 2012 R2

As you may be aware, support for both Windows Server 2003 and 2003 R2 is coming to end on July 14th 2015. With this in mind, IT professionals are in midst of planning migration. This guide will provide steps on migrating AD CS from Windows Server 2003 to Windows Server 2012 R2.

In this demonstration I am using following setup.

Server Name Operating System Server Roles
canitpro-casrv.canitpro.local Windows Server 2003 R2 Enterprise x86 AD CS ( Enterprise Certificate Authority )
CANITPRO-DC2K12.canitpro.local Windows Server 2012 R2 x64

Step 1: Backup Windows Server 2003 certificate authority database and its configuration

1. Log in to Windows 2003 Server as member of local administrator group

2. Go to Start > Administrative Tools > Certificate Authority

clip_image002

3. Right Click on Server Node > All Tasks > Backup CA

clip_image004

4. Then it will open the “Certification Authority Backup Wizard” and click “Next” to continue

clip_image006

5. In next window click on check boxes to select options as highlighted and click on “Browse” to provide the backup file path location where it will save the backup file. Then click on “Next” to continue

clip_image008

6. Then it will ask to provide a password to protect private key and CA certificate file. Once provided the password click on next to continue

clip_image010

7. In next window it will provide the confirmation and click on “Finish” to complete the process

Step 2: Backup CA Registry Settings

1. Click Start > Run and then type regedit and click “Ok”

clip_image012

2. Then expand the key in following pathHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesCertSvc

3. Right click on “Configuration” key and click on “Export”

clip_image014

4. In next window select the path you need to save the backup file and provide a name for it. Then click on save to complete the backup

clip_image016

Now we have the backup of the CA and move these files to the new windows 2012 R2 server.

clip_image018

Step 3: Uninstall CA Service from Windows Server 2003

Now we have the backup files ready and before configure certificate services in new Windows Server 2012 r2, we can uninstall the CA services from windows 2003 server. To do that need to follow following steps.

1. Click on Start > Control Panel > Add or Remove Programs
clip_image020

2. Then click on “Add/Remove Windows Components” button
clip_image022

3. In next window remove the tick in “Certificate Services” and click on next to continue
clip_image024

4. Once its completed the process it will give the confirmation and click on “Finish”
clip_image026

With it we done with Windows Server 2003 CA services and next step to get the Windows Server 2012 CA services install and configure.

Step 4: Install Windows Server 2012 R2 Certificate Services

1. Log in to Windows Server 2012 as Domain Administrator or member of local administrator group

2. Go to Server Manager > Add roles and features
clip_image028

3. It will open up “Add roles and feature” wizard and click on next to continue
clip_image030

4. Then next window select “Role-based or Feature-based installation” and click next to continue
clip_image032

5. From the server selections keep the default selection and click on next to continue
clip_image034

6. In next window click on tick box to select “Active Directory Certificate Services” and it will pop up with window to acknowledge about required features need to be added. Click on add features to add them
clip_image036clip_image038

7. Then in features section will let it run with default. Click next to continue
clip_image040

8. In next window, it will give brief description about AD CS. Click next to continue
clip_image042

9. Then it will give option to select roles services. I have selected Certificate Authority and Certification Authority Web Enrollment. Click next to continue
clip_image044

10. Since Certification Authority Web Enrollment selected it will required IIS. So next window it will give brief description about IIS
clip_image046

11. Then in next window it gives option to add IIS role services. I will leave it default and click next to continue
clip_image048

12. Next window will give confirmation about service install and click on “Install” to start the installation process
clip_image050

13. Once installation completes you can close the wizard.

Step 5: Configure AD CS

In this step will look in to configuration and restoring the backup we created.

1. Log in to server as Enterprise Administrator

2. Go to Server Manager > AD CS
clip_image052

3. In right hand panel it will show message as following screenshot and click on “More”
clip_image054

4. It will open up window and click on “Configure Active Directory Certificate Service ……”
clip_image056

5. It will open role configuration wizard, it gives option to change the credential, in here I already log in as Enterprise administrator so I will leave the default and click next to continue
clip_image058

6. In next window it asking which service you like to configure. Select “Certification Authority”, “Certification Authority Web Enrollment” options and click next to continue
clip_image060

7. It will be Enterprise CA so in next window select the Enterprise CA as the setup type and click next to continue
clip_image062

8. Next window select “Root CA” as the CA type and click next to continue
clip_image064

9. The next option is very important on the configuration. If its new installation we will only need to create new private key. But since it’s a migration process we already made a backup of private key. So in here select the options as highlighted in screenshot. Then click on next to continue
clip_image066

10. In next window click on “Import” button
clip_image068

11. In here it will give option to select the key we backup during the backup process from windows 2003 server. Brows and select the key from the backup we made and provide the password we used for protection. Then click ok
clip_image070

12. Then it will import the key successfully and in window select the imported certificate and click next to continue
clip_image072

13. Next window we can define certificate database path. In here I will leave it default and click next to continue
clip_image074

14. Then in next window it will provide the configuration confirmation and click on configure to proceed with the process
clip_image076

15. Once its completed click on close to exit from the configuration wizard

Step 6: Restore CA Backup

Now it’s comes to the most important part of the process which is to restore the CA backup we made from Windows Server 2003.

1. Go To Server Manager > Tools > Certification Authority
clip_image078

2. Then right click on server node > All Tasks > Restore CA
clip_image080

3. Then it will ask if it’s okay to stop the certificate service in order to proceed. Click ok
clip_image082

4. It will open up Certification Authority Restore Wizard, click next to continue
clip_image084

5. In next window brows the folder where we stored backup and select it. Then also select the options as I did in below. Later click next to continue
clip_image086

6. Next window give option to enter the password we used to protect private key during the backup process. Once its enter click next to continue
clip_image088

7. In next window click “Finish” to complete the import process
clip_image090

8. Once its completed system will ask if it’s okay to start the certificate service again. Please proceed with it to bring service back online

Step 7: Restore Registry info

During the CA backup process we also backup registry key. It’s time to restore it. To do it open the folder which contains the backup reg key. Then double click on the key.

1. Then click yes to proceed with registry key restore
clip_image092

2. Once completed it will give confirmation about the restore
clip_image094

Step 8: Reissue Certificate Templates

We have done with the migration process and now it’s time to reissue the certificates. I had template setup in windows 2003 environment called “PC Certificate” which will issue the certificates to the domain computers. Let’s see how I can reissue them.

1. Open the Certification Authority Snap-in

2. Right click on Certificate Templates Folder > New > Certificate Template to Reissue
clip_image096

3. From the certificate templates list click on the appropriate certificate template and click ok
clip_image098

Step 9: Test the CA

In here I already had certificate template setup for the PC and set it to auto enroll. For the testing purposes I have setup windows 8 pc called demo1 and added it to canitpro.local domain. Once it’s loaded first time in server I open certification authority snap in and once I expanded the “Issued Certificate” section I can clearly see the new certificate it issued for the PC.

clip_image100

So this confirms the migration is successful.


Outlook 2016 autodiscover broken, but works for 2013 and 2007

If you try to deploy Office 2016 (specifically Outlook 2016) and connect it to an existing Office 365 account for email or Exchange 2016, autodiscover will probably give you fits. It just does not work reliably, and in many cases will not work at all. it just hangs and never completes.

The fix below work for us:

[HKEY_CURRENT_USER\software\policies\microsoft\office\16.0\outlook\autodiscover]
“excludehttpsrootdomain”=dword:00000001


Unable to create snapshot: VMname/VMname.vmx already exists

Error: Unable to create snapshot: Operation failed because file already exists or Cannot complete the operation because the file or folder [DatastoreName] VMname/VMname.vmx already exists
OR
when trying to VMotion you get Error: Migrate virtual machine MY-DC A general system error occurred: Source detected that destination failed to resume.

  • ESX/ESXi/vCenter Server 4.0 vSphere Client, shows an error similar to:

    Cannot complete the operation because the file or folder [DatastoreName] VMname/VMname.vmx already exists

  • ESX/ESXi/vCenter Server 4.1 vSphere Client, shows an error similar to:

    Cannot complete the operation because the file or folder <unspecified filename> already exists

Resolution

This issue occurs when VMware ESX or ESXi tried to create a new vDiskname-delta.vmdk redolog file, but the generated filename already exists. This can occur if the -delta.vmdk redolog file does not have an associated descriptor file.

Every virtual disk is composed of two files, a flat or delta file containing the actual data and a descriptor file containing geometry and topology information. For example, vDiskname.vmdk and vDiskname-flat.vmdk or vDiskname-delta.vmdk. For more information, see Understanding virtual machine snapshots in VMware ESX (1015180).

When creating a snapshot, the host uses the lowest file number that is not in use by the chain of snapshots and does not exist on the directory. The host calculates this by checking through the descriptor files.

When the host tries to create the snapshot, it first creates the new descriptor file, then creates the associated -delta.vmdk file. If the host detects that a -delta.vmdk file with that name already exists the snapshot operation fails and the virtual machine reverts to its previous state.

To resolve this issue, locate and manually rename or move the -delta.vmdk file that does not have an associated descriptor file.
To locate and manually rename or move the -delta.vmdk file that does not have an associated descriptor file:
  1. Connect to the ESX or ESXi host using the vSphere Client.
  2. Locate the affected virtual machine in the Inventory.
  3. Determine which datastore(s) the virtual machine is stored on.
  4. Open the Datastore Browser.
  5. Navigate to the working directory containing the virtual machine configuration files. For more information, see Creating snapshots in a different location than default virtual machine directory (1002929).
  6. Confirm that remnant redolog delta.vmdk files from previous snapshots exist. For example:
    • The virtual machine is currently pointed to vmname-000001.vmdk.
    • vmname-000001.vmdk’s parent is the virtual machine base disk, vmname.vmdk.
    • A file named vmname-000002-delta.vmdk exists in the virtual machine directory.
    • A file named vmname-000002-delta.vmdk~ exists in the virtual machine directory.
    • The .vmx file does not reference the file named vmname-000002-delta.vmdk.
    • The .vmsd file does not reference the file named vmname-000002-delta.vmdk.
  7. Rename or move the remnant file aside. For example, move the file vmname-000002-delta.vmdk into a backup directory.
  8. Retry the Create Snapshot operation, it should complete successfully.
Notes:
  • If the memory state is captured for a snapshot, a .vmsn file is created before the new .vmdk files. If the snapshot operation fails unexpectedly, the process halts and the .vmsn file is left behind. The .vmsn files can be safely removed if the virtual machine has no snapshots. If there are any snapshots, look in the .vmsd file to identify which .vmsn files are referenced by the virtual machine and remove the rest.
  • You may encounter such issue when you delete the descriptor file by browsing the datastore (assuming those are snapshot disk files and delta files are not visible) of a Virtual machine whose Snapshot/s  is/are not visible through Snapshot Manager.

How to exclude individual users or computers from a Group Policy Object

One of the common question I see on the forums from time to time is how to exclude a user and/or a computer from having a Group Policy Object (GPO) applied. This is a relatively straight forward process however I should stress this should be used sparingly and should always be done via group membership to avoid the administrative overhead of having to constantly update the security filtering on the GPO.

Step 1. Open the Group Policy Object that you want to apply an exception and then click on the “Delegation” tab and then click on the “Advanced” button.

Step 2. Click on the “Add” button and select the group (recommended) that you want to exclude from having this policy applied.

Step 3. In this example I am excluding the “Users GPO Exceptions” group for this policy. Select this group in the “Group or user names” list and then scroll down the permission and tick the “Deny” option against the “Apply Group Policy” permission.

image

Now any members of this “User GPO Exceptions” security group will not have this Group Policy Object applied. Having a security group to control this exception makes it much easier to control as someone only needs to modify the group membership of the group to makes changes to who (or what) get the policy applied. This makes the delegation of this task to level 1 or level 2 support much more practical as you don’t need to grant them permission to the Group Policy Objects.


APP-V 5.0-REMOVING THE “REVERT TO CLEAN STATE“ WARNING ON A MICROSOFT APP-V 5.0 SEQUENCER.

clip_image001

APP-V 5.0 : Removing the “Revert to clean state“ warning on a Microsoft App-V 5.0 Sequencer.

Warning

This Warning I have when I try to recording installation application on a App-V 5.0. We must to do this for clear the warning. To be honest this warning very “annoying”.

clip_image003

How to Solve

1. Open regedit then browse to : “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Sequencer”, delete “ReadyBit REG_DWORD”.

clip_image005

2. Refresh and u will see no warning again.

clip_image007

Thank You.


How to forward mail to an external email address, Forwarding mail to an external address not working.

Forwarding mail to an external address in Exchange 2010 and Exchange 2007

In Exchange 2010/2007, these tasks remain the same. However, instead of using ADUC to accomplish them, you use the EMC or the Shell (aka “EMS“). The new term for a Contact is MailContact.

1Create a MailContact

Create a MailContact using the EMC:

  1. Expand Recipeint Configuration | Mail Contact
  2. In the Action pane, click New Mail Contact
  3. To create a new Contact object, leave the default (New Contact) selected | click Next
  4. Type First name, Last name
  5. Click Edit to add the external email address
  6. Click New to complete creation of new MailContact

Alternatively, use the Shell to create a new MailContact:

New-MailContact -Name “Foo User” -ExternalEmailAddress “foo@externaldomain.com

Next, we set the recipient’s Delivery Options to deliver to the alternate recipient.

2Forward mail for a recipient to the MailContact

Now that we have a MailContact created for the external recipient’s email address, we can forward mail for the Exchange recipient to the MailContact. To configure mail forwarding using the EMC:

  1. Expand Recipeint Configuration | Mailbox | select mailbox | properties | Mail Flow Settings tab | Delivery Options
  2. Under Forwarding address, select Forward to
  3. Click Browse to select the MailContact
    Screenshot: Delivery Options -< Forwarding Address in Exchange 2007
    Figure 2: Modifying Delivery Options to forward email to an alternate recipient
  4. Optional: If a copy of the message needs to be delivered to both the external recipient and the original recipient’s mailbox, select the Deliver message to both forwarding address and mailbox

To configure mail forwarding using the Shell:

Set-Mailbox “Joe Adams” -ForwardingAddress “foo@externaldomain.com”

To deliver a copy to the mailbox (in addition to the external email address – equivalent of step 4 above):

Set-Mailbox “Joe Adams” -ForwardingAddress “foo@externaldomain.com” -DeliverToMailboxAndForward $true

Listing users with forwarding enabled

This command lists mailboxes with auto forwarding enabled:

Get-Mailbox | where {$_.ForwardingAddress -ne $null} | ft name,forwardingaddress

Automatic forwarding and Remote Domains

Remote Domains define a bunch of settings, such as message formats, character sets, and OOFS for messages sent to specified domains outside your Exchange organization. The default Remote Domain setting for the address space * (the asterisk character) applies to all external domains except the ones for which you’ve created a Remote Domain for.

Screenshot: Remote Domain properties
Figure 3: The Allow automatic forward setting for remote domains only impacts client-side automatic forwarding using mechanisms like Inbox Rules, and is disabled by default.

The Allow automatic forward setting for remote domains applies only to client-side forwarding using mechanisms like Inbox Rules. For instance, if a user creates a rule in Microsoft Outlook to automatically forward mail to an external email address, the default setting (for address space *) doesn’t allow it. To enable automatic client-side forwarding of mail to external addresses, select the Allow automatic forward checkbox in a remote domain’s properties | Format of original message sent as attachment to journal report tab (Yes, in Exchange 2007 the tab is mislabeled. It is the “Message Formats” tab… 🙂.