Tuesday, November 29, 2011

Symantec AntiVirus Runtime Error!

Earlier this year, a customer kept getting this error when rebooting:

Microsoft Visual C++ Runtime Library Runtime Error!

Program: C\Program Files\Symantec AntiVirus\Rtvscan.exe

This application has requested the Runtime to terminate it in an unusual way.

Please contact the application's support team for more information.

Luckily the fix isn't too painful...


Go to a command prompt and run wbemtest
• Click Connect (upper-right)
• Replace root\default (or root\cimv2) with root\securitycenter and click Connect.
• You will be returned to the original screen, now click the Enum Classes... button, leave the Superclass Info box empty and click OK.
• In the Query Results screen, click AntivirusProduct and select Delete.
Close the Query windows and Exit wbemtest.
• Now either repair or  re-install Symantec Antivirus Corporate Edition.

Sunday, November 27, 2011

SQL Server Management Studio Express

Who doesn't love free? I certainly do. Microsoft has offered a great free version of its flagship database software, MS SQL, for quite some time now. And up until a few years ago it didn't have a GUI front-end, but Microsoft fixed that with the release of SQL Server Management Studio Express.

Now out of the box, it typically doesn't connect, i.e. to a WSUS or WSS Embedded, Compact or Windows Internal database. For security purposes they disable the Named Pipes protocol in MS SQL and for unknown reasons the Management Studio has difficulty connecting to the SQL instance on the local server, i.e. localhost.

To get going with the SQL Management Studio, the Named Pipes protocol needs to be enabled. Go to Start > Programs > MS SQL > Config Tools > SQL Config Mgr, then under SQL Server Network Configuration > Protocols for MSQLSERVER, double-click Named Pipes, set Enabled to Yes. Then the MS SQL Service must be restarted.

When you fire up the SQL Management Studio, use \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query in the Server Name field, choose your Authentication and click Connect.

Free is good again.

Update: For Windows Server 2012 & 2012 R2, the path is \\.\pipe\MICROSOFT##WID\tsql\query

Wednesday, November 23, 2011

Recursively Add Public Folder Permissions

Last week I found myself having to export (for archival) and remove a large tree of Public Folders. I thought the task would be easy, open Outlook, highlight the top level folder and Export to PST.

Little did I know someone changed the top-level permissions of the folder I previously created, removing any admins from the list, so any new folder in the tree inherited the lack of admin rights. Now I had to change permissions on 472 folders, not something to be done individually.

A short search yielded just the info I needed. There is a script called AddUsersToPFRecursive.ps1 in the \Microsoft\Exchange Server\Mailbox\Scripts directory; use and syntax is below.

AddUsersToPFRecursive.ps1 -toppublicfolder \Finance -User "Joe Admin" -Permissions Owner -Confirm:$False

Change the -toppublicfolder to \ or \Marketing\Calendars, whatever suits your needs. And be sure to add the -Confirm:$False switch, otherwise you will have to hit Enter (or Yes) for every folder change. Don't ask me how I know...

Sunday, November 20, 2011

Time Skew and Exchange Services

On a recent Sunday night, I was home watching The Walking Dead, a colleague called to say that our core switch was down in our colo. As he was on vacation, I raced over there, preformed some troubleshooting, finally rebooting our huge Cisco 4510 to bring everything back online, that is except Exchange.

The Exchange cluster was using iSCSI, thus was offline during the outage and now would not mount the databases; both the System Attendant and Information Store services would not start. After trying a reboot and examining the Failover Clustering, these error messages were found in the Event Log:

System attendant - EventID: 1005 Unexpected error The clocks on the client and server machines are skewed. ID no: 80090324 Microsoft Exchange System Attendant occurred.

MSExchangeIS - EventID: 5003 Unable to initialize the Microsoft Exchange Information Store service because the clocks on the client and on the server machine are skewed. This may be caused by a time change either in the client or the server machine, and may require a reboot of that machine. Other than that, verify that your domain is properly configured and is currently online.

I didn't even consider the fact that the Exchange server's system time didn't match the domain controllers'. Both nodes were a full six minutes behind! Once the clocks were synced with the DCs, both services started, databases mounted and we were back in business.

Due to the fact we're running a hybrid UNIX/Windows DNS network, oddities like this seem to creep up. Once I have this sorted, there will likely be a blog post about that as well.

Wednesday, November 16, 2011

Windows 3-Tier Certificate Authority

Many months ago I was tasked with implementing a 3-tier Certificate Authority for a large Windows domain environment. Unfortunately there is surprisingly little information for the nitty-gritty questions one may have. The Microsoft Press book Windows Server® 2008 PKI and Certificate Security proved quite useful, but at times lacking. (This book seems to have been discontinued, thus outrageous pricing; add a comment if you want a link to the eBook.) The Corelan Team site added more insight and was quite useful as well.

Here is the document I created detailing our setup and configuration process (using generic server names and Contoso as the company). Please review the entire document first, should use it for reference. Please note: this document is unsupported and is meant only as a guide.

Should you post questions here, I will do my best to answer them or help point you in the correct direction. This project took place almost a year ago and I'm no longer on site to examine the configuration, so please understand if I may not be able to shed light into the darkest corners of CA voodoo.

Ps. Thanks to SL @ TM for his time and trust with this project.

Saturday, November 12, 2011

PowerShell: Execution of scripts is disabled

This information is available on many sites, but I'm tired of searching for it every few months when I switch laptops/tablets.

Whenever you try to run an unsigned PowerShell script, you get the following message: "File C:\Custom\Test.ps1 cannot be loaded because the execution of scripts is disabled on this system. Please see "get-help about_signing" for more details."

I certainly believe Microsoft is doing the right thing with keeping PowerShell script execution secure with the proliferation of malware and 99%+ of Windows users don't even know about PowerShell.

Changing the PowerShell security setting is a simple affair. Open PowerShell as an Administrator and run the following: Set-ExecutionPolicy

Your choices are:
Restricted (default) - Which stops all unsigned scripts from running.
AllSigned - This allows only signed scripts to run.
RemoteSigned (my recommendation) - Allows local scripts to run, but all downloaded or remotely executed must be signed.
Unrestricted (not recommended) - This allows all scripts to execute, whether from an e-mail, website or instant message.


Syntax: Set-ExecutionPolicy RemoteSigned

Wednesday, November 9, 2011

Fedora 16 Released

If you haven't used Linux in a while, you should give it a second look. Fedora 16 was unleashed on the computing world yesterday.

The latest versions of Fedora, and most modern Linux distributions, have come a long way since the painfully slow and complex installations. Hardware support, especially with the Fedora Project, has been constantly improving. The user interface has greatly improved over time and there is a nice package of productivity tools included (read: M$ Office alternative).

Many of the apps included don't have the same polish as in Mac OS or Windows, but for free, you get an amazing operating system. It is also a secure alternative to Windows and Mac OS, just based on the quantity of malware written for Linux, it's virtually non-existent.

Download it today and give it a try. It'll run on new and old hardware alike, 32-bit and 64-bit, and can easily be used in a virtual machine. Have fun!

Friday, November 4, 2011

So how much does my Nook weigh?

I knew it! Every time I put content on my Nook Color it becomes heavier and heavier. I already have 4GB of data on it and the extra .000000000000000001 grams is killing me. (It weighs 15.8 ounces, before adding all that heavy content.)

And this is precisely why I have an eReader. The Nook Color allows me to carry a whole library of IT titles as well as works from every spectrum of printed media, without braking my back or ruining my gas mileage (a former colleague carried about fifteen fat UNIX books in the back of his car everywhere).

I'm not saying that the Nook Color is the best choice, but when I bought mine, it was the only color, non-iPad choice at (or under) $250 that was worth anything. Given a choice today, it would be the Kindle Fire, although Barnes & Noble does have an announcement pending... (Maybe my wife would like a slightly used and loaded Nook Color, it's not very heavy.)

Tuesday, November 1, 2011

Setting the Out of Office Reply at the Command Line

If you've ever had to set someone's (like a VP's) Out of Office message because they left town before doing so, and of course don't have access to Outlook Web Access, it can be quite a disruption to your work. Recently I was surfing Jim McBee's blog and found this gem, which he in turn had gotten from Bharat Suneja and the Exchange team.

Just replace the text in bold red and run it in an Exchange Command Shell:

Set-MailboxAutoReplyConfiguration jsmith@contoso.com –AutoReplyState Scheduled –StartTime “11/2/2011” –EndTime “11/9/2011” –ExternalMessage “External OOF message” –InternalMessage “Internal OOF message