Fixing SQL Reporting Services The URL has already been reserved error during Configuration

I was recently helping out a colleague with an SQL Server Reporting Services (SSRS) installation. When it came time to configuring that instance of SSRS and making it listen on port 80 for that particular site we got The URL has already been reserved warning message, navigating to the Reporting Services URLs gives us a HTTP 500 error message.

To find the culprit I can usually use netstat -ab to find what windows process is listening on particular ports but for this instance it was simply SYSTEM, this usually means that an application is using the HTTP.SYS driver to directly listen for requests. So to work around this and find out what has bound to those ports, we use netsh http show urlacl and when I ran it on this server, I could see that ReportServer had already been enabled on Port 80.

   Reserved URL            : http://+:80/ReportServer/
       User: NT SERVICE\ReportServer
           Listen: Yes
           Delegate: No
           SDDL: D:(A;;GX;;;S-1-5-80-2885764129-887777008-271615777-1216005580-2722851051)
   Reserved URL            : http://+:80/
       User: NT SERVICE\ReportServer
           Listen: Yes
           Delegate: No
           SDDL: D:(A;;GX;;;S-1-5-80-2885764129-887777008-271615777-1216005580-2722851051)

I’ll show you two ways to remove these entries that have been incorrectly configured. The first is using the following command

netsh http delete urlacl http://+:80/ReportServer/

A much easier way I’ve found is to use a tool called HttpCfg.exe written by Steve Johnson which is based on a tool from MS (now obsolete). I’ve got this in my toolbox for the future, but simply open the tool, select the entry and hit delete.

Now we can re-run the SSRS Web server configuration and hit apply which should succeeded this time.

Bypassing Anti-Spam on an Exchange 2007/2010 Receive Connector

I was looking at an old Exchange environment that was being used to send bulk mail outs. We noticed every now and again a bunch of e-mails would not be getting sent, trawling through Message Tracking Logs we could see that the messages were failing because of an AGENT FAIL which usually means that there is a transport agent blocking those messages.

The customer still wanted the anti-spam agents enabled so instead we used PowerShell to modify the receive connector to bypass the Spam Filtering by giving the anonymous logon extended right ms-exch-bypass-anti-spam. Use the following PowerShell cmdlet and modify the Receive Connector with the name of your Connector.

Get-ReceiveConnector "Receive Connector" | Add-ADPermission 
-User "NT AuthorityAnonymous Logon" -AccessRights ExtendedRight 
-ExtendedRights ms-exch-bypass-anti-spam

Hope that helps.

Fixing The trust relationship between this computer and the primary domain failed Error when restoring a Snapshot or Old Virtual Machine

I had a VM snapshot/checkpoint running for several months in my test lab and after reverting the snapshot back I went to login to the machine and got the dreaded Trust relationship between this computer and the primary domain failed error message.  So I logged in as a local admin onto that machine, opened up an Administrative PowerShell window and entered the below commands.

$cred = Get-Credential – (enter domain admin account when prompted)
Reset-ComputerMachinePassword -Credential $cred -Server ada-dc-02.adatum.com.au

Replace the server at the end with a FQDN of one of your Domain Controllers.  As I wasn’t authenticated to the domain, I needed to enter my domain admin credentials by using the Get-Credential cmdlet and then using those stored credentials to issue the Reset-ComputerMachinePassword cmdlet.

So there you have it, no more re-joining a computer to the domain.

Using custom OWA URLs in SharePoint to display your inbox as well as calendar and other items

This one has been sitting in my drafts folder for a while but last year I was experimenting with our SharePoint environment and thought it would be a cool idea to have a view of our web mail and calendar come up into our SharePoint homepage as web parts. Now if you are running SharePoint 2010/2013 you can simply use the Outlook OWA web parts to display what you want to a degree but by using a web page viewer web part and specifying the URL we can have a better degree of control on the output of the page.

So start by adding a web page viewer web part to your page and point the web part to your exchange server hosting Outlook Web Access. The following is an example of a URL that you can use:

Exchange 2010

https://owaurl/owa/?cmd=contents&module=Publicfolders&fpath=School%20Calendar&view=weekly

Exchange 2013

https://owaurl/owa/#path=/calendar

For more information on how to format the links and available flags please follow this link http://technet.microsoft.com/en-us/library/bb232199.aspx. I hope that has helped some people in bringing better looking mail access to their share point environments.

Make viewing and sorting Exchange 2013 / 2016 Message Tracking Logs using PowerShell easier with GridView

exchange2010-powershell-logoSo a lot of environments are making the jump to Exchange 2013/2016 away from 2007/2010. From a management point of view the largest change is the move away from a GUI Management option to web-based and PowerShell management. One of the tools missing is the Message Tracking tool, which in a basic form is available on the Web Console but is difficult to use for external mail items so then we move onto PowerShell which gives us what we want but not in the format that is the easiest to understand.

You can use things like FormatList or FormatTable to make things a little prettier but a nicer trick I learned recently was to use Out-GridView which formats things into a new window which we can apply filters to. An example of Get-MessageTrackingLog piped to GridView is below (see the image for the example output)

Get-MessageTrackingLog -ResultSize Unlimited -Start "November 10 2016" -End "November 30 2016" -Recipient "[email protected]" | Out-GridView

Using the GridView we can easily apply filters to further narrow down our search easier.

Adventures with setting up RDS RemoteApp and Web Access in Windows Server 2012 R2

RDS Overview in Server ManagerSo I was recently setting up a demo environment in Azure with two servers.  Our goal was to have Remote Web Access and then publish RemoteApps through that so we could give live demos.  The process to setup Remote Desktop Services is much easier in Server 2012 / 2012 R2 thanks to the Add Remove Features Wizard, but there are still some gotcha’s that I encountered and will cover in this blog post.

The first thing was getting the FQDN of the RD Gateway / Web Access server set to our external domain (since it is different). For example we’ll use adatum.internal and adatum.com.au.  For web access it is simply a matter of having a public DNS record and pointing to your web server but getting it working for the RD Gateway requires some PowerShell.  A script from the TechNet Gallery called Change published FQDN for Server 2012 or 2012 R2 RDS Deployment works a treat for Server 2012 and 2012 R2.  Simply go to the directory you have the script in with a PowerShell admin prompt and enter the following;

Set-RDPublishedName "remote.adatum.com.au"

This should now allow clients to see a connecting to a proper server FQDN instead of something like rds-01.demo.adatum.local.

My next issue was when my demo client when to connect it errored out with 0x607 – An authentication error has occurred.  After having a talk with someone in the office I had found out the Session Host server was hosting some demo web apps that ran using HTTPS.  Now I had imported a proper certificate (that hadn’t expired) but still found this issue.  So I opened up mmc.exe added the Certificates snap-in, browsed the computer certificate store and under personal I could see an EXPIRED certificate.  I deleted this but was still getting the error.  So my other trick was to force Terminal Services to no longer try to use that certificate.  To do this I opened up REGEDIT and went to the following key;

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

In this key I would scroll down until I found SSLCertificateSHA1Hash and deleted the entry (you could also replace the hash with our good certificate).  Once I had done this, I restarted the server for good measure and was then able to connect up to my Remote Apps using Web Access without an issue.

 

Setting the default wallpaper on a Windows 10 image deployment through MDT

Action - Set Default WallpaperSo recently I’ve been working on improving and streamlining our imaging process. One of the pain points that I have had with Windows 10 was an easy way of setting the default wallpaper, but without locking out the user, i.e. Group Policy from changing it in the future. After a long session of Google Fu and finding Powershell and VB scripts I settled on a simple solution of a batch file to take ownership and replace the default wallpaper files.

As the majority of our devices are laptops, I set the default img0.jpg to a resolution of 1366 x 768 and then proceeded to create all of the different resolutions in the 4K folder, 1024×768, 1200×1920, 1366×768, 1600×2560, 1920×1200, 2160×3840, 2560×1440, 2560×1600, 3840×2160, 768×1024, 768×1366. Once I had all the images ready, I created a file structure and then made the below batch or cmd file for my Application Install Task. If you are running SCCM instead of just MDT, change Administrators to SYSTEM.

takeown /f c:\windows\WEB\wallpaper\Windows\img0.jpg
takeown /f C:\Windows\Web\4K\Wallpaper\Windows\*.*
icacls c:\windows\WEB\wallpaper\Windows\img0.jpg /Grant Administrators:(F)
icacls C:\Windows\Web\4K\Wallpaper\Windows\*.* /Grant Administrators:(F)
del c:\windows\WEB\wallpaper\Windows\img0.jpg
del /q C:\Windows\Web\4K\Wallpaper\Windows\*.*
copy "%~dp0img0.jpg" c:\windows\WEB\wallpaper\Windows\img0.jpg
copy "%~dp04k\*.*" C:\Windows\Web\4K\Wallpaper\Windows

Once I had everything ready, I created an New Application Install called Action – Set Default Wallpaper and got it to call my batch file. Once that was done, I went and added it into my Task Sequence for building our Windows 10 Image as one of the first items to run once Windows 10 has passed the OOBE stage, so under State Restore, after the Windows Updates.

That process has worked every time flawlessly for me, where as the scripts I had found didn’t.

Adjust resource mailbox calendar permissions on Exchange 2010/2013 using PowerShell

Quick one today.  By default, when creating a room resource mailbox, Exchange will grant default permissions of AvailabilityOnly for any user (default), if you are after people knowing who has booked a room or resource then you can adjust the permissions to Reviewer. The quickest way to do this is via PowerShell, you can use the following cmdlet;

Add-MailboxFolderPermission -Identity MeetingRoom2:\Calendar -user "Staff - All Staff" -AccessRight Reviewer

I am using a group (called Staff – All Staff) in the above that does not have any permissions already applied to that mailbox calendar. If the user or group already has some kind of permission, you will need to use Set-MailboxFolderPermissions instead of Add-MailboxFolderPermissions.

If you have multiple Resource Mailboxes, you can pipe a Get-Mailbox to hit them all at once like so;

$rooms = Get-Mailbox -RecipientTypeDetails RoomMailbox
$rooms | %{Add-MailboxFolderPermission $_":\Calendar" -User "Staff - All Staff" -AccessRights Reviewer}

Hope that helps.

Fixing Windows cannot connect to printer with Error Error 0x0000007e when shared on Windows Server 2003 or 2008 32 bit (x86) and your client is 64 bit

Printers and FaxesSo I was out installing a new laptop for a client recently, their server infrastructure is very old (they’re still running Server 2003 but about to migrate) and doing the final stage of the deployment I was installing the local printer in the office but got Windows cannot Connect to the Printer (0x0000007e) error every time I tried.
I finally stumbled upon an old forum topic regarding HP print driver incompatibilities between 32 server and 64 bit client machines where it was unable to find a particular file.

The trick was to delete the following registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\PrinterNameHere\CopyFiles\BIDI replacing PrinterNameHere with the name of your printer. This then allowed me to connect to the printer correctly on the 64 bit client without any errors.

Issues Deploying a Custom Windows 10 Start Menu Layout when using an image with a Default Profile

So I’m in the final stages of getting our Windows 10 Deployment ready to go and I am currently in the process of branding and customising our image, which includes setting a custom Start Menu Tile Layout.  This is done with the use of two PowerShell commands Export-StartMenuLayout and Import-StartMenuLayout.

I created our preferred start menu, exported on my test computer and then added a Task to our MDT Deployment Task Sequence.

I found that this completed without any errors but Windows was not applying the Start Menu, after a bit of digging around, I found an issue where if you have CopyProfile set to true in your unattend xml answer file then there is another step that you need to complete which is to delete the TileDataLayer folder located in C:\Users\Default\AppData\Local and once I added that line to my batch file the Start Menu appeared.  My complete batch file is as follows;

powershell.exe -ExecutionPolicy Bypass -Command "Copy-Item '%~dp0StartMenu.xml' -destination C:\Windows\Temp; Import-StartLayout -LayoutPath C:\Windows\Temp\StartMenu.xml -MountPath $env:SystemDrive\; Remove-Item C:\Windows\temp\StartMenu.xml -Force"
rmdir C:\Users\Default\AppData\Local\TileDataLayer /q /s

Hope that helps.