Fixing HTTP Error 500.21 – Internal Server Error Handler “WebServiceHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler” in its module list on IIS.

I was recently developing some .net web applications at work and finally took the plunge of setting up a server to host them after I was happy that we had reached the point where they were usable applications.  So after setting up Server 2008 R2, I went ahead and enabled IIS with asp.net configuration enabled along with a host of other modules enabled to support what we were after. Gave the server a reboot and everything was up and ready to go.

Moved over to my development machine and instructed Visual Studio to publish an application to this newly setup web server, everything up until this point had worked perfectly, the web app published without any errors. So I opened up Internet explorer and low and behold error, page cannot be displayed. So I’m like maybe it’s a permissions thing, remoted into the web server and viewed it as a localhost and got Error 500.21 – Internal Server Error  Handler “WebServiceHandlerFactory-Integrated” has a bad module “ManagedPipelineHandler”.  I had gone ahead and configured an application pool for the web apps we were going to use, and everything seemed OK.  I then remembered something, in the good old IIS 6 days you had to run a .net registration program to notify IIS you had it installed and register the handlers for .net, but thinking to myself this is now 2008 R2, come on, it couldn’t be that.

I opened up an elevated command prompt window and navigated to C:\Windows\Microsoft.NET\Framework\v4.0.30319 and ran aspnet_regiis.exe -i causing asp.net to register itself with IIS and enable the handlers required to run .net pages.

After running this command I rebooted IIS and bang the web application started working.  An easy fix but a pity that it couldn’t have run automatically when I insist on installing asp.net under the IIS configuration.

 

Speeding up LAN based Automation OS boot times using a Custom TFTP Server for Altiris (for WinPE and Linux)

One of the more easier ways of speeding up your WinPE boot times via PXE are changing the default TFTP server which comes with Altiris. First of all, open up the PXE Configuration Manager and disable Multicast since the WinPE image cannot be transferred over Multicast anyway(only DOS supports Multicast via TFTP). This simple tweak shaves around a second off your PXE Boot time.

Another tweak which can be performed is changing the TFTP Server itself. This sounds quite difficult but is quite easy to accomplish and is a significant benefit.  My own testing has shown that 10 Clients concurrently loading a WinPE image do it around 45-50% faster using another TFTP Server than if I was to continue using Altiris’s own server.

I was also going to cover compressing the WinPE image to reduce its file size, but found thatwhen doing so, the reduction in size was minimal shaving off around 10mb.

I’ll be using the Open Source Open TFTP Server, available from http://sourceforge.net/projects/tftp-server/. Download it and install it either on your Altiris Server or like I did, on my workstation and then copy it over to your server. You will also need to copy over your Settings file.

Firstly, open up the Services control applet and Stop the Altiris PXE MTFTP Server service.

Now comes the good part. Open an elevated command prompt. The following is based on our Altiris setup, with it installed on D drive and me creating a folder under PXE for OpenTFTP and pasting the OpenTFTP executable and Settings file into that folder.

sc config "Altiris PXE MTFTP Server" binpath= "D:\Deployment Server\PXE\OpenTFTP\OpenTFTPServerMT.exe"

That will reconfigure the MTFTP service path that Altiris uses to push out files from the Altiris supplied MTFTP to our Open TFTP server. You can go into the Services control applet and start the Altiris MTFTP service to begin using the new executable.

To try and get the most out of OpenTFTP server, have a play with the Settings file, primarly the blksize option. Ours is set to 1456 and can be changed depending on your network environment.

If for any chance you want to return to the Altiris MTFTP server then you simply need to run the sc config command pointing to your Altiris PXE MTFTP executable so stop the service again and enter the following into an elevated command prompt making sure to match the path to your Altiris location:

sc config "Altiris PXE MTFTP Server" binpath= "D:\Deployment server\PXE\PxeMtftp.exe"

Then start the service again and you are back to using the default Altiris multi-thread TFTP server.

This simple tweak shaves heaps of time off of WinPE (also Linux) automation boot times. If you are running the Dos based automation then there isn’t really a need to run this tweak as the transfer is small enough not to take long anyway.

Hope that helps.

How to set (and change) an NTP time source in Windows Server 2008 R2 (SBS 2011 and Vanilla Server).

Recently, the clocks on my home networked PCs began drifting off sync until the difference was around 30 minutes. At first i thought that my SBS server was no longer synching with time.windows.com (the default time server for windows). After a quick look at the event log, I could see that it was syncing correctly and that the date and timezone were correct. So I began to look at how I could change the NTP server that Windows was syncing with. Unlike Windows XP, which had a tab were you could set the source and even add your own in the date and time control panel applet, Windows Server 2008 and Windows 7 have nothing of the sort, so how was I going to change the source. A quick look on technet led me to an article titled Windows Time Services Tools and Settings.

To query the time service about its current status open up an elevated command prompt and type in:
w32tm /query /status

This will display the following output (it will either state Source: Local CMOS Clock or time.windows.com)

After working out the souce and that it was synching without error as well as the obvious the fact the time was way off I needed to find a reliable Time service. After a bit of searching around the web I found pool.ntp.org which is the part of the home for the Network Time Protocol open source project (ntp.org). Members work together to provide a public pool of time servers for use by individuals and businesses. pool.ntp.org uses DNS round robin to make a random selection from a pool of time servers who have volunteered to be in the pool making this service highly redundant and reliable.

If you navigate to the Time Servers page on their wiki you will see a list of servers as rell as regional servers which you can also choose from.  Since I’m in Australia I narrowed it down to Oceanaia and then Australia leaving me with au.pool.ntp.org.  So basically I now had to reconfigure the Windows Time service to sync with the NTP Australian Server Pool. A quick look over the technet documentation told me the commands I needed to run which was:
w32tm /config /manualpeerlist:au.pool.ntp.org

Which after being executed in an elevated command prompt will leave you with command completed successfully.  Once that is configured we need to restart the time service by either doing net stop/start w32time or via the Services Control Panel on Windows Time.

You can then query the time service again using /query and /status which will present you with the above output. As you can see the time service is now synching with the service that I specified it to. You can look around the NTP site to find a group of services which are closer to your location, but it generally doesn’t matter where you pick the NTP server from.

And there you have it, how to reconfigure the Windows Time service to look at a different time source.  As a side note before closing off the article, Microsoft don’t fully support the Windows 32 Time service for use in high accuracy environments as mentioned in this Knowledge base article. So if you need something which is highly accurate then you need to look elsewhere.

Assigning resources via logon script based on computer names.

We’ve recently been having an issue where printers being deployed via group policy haven’t been deploying, or are deploying but not being set to default.  So after some investigation, the easiest thing to do would be to write a Visual basic script to ease the deployment of printers throughout our environment. Luckily for us we have naming conventions and machines are usually called 2011uname or 2014uname, based on a student’s final year.

You can use this script for all sorts of things, from allocating printers and mapping network drives. To increase or decrease the amount of characters that the script looks at simply modify the strLength (Define String Check Length) variable at the beginning of the script.

'Actions based on Computer name for logon scripts
'Define String Check Length
strLength = "4"

'Get the computer name
Set WSHNetwork = CreateObject("WScript.Network")
strComputer = WSHNetwork.ComputerName

'Select year level by ending year
Select Case Left(strComputer,strLength)
    Case "2011"
        msgbox "year 12"
    Case "2012"
        msgbox "year 11"
    Case "2013"
        msgbox "year 10"
End Select

The script will print out a message box, but within the case you can specify what ever action you want. Hope that helps someone out.

How to reset the Search Index in Exchange 2010 Search

Exchange 2010 has a built in search feature which allows you to quickly search for emails in your mailbox using Outlook (when Online), OWA, Exchange ActiveSync etc. Exchange 2010 search indexes items as soon as they are received by the Mailbox Database. So if you’ve just transitioned from Exchange 2003 to 2010, Exchange may not index items brought over from the Exchange 2003 server to the Exchange 2010 server. You may find that users using Exchange search may have issues searching for items that were in their mailbox before the transition. For example, you will not be able to find a pre-transition item using instant search but will be able to find them using ‘Advanced Find’ in Outlook.

To fix this issue, you will have to reset the search index to force the Exchange Search service to index all items in the Mailbox Database including items that were moved to the database from Exchange 2003.

To reset the search index, open up the Exchange Management Shell navigate to %PROGRAMFILES%\Microsoft\Exchange Server\V14\Scripts and then run the following command:

.\ResetSearchIndex.ps1 -force -all

You should see output that resembles the following:

WARNING: Waiting for service 'Microsoft Exchange Search Indexer (MSExchangeSearch)' to finish stopping...
MSExchangeSearch service stopped
Deleting catalog for Mailbox Database
removing: <location of catalogue>

MSExchangeSearch service Started

To verify that the rebuilding of the index has completed do the following:

  1. Add this counter to Perfmon: MSExchange Search Indices\Full Crawl Mode Status. This counter will be 0 before running ResetSearchIndex, go to 1 during the full crawl and then back to 0 after ResetSearchIndex completes.
  2. You will receive MSExchange Search Indexer Event ID 109 when the full crawl begins.
  3. You will receive MSExchange Search Indexer Event ID 110 when the full crawl ends.

You should now be able to search for pre-transition items using Exchange search.

Blank page (auth.owa Http 500) when logging into Outlook Web Access running on Exchange 2010

Recently had to restart a client’s server after running some Windows Updates. A few hours after the restart the client contacted me stating that they couldn’t access their e-mails via the web.  I quickly had a look, the login page presented itself, so I logged in and after clicking Sign in I was presented with a blank page pointing to auth.owa.  This was a little puzzling as there were no updates for Exchange so why did it break?  Checking the IIS logs, I found that the error was 500 which indicated some kind of authentication error.

A little powershell cmdlet you can run is Test-OWAConnectivity. So I ran the cmdlet and recieved WARNING: An unknown failure occurred during logon. So I checked IIS and ensured that all of the authentication was set correctly and indeed it was.  So after some poking around on the web I found out Exchange 2010 palms off the Forms Based Authentication to a seperate Service called  Microsoft Exchange Forms-Based Authentication Service. Starting this service fixed the blank page issue and allowed clients to authenticate correctly.

How to Switch from IDE to AHCI without repairing/reinstalling Windows

A few weeks ago I installed an SSD drive in my home PC. For some reason up until tonight I never checked what the Sata mode was set to in the bios. It was set to IDE. Usually when changing the storage mode in the bios requires a reformat as windows will no longer boot. So I looked around the internet and found some really great instruction to switch from IDE to AHCI without having to repair or reinstall windows. Thought I might share it.

You start with step 1 while you are still in windows in IDE mode.

  1. Run the Registry Editor (regedit.exe)
  2. Navigate to Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci
  3. Set the “Start” value to 0 (zero)
  4. Navigate to Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Pciide
  5. Set the “Start” value to 0 (zero)
  6. Shut down
  7. Start up again, but before Windows boots go into the BIOS configuration screens and change the disk mode to “AHCI”. Save the new BIOS configuration and restart so that Windows boots.

When Windows starts, it will detect the change, load new disk drivers, and do one more reboot to start up with them. A quick little post, more to come.

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site”

I recently setup a SBS 2011 server for one of my clients. For several reasons we changed the external name to reach the server so instead of remote.fdqn.com.au it would be exchange.fqdn.com.au this worked perfectly once DNS settings propagated and allowed employees to connect externally via webmail or Outlook Anywhere (one of the best features in exchange/outlook hands down).  One issue which popped up after we installed the certificate for this new domain is that it was assigned to a different domain than what was configured in Exchange 2010, so internally clients would get security pop-ups everytime they would open their outlook.

The fix requires the use of the Exchange PowerShell Console, so fire it up. Once it loads, we first need to know what the name of our client access server is (for sites with multiple CAS servers you need to use this on the server doing your auto-discovery). So run Get-ClientAccessServer which will list all of the available CAS servers, for this instance it is SBSSERVER. So now that we have a list of servers and we know which is doing the auto-discovery we need to re-configure it to the new DNS entry.  Microsoft documentation doesn’t have ” ” quotation marks but it is important to have. So now run Set-ClientAccessServer with the following
Set-ClientAccessServer -Identity "SBSSERVER" -AutoDiscoverServiceInternalUri "https://exchange.fqdn.com.au/autodiscover/autodiscover.xml" with SBSSERVER being your CAS server and fqdn.com.au being the correct domain the certificate is assigned to.

Once the command runs successfully, re-open outlook and you will no longer be presented with a security warning everytime you are on the internal network.

Changing the Registered User Details for Visual Studio 2010

One of the anoyances I’ve had when installing Visual Studio 2010 is the removal of the user information bit when accepting the License Agreement, this was useful but is now automated and the installer retrieves details from Windows itself.

After a fresh install of Windows 7 (with SP1 and it still needed updates afterwards) I installed my usual things along with Visual Studio, and thought now, how do I change the registered user details that show up in the about box, splash screen and are used as default values in the version resource. After having a quick poke around in the registry, I found the two areas that Visual Studio looks at. For a 64-bit machine they are the following two keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VisualStudio\10.0\Registration\UserName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization

For 32-bit machines:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Registration\UserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization

Changing these two will fix your about box, but what about that splash screen. Well running devenv.exe /setup with admin rights will cause Visual Studio to retrieve these registry settings and then make them appear in your splash screen. Making the circle complete which is what we set out todo. Hope that helps.

Fixing Error 1935. An error occurred during the installation of assembly errors.

Sometimes when installing software, I get an error during the installation of either the .Net framework or the Visual C Runtimes. This error, Error 1934. An error occurred during the instllation of assembly … will prevent the installation from being successfull, furthurmore after many hours of searching, many of the fixes listed around the web do not work.

To succsesfully allow the software installation to complete, a registry edit must be made. So go an open up Regedit and navigate to the following key: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control double-click on the RegistrySizeLimit and edit the DWORD value. In Hexadecimal enter FFFFFFFF or alternatively enter 4294967295 as the decimal value.

Once the registry change is done, restart the machine and then you can start the setup again that was causing you the issues earlier.

An optional set you can do once you have restarted the machine is to open up a command prompt window and type in the following command: SFC /SCANNOW this begins a windows file integrity checker ensuring that all windows system files are genuine and have not been edited or replaced, if you are running Windows XP you will need your installation CD to complete the scan.

Just about every encounter I’ve had with this error the RegistrySizeLimit has fixed the issue.