How to set (and change) an NTP time source in Windows Server 2008 R2 (SBS 2011 and Vanilla Server).

Recently, the clocks on my home networked PCs began drifting off sync until the difference was around 30 minutes. At first i thought that my SBS server was no longer synching with time.windows.com (the default time server for windows). After a quick look at the event log, I could see that it was syncing correctly and that the date and timezone were correct. So I began to look at how I could change the NTP server that Windows was syncing with. Unlike Windows XP, which had a tab were you could set the source and even add your own in the date and time control panel applet, Windows Server 2008 and Windows 7 have nothing of the sort, so how was I going to change the source. A quick look on technet led me to an article titled Windows Time Services Tools and Settings.

To query the time service about its current status open up an elevated command prompt and type in:
w32tm /query /status

This will display the following output (it will either state Source: Local CMOS Clock or time.windows.com)

After working out the souce and that it was synching without error as well as the obvious the fact the time was way off I needed to find a reliable Time service. After a bit of searching around the web I found pool.ntp.org which is the part of the home for the Network Time Protocol open source project (ntp.org). Members work together to provide a public pool of time servers for use by individuals and businesses. pool.ntp.org uses DNS round robin to make a random selection from a pool of time servers who have volunteered to be in the pool making this service highly redundant and reliable.

If you navigate to the Time Servers page on their wiki you will see a list of servers as rell as regional servers which you can also choose from.  Since I’m in Australia I narrowed it down to Oceanaia and then Australia leaving me with au.pool.ntp.org.  So basically I now had to reconfigure the Windows Time service to sync with the NTP Australian Server Pool. A quick look over the technet documentation told me the commands I needed to run which was:
w32tm /config /manualpeerlist:au.pool.ntp.org

Which after being executed in an elevated command prompt will leave you with command completed successfully.  Once that is configured we need to restart the time service by either doing net stop/start w32time or via the Services Control Panel on Windows Time.

You can then query the time service again using /query and /status which will present you with the above output. As you can see the time service is now synching with the service that I specified it to. You can look around the NTP site to find a group of services which are closer to your location, but it generally doesn’t matter where you pick the NTP server from.

And there you have it, how to reconfigure the Windows Time service to look at a different time source.  As a side note before closing off the article, Microsoft don’t fully support the Windows 32 Time service for use in high accuracy environments as mentioned in this Knowledge base article. So if you need something which is highly accurate then you need to look elsewhere.

Assigning resources via logon script based on computer names.

We’ve recently been having an issue where printers being deployed via group policy haven’t been deploying, or are deploying but not being set to default.  So after some investigation, the easiest thing to do would be to write a Visual basic script to ease the deployment of printers throughout our environment. Luckily for us we have naming conventions and machines are usually called 2011uname or 2014uname, based on a student’s final year.

You can use this script for all sorts of things, from allocating printers and mapping network drives. To increase or decrease the amount of characters that the script looks at simply modify the strLength (Define String Check Length) variable at the beginning of the script.

'Actions based on Computer name for logon scripts
'Define String Check Length
strLength = "4"

'Get the computer name
Set WSHNetwork = CreateObject("WScript.Network")
strComputer = WSHNetwork.ComputerName

'Select year level by ending year
Select Case Left(strComputer,strLength)
    Case "2011"
        msgbox "year 12"
    Case "2012"
        msgbox "year 11"
    Case "2013"
        msgbox "year 10"
End Select

The script will print out a message box, but within the case you can specify what ever action you want. Hope that helps someone out.

How to reset the Search Index in Exchange 2010 Search

Exchange 2010 has a built in search feature which allows you to quickly search for emails in your mailbox using Outlook (when Online), OWA, Exchange ActiveSync etc. Exchange 2010 search indexes items as soon as they are received by the Mailbox Database. So if you’ve just transitioned from Exchange 2003 to 2010, Exchange may not index items brought over from the Exchange 2003 server to the Exchange 2010 server. You may find that users using Exchange search may have issues searching for items that were in their mailbox before the transition. For example, you will not be able to find a pre-transition item using instant search but will be able to find them using ‘Advanced Find’ in Outlook.

To fix this issue, you will have to reset the search index to force the Exchange Search service to index all items in the Mailbox Database including items that were moved to the database from Exchange 2003.

To reset the search index, open up the Exchange Management Shell navigate to %PROGRAMFILES%\Microsoft\Exchange Server\V14\Scripts and then run the following command:

.\ResetSearchIndex.ps1 -force -all

You should see output that resembles the following:

WARNING: Waiting for service 'Microsoft Exchange Search Indexer (MSExchangeSearch)' to finish stopping...
MSExchangeSearch service stopped
Deleting catalog for Mailbox Database
removing: <location of catalogue>

MSExchangeSearch service Started

To verify that the rebuilding of the index has completed do the following:

  1. Add this counter to Perfmon: MSExchange Search Indices\Full Crawl Mode Status. This counter will be 0 before running ResetSearchIndex, go to 1 during the full crawl and then back to 0 after ResetSearchIndex completes.
  2. You will receive MSExchange Search Indexer Event ID 109 when the full crawl begins.
  3. You will receive MSExchange Search Indexer Event ID 110 when the full crawl ends.

You should now be able to search for pre-transition items using Exchange search.

Blank page (auth.owa Http 500) when logging into Outlook Web Access running on Exchange 2010

Recently had to restart a client’s server after running some Windows Updates. A few hours after the restart the client contacted me stating that they couldn’t access their e-mails via the web.  I quickly had a look, the login page presented itself, so I logged in and after clicking Sign in I was presented with a blank page pointing to auth.owa.  This was a little puzzling as there were no updates for Exchange so why did it break?  Checking the IIS logs, I found that the error was 500 which indicated some kind of authentication error.

A little powershell cmdlet you can run is Test-OWAConnectivity. So I ran the cmdlet and recieved WARNING: An unknown failure occurred during logon. So I checked IIS and ensured that all of the authentication was set correctly and indeed it was.  So after some poking around on the web I found out Exchange 2010 palms off the Forms Based Authentication to a seperate Service called  Microsoft Exchange Forms-Based Authentication Service. Starting this service fixed the blank page issue and allowed clients to authenticate correctly.

How to Switch from IDE to AHCI without repairing/reinstalling Windows

A few weeks ago I installed an SSD drive in my home PC. For some reason up until tonight I never checked what the Sata mode was set to in the bios. It was set to IDE. Usually when changing the storage mode in the bios requires a reformat as windows will no longer boot. So I looked around the internet and found some really great instruction to switch from IDE to AHCI without having to repair or reinstall windows. Thought I might share it.

You start with step 1 while you are still in windows in IDE mode.

  1. Run the Registry Editor (regedit.exe)
  2. Navigate to Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msahci
  3. Set the “Start” value to 0 (zero)
  4. Navigate to Registry Key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Pciide
  5. Set the “Start” value to 0 (zero)
  6. Shut down
  7. Start up again, but before Windows boots go into the BIOS configuration screens and change the disk mode to “AHCI”. Save the new BIOS configuration and restart so that Windows boots.

When Windows starts, it will detect the change, load new disk drivers, and do one more reboot to start up with them. A quick little post, more to come.

Security warning when you start Outlook 2007 and then connect to a mailbox that is hosted on a server that is running Exchange Server 2007 or Exchange Server 2010: “The name on the security certificate is invalid or does not match the name of the site”

I recently setup a SBS 2011 server for one of my clients. For several reasons we changed the external name to reach the server so instead of remote.fdqn.com.au it would be exchange.fqdn.com.au this worked perfectly once DNS settings propagated and allowed employees to connect externally via webmail or Outlook Anywhere (one of the best features in exchange/outlook hands down).  One issue which popped up after we installed the certificate for this new domain is that it was assigned to a different domain than what was configured in Exchange 2010, so internally clients would get security pop-ups everytime they would open their outlook.

The fix requires the use of the Exchange PowerShell Console, so fire it up. Once it loads, we first need to know what the name of our client access server is (for sites with multiple CAS servers you need to use this on the server doing your auto-discovery). So run Get-ClientAccessServer which will list all of the available CAS servers, for this instance it is SBSSERVER. So now that we have a list of servers and we know which is doing the auto-discovery we need to re-configure it to the new DNS entry.  Microsoft documentation doesn’t have ” ” quotation marks but it is important to have. So now run Set-ClientAccessServer with the following
Set-ClientAccessServer -Identity "SBSSERVER" -AutoDiscoverServiceInternalUri "https://exchange.fqdn.com.au/autodiscover/autodiscover.xml" with SBSSERVER being your CAS server and fqdn.com.au being the correct domain the certificate is assigned to.

Once the command runs successfully, re-open outlook and you will no longer be presented with a security warning everytime you are on the internal network.

Changing the Registered User Details for Visual Studio 2010

One of the anoyances I’ve had when installing Visual Studio 2010 is the removal of the user information bit when accepting the License Agreement, this was useful but is now automated and the installer retrieves details from Windows itself.

After a fresh install of Windows 7 (with SP1 and it still needed updates afterwards) I installed my usual things along with Visual Studio, and thought now, how do I change the registered user details that show up in the about box, splash screen and are used as default values in the version resource. After having a quick poke around in the registry, I found the two areas that Visual Studio looks at. For a 64-bit machine they are the following two keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\VisualStudio\10.0\Registration\UserName
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization

For 32-bit machines:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Registration\UserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\RegisteredOrganization

Changing these two will fix your about box, but what about that splash screen. Well running devenv.exe /setup with admin rights will cause Visual Studio to retrieve these registry settings and then make them appear in your splash screen. Making the circle complete which is what we set out todo. Hope that helps.

Fixing Error 1935. An error occurred during the installation of assembly errors.

Sometimes when installing software, I get an error during the installation of either the .Net framework or the Visual C Runtimes. This error, Error 1934. An error occurred during the instllation of assembly … will prevent the installation from being successfull, furthurmore after many hours of searching, many of the fixes listed around the web do not work.

To succsesfully allow the software installation to complete, a registry edit must be made. So go an open up Regedit and navigate to the following key: HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control double-click on the RegistrySizeLimit and edit the DWORD value. In Hexadecimal enter FFFFFFFF or alternatively enter 4294967295 as the decimal value.

Once the registry change is done, restart the machine and then you can start the setup again that was causing you the issues earlier.

An optional set you can do once you have restarted the machine is to open up a command prompt window and type in the following command: SFC /SCANNOW this begins a windows file integrity checker ensuring that all windows system files are genuine and have not been edited or replaced, if you are running Windows XP you will need your installation CD to complete the scan.

Just about every encounter I’ve had with this error the RegistrySizeLimit has fixed the issue.

Exchange Management with AD Users when using RSAT for Windows 7

One of the little things with the have annoyed me since I’ve started using the RSAT tools in Windows is the fact that there is no easy way to manage Exchange. Sure I can install the Exchange Management Pack and use that, but like most admin’s AD Users and Computers is open just about all the time.

First thing you will want to do is go and download the Exchange System Manager for Windows Vista (located here). Once downloaded, extract the .exe file so that you have an ESMVISTA.MSI file. Now that’s extracted, open up a command prompt window and move to the location that ESMVISTA lives. Type in the following:

ESMVISTA.MSI /Q

With that command line the message is surpressed and the installation continues without any issues under Windows 7. This will only work for Windows 7 32-Bit and I have not found a way to get it working with 64-bit.

After a few minutes you will be able to open up AD Users and computers, right click and you will have the extra Exchange Tabs (pictured right), making Administration a little easier.

Fixing the Outlook Web Access web application failed to initialize error

During the Christmas break many still wish to check their e-mails whilst enjoying their holidays.  One of my Clients who don’t use OWA are now taking the plunge and going to be checking their e-mail (great feature). With SBS 2008 (so Exchange 2007), OWA is enabled by default, so I thought there would be nothing that I needed to do, I was wrong.

After loading up OWA on the server and my laptop I received the following error:

The Outlook Web Access web application failed to initialize.
..
Exception
Exception type: Microsoft.Exchange.Clients.Owa.Core.OwaThemeManagerInitializationException

The fix I’ve worked out for this is to copy the original files in the theme directory from your installation media (x:\Setup\ServerRoles\ClientAccess\owa\version\) back into the OWA working directory.

The cause, I suspect a corrupt file, not too sure exactly and didn’t have much time to investigate seeing as it’s holiday time, but believe something had changed the theme configuration causing OWA to look elsewhere for theme files, I also have a suspicion that an update might have caused this, but can’t confirm.