Windows Server

Fast User Switching with Remote Desktop

Leave a comment

A Windows Vista machine has a user called fourthcoffeejoberry logged on. Another user, fourthcoffeehenrikjensen logs on with Remote Desktop.

  1. fourthcoffeehenrikjensen receives this message, and presses Yes:
  2. The logged on user, fourthcoffeejoberry will see this popup on her desktop and press OK:

    While fourthcoffeehenrikjensen waits for fourthcoffeejoberry to respond, this message is displayed in his Remote Desktop window:
  3. fourthcoffeejoberry will be disconnected from her session and the screen on the Windows Vista machine will display Press CTRL+ALT+DELETE to log on:
  4. If she presses Ctrl+Alt+Del she will see that she is just disconnected and not logged of:
  5. The currently logged on user, fourthcoffeehenrikjensen can also see this if he opens Task Manager and displays processes from all users:
  6. fourthcoffeehenrikjensen logs off from Remote Desktop, fourthcoffeejoberry can now press Ctrl+Alt+Del and log in again.

If fourthcoffeejoberry tries to log on before fourthcoffeehenrikjensen has logged of, the process happens in reverse.

  1. fourthcoffejoberry presses Ctrl+Alt+Del and logs on, she receives this message:
  2. The prompt is presented to fourthcoffeehenrikjensen (logged on via Remote Desktop):

    While waiting for fourthcoffeehenrikjensen to reply, this message will display on fourthcoffeejoberry’s desktop:
  3. fourthcoffeejoberry is logged on to her session and sees her desktop as it was when she was disconnected. fourthcoffeehenrikjensen is also still logged on. He has to reconnect, disconnecting fourthcoffeejoberry temporarily, to log off from his session.
Virtualization, Windows

Windows Virtual PC: Disable the Internal network DHCP server

Leave a comment

The Internal network network in Windows Virtual PC (WVP) has a built in DHCP service that provides the clients connected to it with addresses in the 169.254.0.16 to 169.254.10.254 range. If you need to disable this DHCP service this is how you do it:

  1. Shut down or hibernate all your running virtual machines
  2. Wait for vpc.exe to close, it usually does so by itself a few minutes after the last virtual machine has been closed. If you don’t want to wait you can kill it in Task Manager.
  3. Open the file %localappdata%microsoftWindows Virtual PCoptions.xml and find the Internal Network section.
  4. In the <dhcp> section, find the tag enabled and change its value from true to false:
  5. Save the file and restart your virtual machines.
Windows

Exploring Task Scheduler

2 Comments

Introduction

The new Task Scheduler 2.0 included in Windows Vista and improved on in Windows 7 has the ability to send an email when a task is triggered. Also new is the ability to attach a task to an event from the Event system. You could for instance create a task that sent you an email if you received an event specifying an imminent hard drive failure. For simplicity in my test I attached a task to event 7036 in the System log, which is logged every time a service starts. The UI is actually very nice since you can create the task directly from the Event Viewer using the Attack Task To This Event action:

When you do this you can find that task in the Task Scheduler in the Event Viewer Tasks folder.

Notice also the nice History tab which shows you the history of this particular task. As you can see I have an error in the Task category Action Failed. Lets look at that.

There is no human readable explanation in the data telling us why the email wasn’t sent. But there is an error value. In this case 2147746321 (0x80040211). I had no idea what that value actually meant so I ran it through Microsoft’s Err.exe application which is able to resolve error values on Windows. The output of Err.exe looked like this:

C:UsersmorganDownloadsErrErr>err 2147746321
# for decimal -2147220975 / hex 0x80040211 :
CDO_E_SMTP_SEND_FAILED                                        cdosyserr.h
  IMAPI_E_DEVICE_NOPROPERTIES                                   imapierror.h
UPNP_E_TRANSPORT_ERROR                                        upnp.h
VFW_E_NOT_COMMITTED                                           vfwmsgs.h
# Cannot allocate a sample when the allocator is not
# active.%0
# for hex 0xffffffff / decimal -1 :
NO_TITLE                                                      ftsiface.h
USE_DEFAULT                                                   ftsiface.h
JET_wrnNyi                                                    esent98.h
# /* Function Not Yet Implemented */
LZERROR_BADINHANDLE                                           lzexpand.h
# /* invalid input handle */
MAPI_DIAG_NO_DIAGNOSTIC                                       mapidefs.h
MSIDBERROR_FUNCTIONERROR                                      msiquery.h
# function error
ERROR_UNHANDLED_ERROR                                         ntddchgr.h
# Unknown error condition
PDR_ERROR                                                     penwin.h
# parameter or unspecified error
ICERR_UNSUPPORTED                                             vfw.h
ERROR_UNHANDLED_ERROR                                         winioctl.h
# Unknown error condition
# 14 matches found for “2147746321”

As you can see Err looks at all the header files that has that error value specified in them so you are bound to get many false positives. Task Scheduler uses CDO to send mail so in this case it is the information in the cdosyserr.h file that will tell us what the error is; CDO_E_SMTP_SEND_FAILED. OK, so CDO failed to send an email, why? To find that out I did a network trace using Wireshark while the task executed. The trace uncovered this error from the SMTP server: 550 5.7.1 Client does not have permissions to send as this sender. Since this is Windows talking to an Exchange 2010 server it will automatically authenticate, and it will authenticate using the credentials of the account that is used to run the task in Task Scheduler. This particular task is set up to run as my account; SIMONSENMorgan. According to the security settings on the Exchange 2010 Receive connector I am not allowed to send using an email address I do not own. That is, that is not specified as belonging to my account in Active Directory. As a result we get the SMTP error from Exchange. To remedy this I can temporarily permit my account to send as any sender:

Get-ReceiveConnector default* | Add-ADPermission -User SIMONSENmorgan -ExtendedRights “ms-Exch-SMTP-Accept-Any-Sender”

And now I will get the message, so to speak:

The History tab in Task Scheduler now also indicates a success:

Task Scheduler successfully completed task “Event Viewer TasksSystem_Service Control Manager_7036” , instance “{3d755426-8e80-49aa-9bdf-3475b032c7dd}” , action “Task notification” with return code 0.

(Incidentally while setting this up I first specified my old SMTP server, which was no longer running the SMTP service. The error in the task history displayed another error in this situation 2147746323 (0x80040213). Translated with Err this is the error CDO_E_FAILED_TO_CONNECT.)

The ‘A service started!’ message in the email is not very helpful so I started to look for ways to include data from the event in the message. After a (very) long time I was able to do that with the help of these resources:

The short story is that you have to create a task attached to an event, and then export it and manually change what data is retrieved from the event. For reference I have included the XML export from my test here. You have to edit this task to supply your own sender, recipient and SMTP server values.

What happened to at.exe?

 

 

From Windows help:
The at.exe executable schedules commands and programs to run on a computer at a specified time and date similar to Task Scheduler. Task Scheduler and the schtasks.exe executable replace at.exe. All tasks created using the at.exe executable must run under the same account. By default this account is the local system account, but you can change this by configuring the AT service account information.

More information

Windows

WinRM and TCP ports

Leave a comment

WinRM, or Windows Remote Management, is an HTTP based remote management and shell protocol for Windows. The Windows Remote Management Service is responsible for this functionality. If WinRM is not configured for remote access, but the service is started, it listens for local requests on TCP port 47001. If you create listener it will still listen on 47001, but also on the default TCP ports 5985 (HTTP) and 5986 (HTTPS).

Windows

Upgrading to a higher edition (SKU) of Windows 7/Windows Server 2008 R2 using DISM

Leave a comment

The Deployment Image Servicing and Management (DISM) tool is a new tool included with Windows 7 and Windows Server 2008 R2. DISM enumerates, installs, uninstalls, configures, and updates features in Windows images, in either WIM or VHD format. DISM can also work against online (running) instances. Of special interest for this post are the editions commands; Get-CurrentEdition, Set-Edition, Get-TargetEditions, and their side-kick Set-ProductKey. With these you can upgrade a Windows instance from the command line without access to media. For Windows 7 and Windows Server 2008 R2 all the bits for higher editions are present in the instance or image. This is great news, because with previous versions of Windows you had to pop in the media, usually a CD/DVD, and perform an upgrade manually. For offline images (WIM/VHD) this is supported for both Windows 7 and Windows Server 2008 R2. But for running instances, or online, it is only supported for Windows Server, and only if the server is not a DC.

  1. Find the current edition for a running instance (online):
    dism.exe /online /Get-CurrentEdition
  2. Find the current edition for an offline image:
    dism.exe /image:c:mounted_image /Get-CurrentEdition
  3. Find the valid target editions for a running instance (online):
    dism.exe /online /Get-TargetEditions
  4. Find the valid target editions for an offline image:
    dism.exe /image:c:mounted_image /Get-TargetEditions
  5. Upgrade a running instance (online):
    dism.exe /online /Set-Edition:”ServerDatacenter” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE
  6. Upgrade an offline image:
    dism.exe /image:c:mounted_image /Set-Edition:”Professional” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE

When using Set-Edition, the parameter ProductKey is also required. Note that ProductKey in this case is a parameter for Set-Edition and not the Set-ProductKey command. Set-ProductKey can only be used against the current running instance and against offline instances. (If you do not have a product key, you can use the KMS key for the edition you are upgrading to. This will, of course, not get you a free license or anything, but it is convenient for testing. Find the KMS keys here.) For offline images it is also important to note that the images has to be generalized before you can upgrade it. Use sysprep.exe /generalize to do this.

Transcript of the upgrading of a VHD file:

C:Usersadministrator>diskpart

Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV

DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd

DiskPart successfully selected the virtual disk file.

DISKPART> attach vdisk

  100 percent completed

DiskPart successfully attached the virtual disk file.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
———-  —  ———–  —–  ———-  ——-  ———  ——–
Volume 0     F                       CD-ROM          0 B  No Media
Volume 1     C                NTFS   Partition    465 GB  Healthy    System
Volume 2     D                NTFS   Partition    931 GB  Healthy
Volume 3     E                NTFS   Partition    931 GB  Healthy
Volume 4     G   System Rese  NTFS   Partition    100 MB  Healthy
Volume 5     V                NTFS   Partition    126 GB  Healthy

DISKPART> exit

Leaving DiskPart…

C:Userssuperman>dism /image:v: /get-Targeteditions

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Editions that can be upgraded to:

Target Edition : ServerDataCenter
Target Edition : ServerEnterprise

The operation completed successfully.

C:Userssuperman>dism /image:v: /set-edition:ServerDataCenter

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Starting to update components…
Removing package Microsoft-Windows-ServerEnterpriseEdition~31bf3856ad364e35~amd64~~6.1.7600.16385
[==========================100.0%==========================]
Finished updating components.

Starting to apply edition-specific settings…
Finished applying edition-specific settings.

The operation completed successfully.

C:Usersadministrator>diskpart

Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV

DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd

DiskPart successfully selected the virtual disk file.

DISKPART> detach vdisk

DiskPart successfully detached the virtual disk file.

DISKPART> exit

Leaving DiskPart…

C:Usersadministrator>

This VHD is actually from a Hyper-V server, and has been generalized before it was mounted on the host and upgraded.

Some more info about DIMS and image servicing: http://technet.microsoft.com/en-us/library/dd744543(WS.10).aspx

Miscellaneous

Exchange 2010 not receiving mail

Leave a comment

My Inbox had been awfully quiet for a few days. Time to investigate:

Putty with manual SMTP session:

220 <servername> Microsoft ESMTP MAIL Service ready at Wed, 2 Dec 2009 12:53:01 +0100
ehlo server1.nowhere.com
500 5.3.3 Unrecognized command
ehlo server1.nowhere.com
250-<servername> Hello [<client IP>]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
mail from:test@nowhere.com
452 4.3.1 Insufficient system resources
rcpt to:morgan@simonsen.bz

That’s not good. What does the event log say:

Event Log:

Index              : 5950
EntryType          : Error
InstanceId         : 3221502622
Message            : Microsoft Exchange Transport is rejecting message submissions because the available disk space has
dropped below the configured threshold.

                     The following resources are under pressure:
Queue database logging disk space (“C:Program FilesMicrosoftExchange ServerV14TransportRoles
dataQueue”) = 88% [Medium] [Normal=86% Medium=88% High=90%]
Physical memory load = 95% [limit is 94% to start dehydrating messages.]

                     The following components are disabled due to back pressure:
Inbound mail submission from the Internet
Mail submission from Pickup directory
Mail submission from Replay directory
Content aggregation

                     The following resources are in normal state:
Queue database and disk space (“C:Program FilesMicrosoftExchange ServerV14TransportRolesdata
Queuemail.que”) = 88% [Normal] [Normal=92% Medium=94% High=96%]
Version buckets = 0 [Normal] [Normal=80 Medium=120 High=200]
Private bytes = 8% [Normal] [Normal=71% Medium=73% High=75%]
Batch Point = 0 [Normal] [Normal=1000 Medium=2000 High=4000]

Category           : ResourceManager
CategoryNumber     : 15

Source             : MSExchangeTransport
TimeGenerated      : 29.11.2009 21:45:58
TimeWritten        : 29.11.2009 21:45:58
UserName           :

That’s worse. The server had about 1.6 GB free disk space, and had hit the threshold set for the Queue database. I extended the disk to 32 GB and all was well. Hopefully not too many messages have been lost. SMTP has a default retry period of 48 hrs so I should have a lot of new messages as the various sending servers retry to deliver their messages.

Exchange Server

Configuring language settings for Out of Office messages in Exchange 2007

Leave a comment

Exchange provides the ability to configure Out of Office messages. The owner of a mailbox can configure different messages to be sent to users inside the organization and outside. The user is free to enter any text he wants, in any language, but the subject of the Out of Office message i handled by the server. Typically the Out of Office message you receive when sending mail to a mailbox that has Out of Office messages enabled is Out of Office: <subject of message sent to the mailbox>.

The Out of Office phrase is used by the server because the languages attribute of the mailbox that has Out of Office messages enabled is English (en-US). But you may also see something like this, if the language of the mailbox has been changed:

I this case the phrase is Fraværende, which is the Norwegian translation for Out of Office (or close). The mailbox using Out of Office in this case has its language set to Norwegian (nb-NO). I you want to change the language settings for a mailbox, there are two ways (that I know of):

  1. The user can change the language from within Outlook Web Access:
  2. The administrator can change the language from the Exchange Management Shell (EMS):

    Command for a single mailbox:
    Set-Mailbox morgan –Languages nb-NO
    Command for several mailboxes:
    Get-Mailbox | Set-Mailbox –Languages en-US
    A full list of all language codes is available here, but I do not know if Exchange 2007 support them all.

A little note about the Languages attribute. It is an array that can actually hold several values. I have seen mailboxes with two languages set here, but I am unsure of how this has come about. I am guessing that something has been set in OWA, but that some setting(s) still remain in a different language. I am not sure how this affects Out of Office messages.

Also to note is that in my lab I had to restart both the Microsoft Exchange Active Directory Topology Service and the Microsoft Exchange Information Store services to make the change take affect. This is probably caused by the Exchange Directory cache.

On a related note, look here for ways to change the language of DSN messages. There are two settings, one for internal DSNs and one for external.

 

 

 

For another post about the workings of Out of Office look here.

Miscellaneous

Go Consolas!

Leave a comment

It’s probably not good for your geek factor when you get excited about a new font in Windows, but a friend from work tipped me of about a new font in Windows 7 today; the Consolas TTF font, and now I am very excited.

This is the description of the Consolas font family from Microsoft.com:
Optimized for Microsoft ClearType
The Microsoft Consolas Font Family is a set of highly legible fonts designed for ClearType. It is intended for use in programming environments and other circumstances where a monospaced font is specified. All characters have the same width, like old typewriters, making it a good choice for personal and business correspondence. Optimizing the font specifically for ClearType allowed a design with proportions closer to normal text than traditional monospaced fonts like Courier. This allows for more comfortable reading of extended text on-screen.

Wikipedia also has an article on the Consolas font.

So far Consolas looks good on my displays. I do a lot of scripting in PowerShell so a good monospaced font is essential. Up until now I have always used Courier New, but that font is not optimized for ClearType. I will not say that I will be using Consolas from now on, but it looks good. And it also has a slash through the zero character!

Below are screenshots of cmd.exe using Courier New and Consolas:

You can read more about ClearType and Microsoft typography here.

The Consolas Font Pack can be downloaded here:

Exchange

WinRM problem on new Exchange 2010 server

5 Comments
I recently upgraded to Exchange 2010 on my home network. Everything went well, but when I started the Exchange Management Console for the first time I got this error when trying to open the Server ConfigurationClient Access node:
—————————
Microsoft Exchange
—————————
Connecting to remote server failed with the following error message : The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic.
—————————
OK  
—————————
After looking at the various settings for WinRM, firewall etc, I noticed that the WinRM IIS Extension was missing from my features list. I added it through Server Manager:

 
I could have used ServerManagerCMD.exe as well, but it has been depricated. The command would be:
servermanagercmd.exe -install WinRM-IIS-Ext
Or the PowerShell Server Manager cmdlets:
Import-Module ServerManager
Add-WindowsFeature WinRM-IIS-Ext
 
After the feature had been installed the error disappeared and Exchange Management Console worked without incident.
 
I had originally followed the steps outlined in this article on TechNet to install the prerequisites for Exchange on Windows Server 2008 R2, but those instructions do not mention the WinRM IIS Extension.

Information wants to be free!