Tuesday 2 December 2008

Antivirus XP 2008 and tdssserv.sys trojan / rootkit

Just had another encounter with this fiend - except this time it was too late to try and load Malwarebytes or AVG updates or Ad-Aware. They were all blocked, although internet access appeared ok for most sites. Trying to access AVG for example just bounced you back to a Google looking results page every time.

There's some good info over here and I was interested to see that the old Microsoft/Sysinternals Rootkit Revealer showed up the hidden components (the F-Secure Backlight rootkit eliminator showed up nothing). I booted off CD and manually removed them - the TDSSserv components were key. Was then able to start Windows and install Malwarebytes to clear up any loose ends.

It's getting rough out there.

Wednesday 26 November 2008

Microsoft Update error 0x80244022

Just been on the Microsoft Update website (WindowsUpdate) and received error 0x80244022 from three different PCs. Just worked out that if you leave that error open on the screen and go to File > New > Window and run the Update a second time it works ok :-)

Those pesky Update errors just keep coming.

Friday 21 November 2008

Symantec EndPoint Protection 11 MR3 client fails to install on SBS2003

Just attempted to upgrade one of the Small Business Server 2003 Premium servers from Symantec Client Security (SCS) or was that Symantec AntiVirus (SAV), well v10.2 anyway. Old version System Center Console (SCC) came off ok, rebooted and the new Symantec EndPoint Manager (SEPM) went on without error. However the newly packaged client for the server - AntiVirus and AntiSpyware modules only - wouldn't install. It got most of the way there and then suddenly rolled back without an error. There was a simple error event id 11708 from msiinstaller, operation failed.

Sounded just like some problems discussed on Experts Exchange and the Symantec forums. There was a whole thread dedicated to people opening support cases and requesting EndPoint Cleanwipe. So I did the same and within 20 minutes had a copy off Symantec ftp. It didn't fix the problem but wasted a couple of hours trashing the SEPM install as well as the previous Mail Security for Exchange. So after reinstalling both I was back to square one. Twelve hours later, Symantec tech support popped up having gotten around to reading the install log. Turns out there was an old Alert Management Server installed. It wouldn't remove from Add/Remote Programs or via CleanWipe.

The Microsoft Windows Installer Cleanup tool went all Chuck Norris on it and saved the day. One reboot later and a successful client install :-)

Saturday 6 September 2008

Antivirus XP 2008 or 2009 virus/spyware removal

I've come across a few PCs in the past month with the Antivirus XP 2008 problem. Basically its some spyware that fakes your Security Centre to look like there's a problem and needs fixing. It looks very authentic. There's a very thorough write-up at The Register, Anatomy of a Hack.

Two of the infections I saw had got in past AVG. One had 7.5 Free and the other had v8 but slightly dated definitions - unlucky timing, I wouldn't hold it against the folks at AVG. My AVG 8 Pro spotted the .exe as soon as I copied it over to the PC.

I've heard of a couple of cases where people have had to put hours into extracting the bad and getting their PC back up and running - should have called Redleg tech support first ;-) Best fix I've come across has been the AntiMalware product from Malwarebytes. You can find it over here.

Wednesday 27 August 2008

SEP, SBS and SIFMSMSE - they're tech not medical in case you were struggling

There was a time when I could remember what the Symantec antivirus acronyms were - life was simpler with SAVCE (Symantec Anti Virus Corporate Edition) and even SMSMSE (Symantec Mail Security for Microsoft Exchange). Now we've got SEP which doesn't remind you of an AV connection, worse still with the current version its SEP11 which just says its all coming crashing down. Then the latest Symantec Information Foundation Mail Security for Microsoft Exchange which just trips off the tongue, even the acronym SIFMSMSE is longer than most competitors' product names.

Anyway to the point. I've had an SBS2003R2 server running SEP 11.0 MR2 (I'm not even going to go there with the rest of the acronyms, but it was pre MP too) and SIFMSMSE 6.0.6 generating daily warnings in the Event Viewer which were making it into the SBS 6am daily monitoring report. The daily report didn't actually show much other than the source was Symantec AntiVirus. Taking a look in the Event Viewer shows Event ID 45 and screams SYMANTEC TAMPER PROTECTION ALERT. Turns out its Symantec's own product, the SIFMSMSE server which happily lives in the old SMSMSE directory.

Long story short, you can tell the antivirus to stop worrying about Symantec playing with itself (yes there was probably a more popular blog title in that) by going into SEP Console > Policies > Centralized Exceptions > right-click on the policy and choose Edit. Click Centralized Exceptions and add a Tamper Protection Exception for
[PROPGRAM FILES]
\Symantec\SMSMSE\6.0\Server\SAVFMSETask.exe
with an action of ignore.

All quiet on the front now.

PS I do like Symantec products - one of the few - always worked well for me, although the complexity and management from an SBS point of view seems to be increasing significantly. Reminds me of the old MacAfee which just got too complex to manage quickly and easily for a small business - haven't touched that since.

Monday 25 August 2008

Allocated Memory - please sir, can I have some more

More! Couple of SBS2003 servers have spells of hitting me with daily allocated memory alerts, i.e. the warning threshold has been tripped in the monitoring. Now you can simply push that threshold figure up in the Server Management console, look under Monitoring and Reporting. Then Change Alert Notifications > Performance Counters > Allocated Memory and edit the figure up from say 2147483648 to 2447483648, i.e. another 300MB ish to go at before it starts screaming.

But if you look closely in the Task Manager and find that there are large memory allocations (170MB+) for sqlserver instances, you can adjust their figures.

Details on changing the maximum memory for a SQL instance, e.g. for the SBS Monitoring or the ISA Firewall or the Update Services can be found in the SBS team blog on troubleshooting high memory use.

There are some suggested figures to use from Susan's blog on throttling. They worked fine for me - one server regained 550MB and another around 200MB, with no apparent performance hits. Looked to me like it might be more relevant to pre-R2 servers, but that may have been coincidence.

Friday 22 August 2008

SBS Manchester meet 2008

Thursday's meeting of the SBS Partners group in Manchester was good. The group is several meetings down the line now and starting to feel like its got some direction. Great turn out from Microsoft with 4 people representing the company. In particular Gareth Hall, server product manager, and Emily Lambert, SBSC programme lead, who are heavily involved in the new SBS2008 launch and had plenty to tell us about what to expect in the next couple of months and how we could get involved. Certainly got me fired up for the new upcoming version.

Also pleased to meet Vijay who is the partner area lead for SBSC - think we'll just refer to him as the SBSC API ;-) Been keeping an eye on his iQubed blog for useful posts this year. Be good to see you up here again Vijay. BTW he seems to have more acronyms than Symantec.

(Hey Manchester got a mention :-)

The meeting isn't just about Microsoft either, we've got a range of partners from one-man to 20 staff so the peer support and discussion is varied and helpful. Next meeting is 18 September with some interesting third-party visitors from what I've heard. See you there.

Saturday 9 August 2008

SBS 2003 Monitoring Report cannot be displayed

Had a couple of Small Business Server (SBS) 2003 boxes throw up blank daily monitoring reports recently. Most servers have been ok apart from these two, both SBS 2003 R2 with WSUS 3.0 SP1. One's a home build basic PC spec and the other is a Dell PowerEdge 860 dual core with 2GB RAM.

I wasn't able to get a fix despite trying reboots, updates, disk checks, reconfiguring monitoring, SQL database checks, etc. Got a fix now thanks to advice from Les Connor a Canadian SBS MVP, see the link here.

Basically you need to go into the main WSUS console (from Admin Tools) then Options and Server Cleanup Wizard. Running this with just the first option for Unused Updates fixed both servers. The PowerEdge took 18 hours to complete - reporting unused updates 11,092 and revisions 3,830. Sounds like this WSUS maintenance needs to happen on a monthly/quarterly schedule to keep the server optimised.

The basic server crashed out at 19 hours with SQL timeout errors. The monitoring report didn't come back immediately, until after a reboot.

Both are happy again ... me included :-)

Saturday 19 July 2008

The Hotel Vista

Had some problems at a hotel client last year when the first new Vista laptops started appearing with guests and delegates. The guest wireless has no password so its as simple as its gets really. Some of the laptops failed to get an IP address allocated and therefore wouldn't connect out. The laptop would associate and then do nothing or report Limited Connectivity. Other times they would work for a short time and then appear to disconnect. Also saw what looked like a normal connection, you could ping an external IP but website site addresses and hostnames wouldn't resolve - bit strange to diagnose. Needed a Gregory House moment.

I managed to track down a couple of registry keys that helped. Thought I'd better post them now just for the record following a discussion recently about dodgy wireless connections.

First one is from Microsoft KB933340
HKLM\SYSTEM\CurrentControlSet\Services\Dhcp\Parameters\DhcpGlobalForceBroadcastFlag \1
"0"= dword:00000000


I was reminded of the second one by Susan Bradley who pointed out Steve Riley's post.
Start a Command Prompt
(there's a cool short cut to this by shift-right-clicking a folder such as Documents)
(or use Windows-R key combo and type CMD)
then run the command
netsh int tcp set glo aut=dis

Thursday 3 July 2008

Which came first - the memory dump or the rainy day?

Just came across a useful sounding MS blog post c/o SMBManagedServices group at Yahoo. Talks about resolving 80% of memory dumps using the debugger, sounds easy really.

Anyway thought I'd best save the link somewhere prominent for a rainy day.

http://blogs.technet.com/petergal/archive/2006/03/23/422993.aspx

Whilst I'm on the theme of useful SBS Yahoo groups, also worth a look at ...
http://tech.groups.yahoo.com/group/UKSBSG/

Monday 16 June 2008

Symantec AntiVirus 10.x license expired at client

Got an SBS2003 network with around 20 clients on. I installed the new licence at the server but one of the clients refused to cooperate and just appeared in the Symantec System Center Console with a license expired and refused to deploy the new one even though there were unallocated seats. The error I was getting was 0x80004005 - helpful yeah!

Turned out the Windows Firewall was getting in the way. Disabling it fixed the problem temporarily so the licence would install but there was no client management available. All the tools like view event log failed. I found Symantec doc 2004070817071248 which talked about using port 2967 for client communications. Using the Group Policy Management in the server management console let me add a firewall port exception to enable this for all PCs on the network.

I updated the Windows Firewall policy under Computer Configuration > Administrative templates > Network > Network Connections > Windows Firewall > Domain profile
and edited the Define Port Exceptions to include this line:
2967:TCP:*:Enabled:Symantec AntiVirus Management - Port

Friday 13 June 2008

Media Player authorisation

Recently put a new SBS2003 R2 Premium server in at a client. We're using the ISA Server 2004 component of Premium to provide monitoring and some internet access control. Someone spotted that you couldn't play video files from itv.com, in particular the British Touring Car Championship (BTCC) ones. They use embedded media player for playback and kept giving an ISA server authorisation prompt.

The ISA logging at the server showed this error:
Denied Connection
SERVER 13/06/2008 09:31:10
Log type: Web Proxy (Forward)
Status: 12209 The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied.


Tracked the fix down to this article http://www.freelists.org/archives/isalist/11-2007/msg00016.html which talked about an error when Media Player tries to resolve the proxy name. With Microsoft ISA Firewall Client installed you can disable the Media Player proxy setting for HTTP (Tools>Options>Network>HTTP>Configure and change from browser to do not use). The Firewall Client will then handle ISA authorisation correctly.

Using the GPO method to apply the change across all PCs made life easy:
"User Configuration\Administrative Templates\Windows Components\Windows Media Player\Networking"
set the "Configure HTTP Proxy" option to "Disabled"

Saturday 7 June 2008

Who to blame - Microsoft or cheap kit?

So that cheap router you bought to connect to the internet was meant to save you some £. Turns out one of the cheap models out there, the Billion 5200 series doesn't get on with the latest big update from Microsoft - Windows XP Service Pack 3. Billion blame Microsoft - which I can't see. Surely the router should be stable and not go into a constant reboot cycle, irrespective of what random data gets hurled down the line at it. I'm sure there must be worse hitting it from the internet side. At least they've made updates available.

So next time you have to make a choice on cheap kit or recommended kit that costs a bit more but is likely to have had better design and testing, you might want to think twice.

Wonder if there are any other dodgy routers to come out of the closet yet? Just waiting those phone calls once SP3 gets the green light through Microsoft Update ...

Thursday 8 May 2008

Best data recovery ever?

Just came across this story c/o the front page of Slashdot. I'm always warning clients about backups. They need to be done religiously. The only people that I find doing that though are the ones that have had a massive data loss in the past. I usually recommend online backup as the simplest, most effective approach. You get your critical files offsite every night automatically. As soon as people and tapes are involved the chances of having a good backup when you need it most start dropping.

Wonder what the recovery bill was for getting 90% of the data back from this drive that survived the Columbia Shuttle explosion? Or do you think Ontrack just went with the publicity generated?

Did your backup work last night?

Wednesday 7 May 2008

XP SP3 finally puts in an appearance

After a false start or two in the past month Windows XP Service Pack 3 finally arrived on the server's Update Services list this morning. So much for a quiet time catching a rare sunny day.

I dived over to the Microsoft Downloads page to get a copy for my test machine, no luck can't see it. Surely they haven't pushed it out to Update Services .... and yes I can see it on WindowsUpdate too ... without making a download available for techies.

Anyway tracked it down from the notes on the Microsoft Update site in the end. If you're looking for it you'll need to go here for the Network Install Package.

http://www.microsoft.com/downloads/details.aspx?FamilyId=5B33B5A8-5E76-401F-BE08-1E1555D4F3D4


Install went smoothly, rebooted and no errors in Event Viewer. Everything looks ok.

Be interesting to see whether that rumoured 10% performance boost comes off, would certainly help this 3yr old PC :-)

Thursday 24 April 2008

Offline Files warning won't suppress

A client PC on an SBS2003 network kept giving a warning about a PST file not syncing at logout. It was an archive copy of an email account stored in My Documents that was located on the server. At the end of every day the Offline Files would sync and stick with the error, annoying the client who was keen to get out of the door at 4pm ... wish I had those hours ;-)

There's an MS document, KB811660 that talks about suppressing the warning for particular file types and locations. Its a bit obscure but the key point is to add this to the registry to skip warnings for Outlook PST files.

HKLM\Software\Policies\Microsoft\Windows\NetCache\ExclusionErrorSuppressionList \\\\*\\*\\*\\*.PST = 0x0000000 (REG_DWORD)

Unfortunately that didn't clear the error, even after the obligatory reboot. The trick to get it to take effect was to reset the Offline Files cache too. Go into My Documents > Tools > Folder Options > Offline Files and use Ctrl-Shift with Delete All Files. For more info take a look at KB230738.

Saturday 19 April 2008

New software from Apple, OS X for your PC

I guess its only a matter of time until a client starts asking about the Safari update to iTunes and I have to explain about Browser Wars 2. Seems a bit of a storm in a teacup but I was interested to see Apple at least separating Updates and New - thanks to Gary for the breaking Apple news. So how long until we see this dialog then.

Tell you what, I'd be front of the queue. Its turning into quite a talking point with clients. I'm regularly getting asked about iMacs and MacBooks whenever anyone needs a new machine. Even last year the answer was don't go there, the transition for your business isn't worth it. However now, I explain Parallels or dual booting and that you can choose Mac or Windows at startup, its a different proposition.

Take into account the compatibility and stability, the security benefits, the fact your staff can't download as much crapware onto the machines and the big impression Apple design gives to everyone, be it clients or staff, sounds like there could be a business case for switching there.

Thursday 17 April 2008

Vista, Suse 10.3 and multiple drives

Just managed to sort out a dual boot with Vista and Suse 10.3. Vista is on the second HD, a Samsung 500GB SATA. Suse was installed to the 200GB Seagate IDE drive which has boot priority to load GRUB. Unfortunately the auto boot settings of Suse were carefully stepping around Vista, insisting on these settings for Windows
title Windows
rootnoverify (0,0)
chainloader (0,0)+1
Even going into YaST Administrator Settings > System > Boot Loader and choosing Other > Edit Configuration Files > /boot/grub/menu.lst and over-writing the Windows entry didn't help. YaST must have known better, not.

As I couldn't boot Vista at this point I tried booting off the Vista DVD to repair startup with bootrec. Using the /fixboot option failed with an error that the volume wasn't compatible

The solution I sussed in the end was manually editing /boot/grub/menu.lst using Kate started via su in terminal and amending to these settings
title Windows
rootnoverify (1,0)
chainloader (1,0)+1

Novell's document on dual booting Vista and Linux has a similar solution.

Sunday 6 April 2008

SBS 2003 server SP2 setup error, failed to install catalog files

Had a problem loading Windows Server 2003 Service Pack 2 (SP2) onto a Dell PowerEdge this week. First error was that a file couldn't be copied, check permissions. I had to cancel that install and it rolled back ... but I guess not well enough. When I tried to reinstall I got this error:

Service Pack 2 setup error "failed to install catalog files"

Retrying the setup (again), clearing temp files, checking Event Viewer didn't help at all. Finally found this useful article at Microsoft, KB822798. Ignore the majority and jump straight to Method 9, that did the trick and the install completed ok.

Interestingly the original error came about from a file read error which must have appeared whilst SP2 was unpacking. I was able to get over the read error by unpacking to another temp directory, finding the file and overwriting the faulty one. You can unpack to a temporary directory by doing a Start > Run (delete any entry already there) then drag the SP2 file to the Run box and add -X (you may also need quotes if there are any spaces in the directory names)

e.g. Start > Run >
"c:\downloaded files\microsoft\WindowsServer2003-KB914961-SP2-x86-ENU.exe" -x

Thursday 3 April 2008

File Conversion - online, of course

One of the ISPs I use regularly for business clients - very reliable, excellent local support - has just sent their monthly newsletter out and pointed out a new service out on the interweb; www.zamzar.com. Its blindingly obvious, brilliant. Get your file conversions done online. Why haven't I seen something like this already?

I get these calls occasionally where a client has been emailed a file and is wondering what to do with it. Usually end up using FILExt to identify the source and then try and track down a program that can handle it. Half the time this happens out at a client site, Zamzar could be the easy answer. Be intersting to see how comprehensive their conversion filters become. Pleased to see their privacy policy is making all the right noises about protecting emails and files.

Monday 31 March 2008

Lenovo tracking US Government laptops

Been a big fan of ThinkPad T series for quite a while. Not the latest greatest tech out there but rock solid, excellent build and just does what is says on the tin. There are some nice features like ThinkLight, IBM nipple and useful software like Access Connections and Software Update - makes tech support life easy, plus they can take a hammering on the road day in day out.

Just coming to end of life with a T42, had a T23 previously and one prior to that too. Got several clients with T20's, T30, T42, T43, T60. One of those ThinkPad T43 laptops recently started failing to boot at the start logo. After a session swapping memory, drives, power, batteries and trying to fix MBR I concluded there was a system board issue ... two weeks before end of warranty, good timing. No problem getting it fixed, probably took around a week and they didn't do a hard disk recovery which kept my life simple - yeah of course we had a backup.

To the point, I've just had a Lenovo Customer Support Satisfaction survey email which I duly completed right up to the last screen ...

Yes just discreetly dropped in at the end there is the question 'Is this computer assigned to you personally for the purpose of performing US government work?' ... oh and its mandatory. So are they just looking after probably one of their biggest customers ... or is it entirely coincidental that they want to identify US government work immediately after having a copy of the hard disk at their disposal. This being Blogger I'd have to go with the conspiracy every time :-)

Friday 14 March 2008

Shuttle SN41G2 (FN41 motherboard) BIOS

Got a new FN41 v2.0 motherboard from ebay for my ageing Shuttle SN41G2. System has always run well with an Athlon XP 2500+, 1GB DDR400, Radeon 9250 and Sony DVDRW. You can't use DDR400 with the integrated GeForce 4MX graphics unless you drop the speed down to DDR333. But it works ok with an AGP card - which also means you can disable the integrated graphics in the BIOS, reclaim the memory and disconnect the small noisy internal fan.

The replacement mobo had BIOS v18 (fn41s018.bin) and I was having a bit of trouble getting the memory speeds to stick properly. Went to Shuttle to get the v32 (fn41s032.bin) BIOS and found it wouldn't flash with the Award flash utility listed - kept getting an error about an invalid product. Available version was AWDFLASH v8.89. Fortunately I had a previous download of AWDFLASH V8.23 and that worked fine.

On the subject of noise Alfredo's Speedfan works well with this system and can keep the fan noise to a steadier level on a warm day - ideal if you've got the unit sat on the desk just by you.

Monday 3 March 2008

Samsung in need of therapy

Trawling through overnight server reports first thing in the morning is not the cheeriest introduction to the day, but the caffeine helps - M&S Fairtrade Dark Roast Espresso brewing as we speak, er type.
Just occasionally the reports throw up a real LOL entry. One of my old test servers just reported this

PlugPlayManager. Event ID 12. 02/03/2008 20:10

The device 'SAMSUNG SP0812N' (IDE\DiskSAMSUNG_SP0812N) disappeared from the system without first being prepared for removal.


It's an internal drive! Where did it disappear to and what sort of preparation did it think it needed!? I guess it didn't take well to the request to copy a 4GB file. I've got an image of it slinking out from the back of the PC, to hide behind the filing cabinet, rocking backwards and forwards, whimpering.
We need more error messages like this first thing :-)

Friday 29 February 2008

Exchange 2003 IMF updates (well, mostly)

One of the SBS2003 R2 servers running Windows Server Update Services (WSUS) 3 generated error 0x800706be when installing Update for Intelligent Message Filter for Exchange Server 2003 2008.02.14 (KB907747).

The update installed successfully on the next attempt, but I found a few interesting pointers whilst checking out manual installs/uninstalls of IMF Updates.

There's a useful document from MS called the IMF v2 Operations Guide, linked from 907747.

You can manually install an update or go back to a recent version simply by registering the appropriate DLL and restarting IIS (run iisreset). Fire up a command prompt (Start > Run > CMD) and take a look at the pic below. The commands are:
cd exchsrvr\bin\MSCFV2\6.5.7993.0
regsvr32 MSExchange.UceContentFilter.dll
Note that if you try and register the MSExchange.UceContentFilter.dll from a different directory you'll get a 'module not found' error, so make sure you change to the correct directory first.
You can back out the current filter by simply registering the previous version. Alternatively head into Add/Remove Programs and remove the Update for IMF under Microsoft Exchange (you may need to tick the Show Updates box) which goes all the way back to the original Exchange 2003 SP2 filter when IMFv2 was originally installed.

The original error listed in Update Services, top picture, should automatically clear after 24 hours - but it didn't, nor after a reboot. Giving it another 24h post reboot ...

Sunday 17 February 2008

WindowsUpdate 0x8000FFFF fix

Just built a PC for someone with one of GigaByte's GA-73PVM-S2H motherboards. Its a nice spec nVidia based board including DDR2-800, VGA, DVI-D, HDMI, eSATA, 1394 Firewire (rear and front), SPDIF, 7.1 HD sound and support for 10xUSB - don't think there's a lot to compare at the price. I loaded Vista Home Premium OEM without incident, went to check WindowsUpdate and was greeted with error 0x8000FFFF which sounds like some non-specific default message. Trawling Google (but not Microsoft support) throws up similar errors and recommendations to uninstall update KB929777 - ah, but I hadn't actually loaded any updates so far. I did wonder whether not activating during install or immediately switching to Microsoft Update (i.e. Windows + other products) caused the error?

Fortunately at Ask Leo there's a comment from Mark Lewis / Eric M referring to some keys to delete in the registry (take a backup first!). Start regedit and head into HKLM\Components and remove the keys for PendingXmlIdentifier and AdvanceInstallerNeedResolving. Then restart and try WindowsUpdate again. Gotta be on the right track when the messages change from red to yellow :-)The update loaded in a blink with no prompts and and I had to manually run an update check again - now we were in business ...

Friday 8 February 2008

ASP.NET Event ID: 1062 - confused SBS2003 server

So one of the SBS2003 servers I manage bleated at me this morning that it didn't know which ASP.NET it should be using 1.1 or 2.0. At which point it duly filed an error in the Event Viewer and kicked everyone out.

Source: ASP.NET 2.0.50727.0
Event ID: 1062
It is not possible to run two different versions of ASP.NET in the same IIS process. Please use the IIS Administration Tool to reconfigure your server to run the application in a separate process.

We had a new application loaded this week from one of the suppliers and part of it relies on ASP.NET v2.0. Turns out it dropped into the DefaultAppPool along with some SBS specific applications; Backup, Monitoring and Remote. These rely on ASP.NET 1.1 and I found the tip-off in Scott Forsyth's blog about keeping your ASPs in separate pools.

The solution is to create a new application pool (called KxEntiretyPool in this case) - see the screen shot - using the DefaultAppPool as the template. You can then go down into the Web Sites section, into Default Web Site and open the Properties for your new application. Simply change it over from DefaultAppPool to the new application pool and restart the Web Publishing service.

Tuesday 29 January 2008

Vista Boot Manager missing, along with rest of drive

Just spent 2 hours trying to fix a missing bootmanager error on a client Vista PC. It wouldn't start so I booted off the Vista DVD, clicked Next on the first install prompt to get to the repair options. The auto repair didn't do the trick and the manual options for /fixmbr and /fixboot (see 927392) kept reporting 'specified device not found'. Same when I tried the /RebuildBCD option.

Probably should have taken the hint at that point. When I finally took a look in the BIOS I spotted a missing master drive. The slave was present and looked like a former Windows drive and I think it may also have been a dual boot with PC Linux and GRUB at one point. Bottom line was I was trying repair an old Windows with Vista recovery tools and it was proving to be a little resistant to the idea.

Mounting in another PC and running chkdsk sorted everything out and it reappeared back in its own PC and booted happily. I suspect it may not have required the other PC at all and I could have got away with disconnecting and reseating all the connectors. Wish I'd thought of the easier option first ... and thats why I'm posting at 00:13 in the wee hours of Monday night.

Sunday 20 January 2008

0x800700C1 fix

Probably spent way too long getting this school PC working again ...

In short
As you tried to login to Windows XP Home (SP2) it showed a message and logged out again.
A problem is preventing Windows from accurately checking the license for this computer. Error code: 0x800700C1
The suggested fix for error 0x800700C1 had been try re-registering regwizc/licdll or see 310794 from MS and if they don't work reinstall/recover XP - and more than likely lose your applications and settings.

In short, the answer I found was to uninstall Windows XP Service Pack 2 (SP2) using Safe Mode, which gets rid of the Windows Genuine Advantage that's causing the error. Then reboot and reinstall SP2 which resets WGA. I had to activate again (prob from resetting wpa.dbl earlier) and then install IE7 from MS Downloads before I could run WindowsUpdate.

[After reinstalling IE7 I got error 0x800703EE from WindowsUpdate which I traced to c:\windows\system32\wups2.dll - file length was 0 bytes. Deleting the file and reloading WindowsUpdate fixed that.]

Thursday 17 January 2008

HP source fixes printer

Been a bad HP printer day today. First up was an HP Photosmart C3180 that was happy to print but ignorant about the scan button being pressed. You'd get the HP scan logo initialising on screen followed by an error about a communications failure. Initiating the scan from Windows XP worked fine. Went through a couple of rounds of uninstalling and reinstalling before tracking down a good HP document ('An error occurred while communicating with scanning device') that talks about different solutions, got all the way to solution 9 before I got the scan button working correctly. It just needed this patch.

Second problem HP printer of the day was a Color (Colour!) LaserJet 2500 (tn model). When printing multiple copies of a document from Word, Acrobat, IE, Firefox, etc with a collate option you'd get both prints out ok followed by an error:

job storage status page
Error: Unable to store job at printer
Reason: Printer not configured to collate
Solution: Install an EIO hard disk
... yeah thanks for that HP, identify an error and immediately try and sell the customer an upgrade (is this printer spam!?)
Also noticed that clicking the update button in the device settings (to auto load tray and memory configuration) reported a communications error.

A few months back we were having regular printer errors with this CLJ2500 covering a range of memory overflows and communication faults. I upgraded to the new HP Universal Print driver - bad move. Talk about slow, particularly when loading properties. So I went back to the PCL6 driver and performance was better and curiously much less error-prone. Finally tracked down the collate error in an HP forum and an HP engineer recommending to go back to the PCL5 driver! With that loaded performance is quick, there are no communication errors, the update button works, multiple copies print without a 'buy an EIO hard disk' error and so far (fingers crossed) there have been no job failures or memory overflows.

Problems aside I'm still a huge fan of HP printers - build and design is excellent, support is good and widespread, compatibility is still important with some niche applications and there's never any problem getting hold of consumables or spares.

Friday 11 January 2008

AutoCorrect UK, Missing In Acton

That post title impressed me more than finding the solution to the problem :-)

The new Vista PC is running Office 2007. Once you're over the first month of 'where did that go' its pretty straightforward. Not seen any of the Outlook problems that are described elsewhere. In fact I can't wait to get it all hooked into the new Office Accounting 2008 and see how all that hangs together too.

I did have one issue with Word/Outlook - no UK AutoCorrect. I noticed from the start that common misspellings weren't being corrected (e.g. teh) but never bothered to look why just did a right-click and corrected the spelling. The AutoCorrect was on and the default language set to UK.

Today I finally got around to poking about and discovered the English UK AutoCorrect list was empty apart from a few common symbols, certainly no words. Changed to English US and there are a load of entries and AutoCorrect works fine - well, for most words anyway ;-)

When I tracked down the relevant file which is mso2057.acl in the username\appdata\roaming\microsoft\office directory, I found it was only 1KB. The US version mso1033.acl is 37KB. Checked the original CD and I could find the US one but not the UK.

So a fix, well more of a workaround, was to copy the mso2057.acl from the previous PC's Office 2003 - look in \documents and settings\username\application data\microsoft\office. AutoCorrect burst back in to life and I'm no longer reminded just how terrible my typing has become - except when I'm blogging :-(

Sunday 6 January 2008

Vista gets the snip

Had a pretty good experience with Vista over the past few months. I've got Vista Business running happily on a Dell Vostro 200s with an E6550 processor, 2GB memory, twin 320GB drives using RAID1 and dual 19" screens off a Radeon HD 2400 XT. Good spec, bargain price.

I'd always used Alt-PrtScr to get a snapshot of a screen in XP and earlier. Doing IT support I use that quite frequently for sending out instructions and identifying problems. So I've been a bit frustrated that I could only use PrtScr for a full dual-screen grab rather than Alt-PrtScr for just the active window - haven't decided what combination of Vista / Vostro / Dynamode KVM / old IBM keyboard that's giving me a problem.

Then I found Snipping Tool. Just look under Programs > Accessories or type 'snippingtool' into the Run box (Win-R). Woo-hoo, quick ready cropped screen grabs ready to paste and save. I like that add url option too. My life is complete, well for another 5 minutes anyhow.

Thursday 3 January 2008

Would you like Mac with your Windows?

For convenience and to stop having to restart the iMac to get into Windows XP, I needed Parallels Desktop for Mac. This is a very smart piece of software. The retail box came with an old v3.0 build but you can just download and install the latest build - build 5582 at time of writing. Use the activation code from the boxed copy.

Considering what the program achieves in terms of emulating Windows XP within OS X and the complexities that must involve, the install pretty much sailed through (a bit surprising considering the horror stories in places like MacNN Forums). I chose to use the existing Boot Camp version of XP which it spotted and updated with its own drivers. XP needed activation again after installing, and then again after I'd rerun the Boot Camp version and gone back to Parallels. The last one was via the Microsoft automated telephone activation. Fortunately that did the trick - breathed sigh of relief.

The verdict - so its a bit slower in OS X but entirely usable, very well thought out and very convenient for quickly checking something under XP or running an XP only program. I discovered the drag and drop by accident, moving a file to the XP desktop rather than Mac wastebasket - fortunately it wasn't anything large like a DVD ;-)

Trust 1&1 Internet for your domain name registration, from only £1.99/year!. Check now!