upgrade management metadata service from 2010 farm to 2013 farm
upgrade management metadata service from 2010 farm to 2013 farm: http://technet.microsoft.com/en-us/library/cc263299.aspx ,
get the following error when i try to open termstore in 2013 CA. it turned out that users in 2013 farm should be added into term store administrators.
Failed to deserialize permission. Exception: System.ArgumentException: identityToGetKeyFor
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKeyClaim(IClaimsIdentity claimsIdentity, SPClaim loginClaim)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(IClaimsIdentity claimsIdentity, String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Administration.Claims.SPClaimProviderManager.GetProviderUserKey(String encodedIdentityClaimSuffix)
at Microsoft.SharePoint.Utilities.SPUtility.GetFullUserKeyFromFullName(String fullName)
at Microsoft.SharePoint.Administration.SPAcl`1.CreateAce(String principalName, T grantRightsMask, T denyRightsMask)
at Microsoft.SharePoint.Taxonomy.Internal.Security.DeserializePermission(IDataReader dataReader, SPAcl`1 acl, List`1 siteCollectionIds, SharedUrlStringCollection siteCollectionUrls)
Reply:
Can you access the managed meta data service application at all?
Otherwise you have to configure the users before the upgrade on the 2010 farm....
To set a user as term store admin or as group manager you can use the following PS scripts. They work both on 2010 and 2013
# setting a termstore administrator $siteUrl = "http://<site>" $termstoreAdmin = "<domain\user>" $termstoreName = "<i.e. Managed Metadata Service>" $site = Get-SPSite $siteUrl $taxonomy = Get-SPTaxonomySession -Site $site $termstore = $taxonomy.TermStores[$termstoreName] $termstore.AddTermStoreAdministrator($termstoreAdmin) $termstore.CommitAll() # setting a term store group manager $termstoreGroupName = "<i.e. People>" $termstoreGroupManager ="<domain\user>" $termGroup = $termstore.Groups[$termstoreGroupName] $termGroup.AddGroupManager($termstoreGroupManager) $termstore.CommitAll()
SharePoint Architect, Speaker, MCP, MCPD, MCITP, MCSA, MCTS, Scrum Master/Product Owner
Blog: www.matthiaseinig.de, Twitter: @mattein
CodePlex: SharePoint Software Factory, SharePoint Solution Deployer
------------------------------------
SharePoint 2013 printing Enhanced Rich Text
Can anyone offer any solutions to printing the contents of an Enhanced Rich Text field including the images?
SharePoint 2013 now allows Enhanced Rich Text to be captured and displayed in SharePoint Lists using the Rich Text Editor Web Part.
So the field contents will look something like:
<div>
<p>This is a
<strong style="font-size: 13pt;">strong </strong>sentance</p>
<p>
<img src="/sites/mysite/SiteAssets/myPicture.jpg" alt="" style="margin: 5px; width: 423px;"/> </p>
</div>
This displays on screen in a SharePoint List Web Part with text and an image.
Now the question is how can I print this? SSRS 2012 placeholders can use "Interpret HTML tags as styles" but this will only handle the text. The img tag is stripped out.
I have thought about an SSRS Custom function using an External Assembly but this would mean interpreting the HTML fragment manually, somehow generating an image from this and somehow returning an image to SSRS (which I am not sure is even possible. Looks like no based on: http://social.msdn.microsoft.com/Forums/en-US/sqlreportingservices/thread/8a1d34d4-b6e7-4e8e-b2a2-1f328a5e6505).
Is there a third party solution?
Am I completely wrong because on the face of it, it looks like Microsoft have provided us with the front end Rich Text Editor Web Part, but nothing on the backend to print this!
Tags allowed in Enhanced Rich Text http://office.microsoft.com/en-us/windows-sharepoint-services-help/format-text-in-an-enhanced-text-field-HA010030824.aspx
- Edited by genify2 Tuesday, January 15, 2013 11:11 PM
Reply:
------------------------------------
A Cheat Sheet APP for K/B Commands (Shortcuts)
And, indeed, if you look in Store there are several APPs offering insight and instruction, guidance to enlighten you as the use, navigation, understanding, productivity and enjoyment of Windows 8. Do yourself a favour and > Store > Charms > Search and type in Windows 8. Seriously, check it out... MS has put helpful stuff, APPs, there for you about operating Windows 8.
Cheers,
Drew
Drew MS Partner / MS Beta Tester / Pres. Computer Issues Pres. Computer Issues www.drewsci.com
- Edited by Drew1903 Saturday, January 26, 2013 8:07 AM
Reply:
All I need is a "tip sheet" taking up another 25% of my screen with only one single additional windowable app taking up the other 75%. Brilliant plan. Why don't we just all print out the old keyboard template shortcut sheets from wordperfect while we are at it too.
------------------------------------
Reply:
The other positive reason for the thread was to bring people's attention & awareness to other APPs available in the Store to help those new to Windows 8 to get familiar & comfortable w/ it.
If, it's nothing of interest to you (abc...), don't bother w/ it.
Cheers,
Drew
Drew MS Partner / MS Beta Tester / Pres. Computer Issues Pres. Computer Issues www.drewsci.com
------------------------------------
Extremely Large Volume - Pro and Cons
"Extremely Large" is only meant in the 2013 standard. I'm sure it will be "not so large" in 5 years and "tiny" in a decade.
We're a large organization and one of the responsibilities of my group is to manage about half a million user homefolders, which are currently spread across about 100 volumes in 10 file clusters.
As grand and majestic it may seem, problems arise when those volumes are filled up.
At one point the situation became so bad that I had to assign one of my staff to move homefolders around FULL TIME, in order to continue some service. What an expensive and completely meaningless excercise to do!
We do implement quotas and expand the volumes regularly, however it never catches up with the demand, since we're forced to overprovision due to our size. Imagine if we provide 1GB of space per user, quite pathetic in today's standard, we need 500TB of space just to fully provision the storage.
I'm aware of some technology (Storage Pool in 2012, EMC, etc.) for building very large volumes. This will be ideal for my situation.
However, I also heard some concerns from different people in regards to extremely large volumes. Backups, RAIDs and maintenance are some concerns, although I don't quite understand much in those areas yet.
Now, although technically possible, what will stop me from building a 10PB volume, put everything there and don't worry about it for the next 5 years.......
Pros and Cons, experts?
Reply:
My point is, we're living in an age when the amount of information explodes exponentially, while storage becomes cheaper and cheaper. Does it make sense to work towards a one volume architecture in order to eliminate all administrative burden?
------------------------------------
Reply:
Hi,
I did not find the 256TB limitation in the article you provided about NTFS.
It said the Max Volume Size of NTFS is "2^32 clusters minus 1 cluster" and NTFS5 is 2^64 clusters minus 1 cluster.
Here is another article:
Maximum Volume Sizes
http://technet.microsoft.com/en-us/library/cc938432.aspx
Note:
2^64 is 18,446,744,073,709,551,616. That's 17,179,869,184 gigabytes.
1PB=1,125,899,906,842,624=1,048,576 gigabytes.
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
------------------------------------
Reply:
Let me discuss few things before answering pro and cons. As you are aware storage pool you do understand QoS (Quality of Service). As Service doesn't come free to you, you need to pay higher price for resilient volumes. Consider three type of data
1) Critical data like hosting your app. You need it to be up and running 24X7.
2) Personal data. You do need it to be fault tolerant but in case of corruption you are fine to wait for some time to get it recovered.
3) Backup data. You will only need it if something drastic happens. So you can keep it on a cheap storage device like tape.
Now coming to your question the volume you are creating will have same QoS. So if all of them are critical data you know the price you are paying.
1) You may end up paying for something which you will never need. Like fault tolerant backup data.
2) If you compromise on QoS in case of corruption you will end up losing huge amount of data.
From Pro I can think management might look easy but don't get fooled. Taking snapshots/backups and managing them may turn to be a big headache.
Let me know if it clarifies your doubt,
Regards
Satish
------------------------------------
Reply:
Thanks Shaon.Hi,
I did not find the 256TB limitation in the article you provided about NTFS.
It said the Max Volume Size of NTFS is "2^32 clusters minus 1 cluster" and NTFS5 is 2^64 clusters minus 1 cluster.
Here is another article:
Maximum Volume Sizes
http://technet.microsoft.com/en-us/library/cc938432.aspx
Note:
2^64 is 18,446,744,073,709,551,616. That's 17,179,869,184 gigabytes.
1PB=1,125,899,906,842,624=1,048,576 gigabytes.
There is this article that states the 256TB limit.
I think the calculation is based on 2^32 clusters * 64KB per cluster - 64KB = (256TB - 64KB) maximum volume size. You mixed up the clusters and bytes above.
I think the 2^64 vs 2^32 difference is based on some system limitation (could be the volume table).
------------------------------------
Reply:
Hello,
In 2012, there is UEFI support for up to 9.4 Zettabytes in a single partition!
Miguel Fra | Falcon IT Services, Miami, FL
www.falconitservices.com | www.falconits.com | Blog
- Edited by Miguel Fra Friday, January 25, 2013 4:46 AM
------------------------------------
Reply:
Let me discuss few things before answering pro and cons. As you are aware storage pool you do understand QoS (Quality of Service). As Service doesn't come free to you, you need to pay higher price for resilient volumes. Consider three type of data
1) Critical data like hosting your app. You need it to be up and running 24X7.
2) Personal data. You do need it to be fault tolerant but in case of corruption you are fine to wait for some time to get it recovered.
3) Backup data. You will only need it if something drastic happens. So you can keep it on a cheap storage device like tape.
Now coming to your question the volume you are creating will have same QoS. So if all of them are critical data you know the price you are paying.
1) You may end up paying for something which you will never need. Like fault tolerant backup data.
2) If you compromise on QoS in case of corruption you will end up losing huge amount of data.
From Pro I can think management might look easy but don't get fooled. Taking snapshots/backups and managing them may turn to be a big headache.
Let me know if it clarifies your doubt,
Regards
Satish
Thanks very much Satish for your reply.
I guess great minds think alike and we actually have a tiered storage structure in different grades. Just like you said App and DB data are stored in the most expensive high performance disks. Non-app data such as homefolders and departmental shares are fault tolerant and stored in the lower grade disks. Backups used to be on tapes but we have transitioned to disk backup since tapes are unacceptably slow given the amount of our data.
By one volume I mean grouping all data of the same priority/criticality into one logical space/volume instead of spreading out into hundreds of different volumes. Homefolders, for example, is my main target for such consolidation.
Our backup team is one of the biggest protestors of such idea. Their main argument is backup will be a lot less efficient and more time consuming with one large volume vs many smaller ones. This is understandable, however, only in the sense that the backup is performed on the same logical layer. I don't believe backups can only be done in the front end. The storage, after all, is just the same bunch of disk arrays in the back end. There must be a way for more efficient backup that operates independently from the logical volume and its limitations.
I'd also like to comment about the 256TB volume size limit of NTFS. Will Microsoft eventually do something about it or we'll have to consider other file systems as alternatives? 256TB is still a beast for domestic use, but in Enterprises that is starting to become a normal deal.
------------------------------------
Reply:
That's wonderful, but we're still subject to the 256TB limit of NTFS........ unless we abandon Windows altogether lolIn 2012, there is UEFI support for up to 9.4 Zettabytes in a single partition!
------------------------------------
Reply:
Hello,
Server 2012 has UEFI support and ReFS support. ReFS is backwards compatible with NTFS and supports a 262,00 Exabyte single volume.
Miguel Fra | Falcon IT Services, Miami, FL
www.falconitservices.com | www.falconits.com | Blog
- Edited by Miguel Fra Saturday, January 26, 2013 5:12 PM
------------------------------------
Reply:
Server 2012 has UEFI support and ReFS support. ReFS is backwards compatible with NTFS and supports a 262,00 Exabyte single volume.
Great article, thanks. Although there are some criticisms of this new file system, it's truly worth consideration.
Lack of disk quota is a disappointment, but I think FSRM can fill the gap.
I appreciated all these useful replies. Now I know which direction we should take.
------------------------------------
No client communication after switch to HTTPS for management point
Configuring HTTPS for SCCM shouldn't be this difficult.
I've followed this guide to the best of my ability, however once I configured HTTPS only communication, all my clients refuse to communicate with my management point.
- I deployed my web server cert on my management point, bound it to 443 and was able to connect to https://fqdn from the server and from a few clients with no issue. I also verified that the cert's Enhanced Key Usage value contained Server Authentication (1.3.6.1.5.5.7.3.1).
- Was already using Group Policy to autoenroll the client certificate on our client computers, but doubled checked a few just to make sure they were in fact autoenrolling. Also verified that cert's Enhanced Key Usage value contains Client Authentication (1.3.6.1.5.5.7.3.2)
- Next I configured client computer communication to use HTTPS (Administration –> Sites –> Right click and choose properties, client computer communication –> Chose use HTTPS)
- Now, whenever you try to find the site we get "Configuration Manager did not find a site to manage this client" and the device activity within SCCM never updates.
I've checked the contents of mpcontrol.log on the mp and see that it shows SSL is enabled:
******************************************************************************** SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) SMS_MP_CONTROL_MANAGER received START notification. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) MPStart(): Registered for Notifications. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) CMPControlManager::ReadConfigurationSettings(): Periodic Interval is 1800000 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) CMPControlManager::ReadConfigurationSettings(): WINS Interval is 14400000 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) MPStart(): ReadConfigurationSettings() returned 0x0. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) Querying MPHealthCheckIntervalInSeconds registry value returned a status of 2. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) Querying MPHealthCheckTimeoutInSeconds registry value returned a status of 2. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) Querying MPHealthCheckStatusMessageIntervalInSeconds registry value returned a status of 2. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) Querying NLBNodeAvailabilityState registry value returned a status of 2. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) MPStart(): Read all MP Settings. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) MPStart(): SSL enabled. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) CMPControlManager::WriteToCCMSettings(): WMI Connection established. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) CMPControlManager::WriteToCCMSettings(): Successful. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) RegisterWithWINS: Registering the WINS name MP_SON ... SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) RegisterWithWINS: EnumerateLANAs() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) RegisterWithWINS: ResetAll() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) NetBIOS_AddName(): LocalName: MP_SON LanaNumber: 0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:03 AM 3800 (0x0ED8) RegisterWithWINS: NetBIOS_AddName(LANA=0) returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) MPStart(): RegisterWithWINS() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) CMPControlManager::PublishInDNS: DnsReplaceRecordsInSet() failed with status 9017. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) MPStart(): PublishInDNS() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Successfully Registered for IP Address Change notifications. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) MPStart(): RegisterForIPAddressChangeNotification() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Attempting to register the SQL connection type for the configured SQL database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Registered connection type for SQL Server 'SQL-01.domain.com' and database 'SON_SCCM'. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) MPStart(): RegisterSqlDatabaseConnectionType() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Checking the current CLR Enabled configuration setting for the configured SQL Server hosting the database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Getting the CLR Enabled value from the configured SQL database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Attempting to connect to the configured SQL database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) Successfully connected to the configured SQL database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:06 AM 3800 (0x0ED8) The configured SQL database has the CLR Enabled configuration setting set to 'On'. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:07 AM 3800 (0x0ED8) Disconnecting from the configured SQL database. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:07 AM 3800 (0x0ED8) MPStart(): CheckSqlDatabaseClrEnabled() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:07 AM 3800 (0x0ED8) Waiting up to 300 seconds for the SMS Agent Host service to be running. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:07 AM 3800 (0x0ED8) Stopped waiting for the SMS Agent Host service to be running; Result = 0x0. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 3800 (0x0ED8) MPStart(): WaitOnSmsAgentHostRunning() returned 0x0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 3800 (0x0ED8) MPStart(): CreateThread() succeeded with id 0x1018. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 3800 (0x0ED8) SMS_MP_CONTROL_MANAGER successfully STARTED. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 3800 (0x0ED8) ******************************************************************************** SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 3800 (0x0ED8) Configuration and Availability Monitor thread started. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 4120 (0x1018) Initialized 'SMS Server Availability' performance instance => SMS Management Point. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:22 AM 4120 (0x1018) SSL is enabled. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Client authentication is also enabled. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) CRL Checking is also enabled. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Machine name is 'SERVER.domain.com'. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Begin validation of Certificate [Thumbprint fa3739d5f81be7b72a5238a48ebe820b9a0c5921] issued to 'SERVER.domain.com' SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Certificate has "SSL Client Authentication" capability. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Completed validation of Certificate [Thumbprint fa3739d5f81be7b72a5238a48ebe820b9a0c5921] issued to 'SERVER.domain.com' SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) >>> Selected Certificate [Thumbprint fa3739d5f81be7b72a5238a48ebe820b9a0c5921] issued to 'SERVER.domain.com' for HTTPS Client Authentication SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Call to HttpSendRequestSync succeeded for port 443 with status code 200, text: OK SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Sent summary record of SMS Management Point on ["Display=\\SERVER.domain.com\"]MSWNET:["SMS_SITE=SON"]\\SERVER.domain.com\ to \\SERVER.domain.com\SMS_SON\inboxes\SiteStat.Box\6z4e3h1c.SUM, Availability 0, 125723644 KB total disk space , 45049700 KB free disk space, installation state 0. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Http test request succeeded. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) STATMSG: ID=5460 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SERVER.domain.com SITE=SON PID=1536 TID=4120 GMTDATE=Sat Jan 26 05:10:52.969 2013 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Successfully performed Management Point availability check against local computer. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018) Initialization successfully completed within the allowed interval. SMS_MP_CONTROL_MANAGER 1/26/2013 12:10:52 AM 4120 (0x1018)
Next I checked the client's ClientLocation.log and found this:
Assigned Site is SON ClientLocation 1/26/2013 12:17:53 AM 4008 (0x0FA8) Autodiscover Site ClientLocation 1/26/2013 12:17:53 AM 4008 (0x0FA8) Client is set to use HTTPS when available. The current state is 192. ClientLocation 1/26/2013 12:17:53 AM 4008 (0x0FA8)
Any help with this would be greatly appreciated.
- Edited by RJ454M3 Saturday, January 26, 2013 5:22 AM
Reply:
Now, whenever you try to find the site we get "Configuration Manager did not find a site to manage this client" and the device activity within SCCM never updates.
This has nothing to do with http/https. It's a matter of boundaries / groups. You cold assign the client manually (which should not be needed, because it already says "
Assigned Site is SON"). Just examine ClientIDManagerStartup.log then.
Torsten Meringer | http://www.mssccmfaq.de
------------------------------------
Reply:
Now, whenever you try to find the site we get "Configuration Manager did not find a site to manage this client" and the device activity within SCCM never updates.
This has nothing to do with http/https. It's a matter of boundaries / groups. You cold assign the client manually (which should not be needed, because it already says "Assigned Site is SON"). Just examine ClientIDManagerStartup.log then.
Torsten Meringer | http://www.mssccmfaq.de
Thanks, Torsten. Then why does it sill work, and has been working for 6 months straight, without https enabled? The boundary groups remain the same and site assignment is being determined by theses boundaries / groups and I've even tried manually assigning this via Group Policy.
The contents of ClientIDManagerStartup.log look the same as it did prior to https:
Failed to open to WMI namespace '\\.\root\ccmvdi' (8007045b) ClientIDManagerStartup 1/26/2013 2:00:02 AM 2036 (0x07F4) [----- SHUTDOWN -----] ClientIDManagerStartup 1/26/2013 2:00:02 AM 2036 (0x07F4) [----- STARTUP -----] ClientIDManagerStartup 1/26/2013 2:00:58 AM 1996 (0x07CC) Read SMBIOS (encoded): 47004B004A004200460047003100 ClientIDManagerStartup 1/26/2013 2:01:08 AM 3204 (0x0C84) Evaluated SMBIOS (encoded): 47004B004A004200460047003100 ClientIDManagerStartup 1/26/2013 2:01:08 AM 3204 (0x0C84) No SMBIOS Changed ClientIDManagerStartup 1/26/2013 2:01:08 AM 3204 (0x0C84) SMBIOS unchanged ClientIDManagerStartup 1/26/2013 2:01:08 AM 3204 (0x0C84) SID unchanged ClientIDManagerStartup 1/26/2013 2:01:08 AM 3204 (0x0C84) HWID unchanged ClientIDManagerStartup 1/26/2013 2:01:09 AM 3204 (0x0C84) GetSystemEnclosureChassisInfo: IsFixed=TRUE, IsLaptop=FALSE ClientIDManagerStartup 1/26/2013 2:01:09 AM 3204 (0x0C84) Windows To Go requires a minimum operating system of Windows 8 ClientIDManagerStartup 1/26/2013 2:01:09 AM 3204 (0x0C84) Computed HardwareID=2:59FA824A27A1637D1D103AC0299CBA90B6EB82F4 Win32_SystemEnclosure.SerialNumber=GKJBFG1 Win32_SystemEnclosure.SMBIOSAssetTag= Win32_BaseBoard.SerialNumber=..CN137408230187. Win32_BIOS.SerialNumber=GKJB Win32_NetworkAdapterConfiguration.MACAddress=00:1E:4F:C8:97:82 ClientIDManagerStartup 1/26/2013 2:01:09 AM 3204 (0x0C84) Persisted hardware IDs in CCM_ClientIdentificationInformation=@: HardwareID1=2:59FA824A27A1637D1D103AC0299CBA90B6EB82F4 HardwareID2=55E50C00016200FA ClientIDManagerStartup 1/26/2013 2:01:09 AM 3204 (0x0C84)
- Edited by RJ454M3 Saturday, January 26, 2013 3:33 PM
------------------------------------
HOW TO CREATE AN EMAIL ADDRESS IN THE FORMAT OF MYNAME@BUSINESSNAME.com
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
Matthew,
I hope this doesn't insult you, but I'll say it: the info after the @ symbol is the "Domain Name". If you do not have your own domain, then you can't have your own domain name... even if it just one email address.
Sorry
So to the best of my knowledge, the answer is no, you can't.
And that's my guess as to why no one else took the time to answer you.
You can check that online company that sponsors the female NASCAR driver to see how cheaply you can do it through them, but there's no way I know of that you can do this for free.
------------------------------------
Reply:
Just to re-emphasize/expand on SpenCer21's reply for what you are looking to do
#1 - You really need to understand what an email is comprised of
#2 - You need to understand what a domain name is and how it relates to <yourbusinessname.com>
#3 - Once you understand #2 - you need to find out whether or not <yourbusinessname.com> is even available since it may already be in use by another person/company
#4 - You will need to understand the difference between "Domain Registrars", "Web Hosting Providers" and "Email Service Providers"
Doing a search on the phrase "How to Create Your Own Domain Email" (or any variation thereof) will return countless results - have included a few to get you started:
Understanding Domain Names
http://www.learnthenet.tv/how-to/understand-domain-names/index.php?p=02
How to get a business e-mail address with your own domain name
http://www.inflowinventory.com/Blog/index.php/2008/06/17/how-to-get-a-business-e-mail-address-with-your-own-domain-name/
How to Create Your Own Personalized Domain Email Address for Free
http://www.online-tech-tips.com/computer-tips/how-to-create-your-own-personalized-domain-email-address-for-free/
How do I create my own email address?
http://www.webdevelopersnotes.com/how-do-i/create-my-own-email-address.php
How to Create Your Own Domain Email
http://www.ehow.com/how_4450899_create-own-domain-email.html
Everyone has their own preferences about which Domain Name registrar to use with the most common being GoDaddy and Network Solutions. There are lots of others that are just as good (or better) - I prefer <Mydomain.com> having had nothing but excellent experiences over a decade but there are endless options - something which will require you to do your own "due diligence".
Personal preference is to register your domain separately to retain maximum control allowing you to move your domain to wherever you want without ever being held "at ransom" (i.e. not allowing you to move to another service with your domain name without paying some exhorbitant fee etc).
Signing up with a web-hosting provider does not require you to setup up a web-site - that's totally your prerogative but it generally provides you with the email services you're looking for.
In short - having/using your own domain name so that you're personalized businessname can be used in an email address will never be free - get used to it. How important that is to your venture is something only you can determine. Costs involved can range from very expensive to "extremely reasonable" - the more time you spend educating yourself about "the internet" and its components usually determines what your expenses will be. Going with the "most expensive" option in no way guarantees that you are getting any more/better value than alternative services in a lot of cases are just wasting your money. Similarly - going with something that "appears" to be "absolutely inexpensive" may involve things that will come back to bite you later - operative words "time" & "due diligence"
One last thought - use your own business name in an email address and do not have even the most minimal of a website behind it can be as telling and detrimental as not have your own domain name to begin with. You would be amazed how many people will look up your domain's website just to get some background info - a company these days that doesn't haven't it's own website using it's own domain name is a red flag IMHO. However, one thing I would never do is register my domain through a web hosting service which may make it very difficult to let you to move to another service in the future - you want to be sure that you retain full control of your domain name at ALL times - that also means ensuring that if you hire someone to do any of this for you, that everything gets registered in YOUR NAME as the owner no matter how you trust the person you assign the task to.
You may also want to look at such services as
Microsoft Office 365
http://www.microsoft.com/en-us/office365/compare-plans.aspx
The entire process is not hard and no where near as daunting at is may appear on the surface if this is your venture into the process - just required taking a little bit of time to educate/familiarize yourself with a few new things and proceed from there. If you don't have the time to do that then suggest you just use a standard free email address from Outlook.com/Gmail etc until your ready (or just use an email address available from your existing ISP).
Karl Timmermans - The Claxton Group
Outlook Import/Export Hints/Tips
Contact import/export/data management tools for Outlook '2000/2010 - ContactGenie.com
------------------------------------
Windows 8 Ignores sleep settings
Vincent Sprague
- Changed type Leo Huang Friday, December 21, 2012 5:47 AM
Reply:
Well this is the world we live in And these are the hands we're given...
------------------------------------
Reply:
If you open an elevated CMD prompt and type the following
powercfg /requests
it will list all of the items that are stopping the computer from going to sleep.
8B17
- Edited by Z1PTI3 Tuesday, December 11, 2012 7:14 PM
------------------------------------
Reply:
Vincent Sprague
------------------------------------
Reply:
In the advanced power settings for your plan what are your wake timers set to under sleep settings? Also have you check your BIOS to check that the computer is not being turned on though there, could also turn off WOL (Wake On Lan).
Though as it is not going back to sleep I would be interested to see what that command comes back with that is stopping it from sleeping as it could be linked to what is waking it up
8B17
- Edited by Z1PTI3 Tuesday, December 11, 2012 7:37 PM
------------------------------------
Reply:
Vincent Sprague
------------------------------------
Reply:
8B17
------------------------------------
Reply:
Vincent Sprague
- Edited by Baron164 Tuesday, December 11, 2012 10:27 PM
------------------------------------
Reply:
------------------------------------
Reply:
Also check any connected usb devices whether they support the sleep state. Some usb devices don't.
I.e. I have 2 special devices on a from Thrustmaster on a flight sim gaming station which does not support awakening - thus they will block the machine from going to sleep (one day I will go and hack the Windows db or registry - and sse if I can set flags for those devices ... so I don't have to disconnect them physically).
Anyway it's a bug from the vendor not implementing those usb devices correctly. But they are so unique in their design (i.e. not for all ... special use case) so may be thats why focus on supporting sleep correctly was overlooked?
------------------------------------
Reply:
I'm not concerned with it not going back to sleep. The issue is that it wakes itself back up for no apparent reason. I disabled wake timers and that did not help. I have already disabled the power management for the network cards and that did not help.
Vincent Sprague
------------------------------------
Reply:
Same things is happening to me.
It started appearing after install the Media Center Pack on Windows 8 Pro x64.
------------------------------------
Reply:
Vincent Sprague
------------------------------------
Reply:
That might be it, I did install the Media Center pack. Does removing it stop the machine from waking up?
Vincent Sprague
I don't know. You can try it and see what happens.
On my 3 Windows 8 PCs, only the one with the media center wakes up from "unknown device" source when being put into sleep.
------------------------------------
Reply:
------------------------------------
Reply:
Hi,
Have you tried to remove Media Center pack? Does the issue occurs?
If the issue persists, you can also try to perform a system restore for test.
Hi,
Why did you mark my post as an answer ? We didn't try to remove the media center pack already and we don't know how to fix the issue.
------------------------------------
Reply:
Do you still have this issue?
I have found that Intel Network drivers (lan and/or wifi) were causing this issue. Upgrading my drivers fixed that issue.
------------------------------------
client site code assignment
please help answering the following question:
1. when a client is installed, does it get the site code automatically?
2. if i change client from one site to anothe site. will it report to new site as well as old site. In this case which
site site code willbe assigned to that client. in this case i will chnage domain membership where i have sccm server.
3. can i install a client without assigning site code? and once i attach it to a particular domain site, client will get
the site code of that site. client will be installed as part of image.
4. any technet reference about site code assignment?
-raofu
Reply:
Specific to SCCM 2007 Client:
1. when a client is installed, does it get the site code automatically?
You need to provide Site Code when you are running the Client installer manually/through group policy. If it is getting installed through Client Push/Software Update, site code gets automatically assigned.
2. if i change client from one site to another site. will it report to new site as well as old site. In this case which
site site code will be assigned to that client. in this case i will chnage domain membership where i have sccm server.
If you change from one site to another site, the site code automatically changes to the new one(The nearest management point depending on the AD Site Boundary/IP Subnet defined).
3. can i install a client without assigning site code? and once i attach it to a particular domain site, client will get
the site code of that site. client will be installed as part of image.
Yes.
4. any technet reference about site code assignment?
http://technet.microsoft.com/en-us/library/bb680373.aspx
This should give you some good information about SCCM Client..
Regards,
Aditya.
Best Regards, Aditya Kumar.
------------------------------------
Reply:
Addition to........
1. when a client is installed, does it get the site code automatically?
If Schema Extended it will get the site code automatically even thought SLP not mentioned
2. if i change client from one site to anothe site. will it report to new site as well as old site. In this case which
site site code willbe assigned to that client. in this case i will chnage domain membership where i have sccm server.
If you change from one site to another site, the site code automatically changes to the new one(The nearest management point depending on the AD Site Boundary/IP Subnet defined).
3. can i install a client without assigning site code? and once i attach it to a particular domain site, client will get
the site code of that site. client will be installed as part of image.
You can ....But you con't manage the client
4. any technet reference about site code assignment?
About Client Site Assignment in Configuration Manager
http://technet.microsoft.com/en-us/library/bb681005.aspx
Client Installation and Assignment SuperFlow
http://www.microsoft.com/en-us/download/details.aspx?id=5229
http://technet.microsoft.com/en-us/library/bb680334.aspx
Narahari
- Edited by Narahari B Wednesday, January 9, 2013 11:49 AM
------------------------------------
Reply:
A couple of corrections to the above:
1. It depends upon how you installed the client. There is a property for client.msi (which ccmsetup calls) called SMSSITECODE which can be set to AUTO or to the explicit site code you want the client assigned to. AUTO does exactly what it says and is the default value.
2. In 2007, only if the site is within the same hierarchy will this work. If the site the client is being re0assigned to is in a different hierarchy, then the trusted root key for the site must be delivered to the client first: http://blogs.technet.com/b/configmgrteam/archive/2009/04/09/reassigning-a-configuration-manager-client-across-hierarchies.aspx
3. Kind of, if you use the AUTO value for SMSSITECODE as mentioned above. The client will try to auto discover its site when it first starts up though so it may not stay unassigned for very long.
What's the goal here?
If you are deploying an image, use this: http://technet.microsoft.com/en-us/library/bb694095.aspx
Or how about using a startup script to re-assign the client based on domain or OU membership?
Jason | http://blog.configmgrftw.com
------------------------------------
Reply:
I am so grateful to all of you. one more thing if you could share with me.
while imaging when i should run this command: net stop ccmexec ?
------------------------------------
Reply:
Before you capture the image and before you delete the client certificates.
Why not just use OSD though?
Jason | http://blog.configmgrftw.com
------------------------------------
Reply:
Using MDT:
Deploy SCCM client as a application package while deploying the OS with MDT.
Or is using application like ghost:
I'm using ghost till now, without changing anything on SCCM client. All clients working fine till now.Have deployed the same image in 1000+ systems :)
To be on safer side, you can del. certificates as Jason said.
------------------------------------
The connectivity verifier "Farm: X" reported an error when trying to connect to https://IP/exchange/. Reason: No connection.
I have this problem and it's bothering me since long time, I wish if any one could help me.
this error is keep comming every 3 mints..
Log Name: Application
Source: Microsoft Forefront TMG Firewall
Date: 1/17/2013 1:00:30 PM
Event ID: 21137
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: its-px-sv.Sajco.com.sa
Description:
The connectivity verifier "Farm: e" reported an error when trying to connect to https://192.168.0.84/exchange/.
Reason: No connection.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft Forefront TMG Firewall" />
<EventID Qualifiers="49152">21137</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-01-17T10:00:30.000000000Z" />
<EventRecordID>123203</EventRecordID>
<Channel>Application</Channel>
<Computer>its-px-sv.Sajco.com.sa</Computer>
<Security />
</System>
<EventData>
<Data>Farm: e</Data>
<Data>https://192.168.0.84/exchange/</Data>
<Data>No connection</Data>
</EventData>
</Event>
- Changed type Nick Gu - MSFTModerator Friday, January 25, 2013 2:10 AM
Reply:
Hi,
Thank you for the post.
You may run TMG BPA to check if there is any other error message besides connectivity verifier failure with event ID 21137.
Regards,
Nick Gu - MSFT
------------------------------------
Reply:
sorry for delaiy
yes there are others
one of them with the same event ID but the error is:
The connectivity verifier "Farm: X" reported an error when trying to connect to https://IP/exchange/.
Reason: The request has timed out.
if you want me to search for some specific error just indicate me please
- Edited by Albaroun Saturday, January 26, 2013 10:33 AM
------------------------------------
Help with SSRS Snapshot and Subscriptions
Hi,
I have few requirements as mentioned below and wanted to know how to acheive them. I know few solutions work but not 100 percent. please help me
- I have to schedule and save all the SSRS reports in different formats like Excel, PDF and store to a network location on a daily basis. users should be able to see these saved reports from a web page and they will select any report to be opened at any point of time. Since all the report names will be same, I want to differentiate them by appending some parameter values which is unique to that report at that point of time. How to achieve the renaming of these reports
- we have to show only 2 months of these SSRS Reports on the web page and all other older reports should be Archived into a separate location automatically. This can be achieved with Report Snapshots but the questions is whether the Reports that got generated as part of the Subscriptions can be stored as snapshots in the Report Server database so that we can make use of the SSRS Snapshot Archival strategy
- Lastly we should be able to automatically trigger the reports and store in some network location based on some conditions that are met from the Web Page. These reports can be called multiple times on the same day with different set of parameters. Once these reports are generated and saved into a location then we should be able to view them in the web page.
Thanks in Advance :)
~ BI Guy
- Changed type SqlBIGuy Monday, January 28, 2013 5:58 AM I want to discuss with forum people
Nice app for RSS-feed?
Hi!
I want to have a nice app to getting news from TechNet threads and blogs posts from various sites. I want to see new threads in about 10-15 forums here on technet and now i go every 15 minutes and refresh the browser in 15 tabs and i don't think this is a good way of doing it :D
It does not have to be a windows 8 Metro app but as i use Windows 8 it could be cool to actually use a metro app for a change
Share! How are you getting news from blogs and forums? What apps are you using?
Reply:
Hi,
I'm reading RSS from MS Outlook 2007.
Sebastian Sajaroff Senior DBA Pharmacies Jean Coutu
------------------------------------
Reply:
Great! Did not know that outlook could handle this! Will try!
No cool metro apps anyone? :)
------------------------------------
Reply:
No cool metro apps anyone? :)
Try the Store? Search with RSS? See TechNet RSS Reader there. (I haven't tried it. Still use WLMail. <w>)
------------------------------------
Reply:
No cool metro apps anyone? :)
try one of those:
http://apps.microsoft.com/windows/en-us/app/3abbe04d-3933-4ec4-8454-37e01c53f67e
http://apps.microsoft.com/windows/en-us/app/bd5399aa-7bac-42d2-a5b4-a349203743ca
http://apps.microsoft.com/windows/en-us/app/c4f042be-c7b9-4e08-af0b-cd3ed91c81e1
http://apps.microsoft.com/windows/en-us/app/3698cd5d-46ea-4ecd-af1b-57d362769e3e
"A programmer is just a tool which converts caffeine into code"
------------------------------------
Boot In Safe Mode Lost Video Driver
I appreciate that the above works for some troubleshooting. However, there are other reasons for wanting to use safe mode that are important. Windows 8 upgrade changed my AMD Display drivers to drivers that don't work correctly. The only accepted way I know of to get the VGA drivers in safely is to completely remove the old drivers and reload the correct driver using Safe Mode. Do you have another way to accomplish this?
This is the exact thing that happen to me. Windows 8 upgraded my ATI Raedon 4200 video driver to the ATI Raedon 5000 driver and now I have no display. How do I boot up into safe mode to reload the video driver? Or reinstall Windows 8.
- Moved by David Wolters Tuesday, May 21, 2013 4:05 PM Moving to a more appropriate forum
Reply:
Please refer to this article to enter into Safe Mode.
http://windows.microsoft.com/en-US/windows-8/windows-startup-settings-including-safe-mode
You can roll back the driver to the previous version via Device Manager.
Niki Han
TechNet Community Support
------------------------------------
Reply:
Please refer to this article to enter into Safe Mode.
@ Niki
That document misses a very important use case, which I have just added as a comment:
People are being referred to this document who have no video! So there are no icons visible to click on. At best they need the keyboard equivalents. (Good luck with that because the screens have not been designed with that use case in mind.)
------------------------------------
Reply:
How do I boot up into safe mode to reload the video driver?
Use the Advanced Options from booting your Recovery media.
------------------------------------
IIS Media Services, Windows Media Services, or Windows Azure Media Services?
With three media server platforms to choose from -- IIS Media Services, Windows Media Services, and Windows Azure Media Services – you might wonder:
• Which media platform is most appropriate for my particular scenario?
• Which factors are most important when considering a migration from one of these media platforms to another?
To help answer these questions, we've created a new article on IIS.NET. The article contains suggestions for which media platform to use in particular scenarios, information about Microsoft's encoding and conversion technologies, and a lot of valuable resource links. If you're interested, check it out at Microsoft Media Platform: Encoding and Serving Choices and Migration Considerations.
I hope you like it.
Thanks,
Tim
- Changed type David Bristol [msft]Microsoft employee, Moderator Wednesday, March 13, 2013 2:09 PM non question
Windows XP SP3 and Office 2003 Support Ends April 8, 2014
IT Pro Audience Manager for Web Forums
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
We all have 1yr 9mos. In order to switch over Windows 7. Anthony Mann has pretty well set everything up for us now. Maybe by April 08, 2014, there could be something else besides Windows 7. But in other words you'll will have this time to make the switch or buy a new computer with the program already download for you. Who know you might not even be here by them. I check out everything Anthony stated, it's all there. What's that old story, snooze you lose!!!
Here another new Windows 8, release May 2012 it looks like might be another great program. Here check it out for yourself. If this doesn't work, there always MAC. Have a great day, good surfing:
Windows 8 is the next version of Microsoft Windows, a series of operating systems produced by Microsoft for use on personal computers, including home and businessdesktops, laptops, Microsoft Tablet PCs, and home theater PCs. The release to manufacturing (RTM) is expected around July 2012,<sup class="reference" id="cite_ref-1" style="line-height:1em;font-family:sans-serif;">[2]</sup> three years after the release of its predecessor, Windows 7. Windows 8's server counterpart,Windows Server 2012, is in development concurrently with Windows 8. The most recent official pre-release version of Windows 8 is the Release Preview, which was released on May 31, 2012.
Edited by: ibtmicky
ibtmicky
------------------------------------
Reply:
------------------------------------
Reply:
I just stumbled across this announcement. Why was is not part of a XP update? Surprise! I wonder how many people will never know.
Will those with licensed copies of XP get a free download of 7?
------------------------------------
Reply:
I just stumbled across this announcement. Why was is not part of a XP update? Surprise! I wonder how many people will never know.
Will those with licensed copies of XP get a free download of 7?
Fast-forwarding four months, I don't know about '7' but Microsoft is offering XP subscribers the chance to upgrade to '8' (by end of Jan., '13) for a paltry $40. , but, you must download online. A disc with Windows 8-Pro can be snail-mailed but will cost more.
------------------------------------
EMET 3.5: SEHOP bug?
Windows 8 Pro 64-bit
I have a reproducible case which would appear to be a bug, but I'm looking for someone else to confirm.
I'm running Chrome 24.0.1312.52m with the LastPass extension 2.0.14.
- If I set system-wide SEHOP to Always On and check the SEHOP box for the Chrome process, LastPass works fine.
- If I set system-wide SEHOP to Always On and uncheck the SEHOP box for the Chrome process, LastPass works fine.
- If I set system-wide SEHOP to Opt In and check the SEHOP box for the Chrome process, LastPass crashes.
- If I set system-wide SEHOP to Opt In and uncheck the SEHOP box for the Chrome process, LastPass works fine.
Now correct me if I'm wrong, but shouldn't test cases 1 and 3 be resulting in the same outcome?
- Changed type Quitch Wednesday, January 16, 2013 4:16 PM Proposing bug
Reply:
Hi Quitch,
I don't think test cases 1 and 3 should be the same. For test case 1, SEHOP is enabled on a system wide basis to all running processes including chrome.exe.
However for test case 3, SEHOP is enforced by EMET on a process in this case chrome.exe and ALL DLLs within that process. Evidence that this occurs can be seen in the following Microsoft blog post:
http://blogs.technet.com/b/srd/archive/2010/09/10/use-emet-2-0-to-block-the-adobe-0-day-exploit.aspx
The DLL within Adobe Reader is not using ASLR even though AcroRd32.exe is opting into ASLR (the process in which the DLL is housed). Enabling EMET for AcroRd32.exe forces that DLL to be use ASLR and it is then placed at a random memory location each time Adobe Reader is launched.
For example, please find below screenshots of Google Chrome installed on my PC with a browser add-on from Symantec loaded as a DLL and Adobe Flash Player also loaded within Chrome:
For the Adobe Flash Add-on you can see that it is being loaded at a different base address each time:
Picture 1: Base address: 0x66B40000
Picture 2: Base address: 0x66980000
Direct Link To Image:
http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_Flash_Add-on_Chrome1.png
Direct Link To Image:
http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/MicrosoftEMETFlashAdd-onwithChrome2.png
This can also be seen with the Symantec add-ons:
For Norton Identity Safe, couictlr.dll (just one example)
Picture 1: Base address: 0x641B0000
Picture 2: Base address: 0x6A740000
Direct Link To Image:
http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_Symantec_Add-on_Chrome1.png
Direct Link To Image:
http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Microsoft_EMET_Symantec_Add-on_Chrome2.png
The fact that both of these DLLs are being randomly placed within memory by EMET (since EMET is also enabled, EMET.dll can be seen in the screenshots showing Adobe Flash within Chrome. It is also enabled for the other screenshots but is not visible in those images) tells us that EMET is also applying per process SEHOP to these add-ons since EMET has SEHOP enabled for chrome.exe:
Direct Link To Image:
http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/Google_Chrome_with_SEHOP.png
Apologies about the quality of the screenshots, I have made the text in them as visible as possible with the basic image editing tools that I have available.
Please note that a DLL and .EXE (Portable Executable, PE) file share the same structure but differ in their file extensions thus EMET can protect browser add-ons that are implemented within DLLs. For more information on the similarities between EXE files and DLLs, please see the following MSDN article:
http://msdn.microsoft.com/en-us/magazine/cc301805.aspx
How EMET enforces a mitigation on a process is very similar to how Windows 8 (and Windows 7 with the applicable update) now have the capability of Force ASLR (thus all DLLs within a process are now randomized whether their developers intended this or not).
For a more detailed look at Force ASLR, please refer to the following sources:
http://www.insanitybit.com/2012/11/09/windows-8-takes-aslr-to-the-next-level/
Page 17 of the following Microsoft PDF, Windows 8 Exploit Mitigation Slides by Matt Miller:
http://media.blackhat.com/bh-us-12/Briefings/M_Miller/BH_US_12_Miller_Exploit_Mitigation_Slides.pdf
This PDF is also linked to in the following blog post:
https://isc.sans.edu/diary/EMET+3.5%3A+The+Value+of+Looking+Through+an+Attacker's+Eyes/14797
From what I can tell, the LastPass add-on was not developed to incorporate the appropriate registry entry that opts a process into SEHOP:
Substitute the name of your main EXE for MyExecutable.exe in the example below: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MyExecutable.exe] "DisableExceptionChainValidation"=dword:00000000
Source: http://msdn.microsoft.com/en-us/library/bb430720.aspx © 2013 Microsoft. All rights reserved
This fact that the LastPass add-on was not designed to work with SEHOP (when it is enforced on its DLL and not just the chrome.exe process in which it resides) explains why LastPass works when system wide SEHOP is enabled but not when per process SEHOP is enabled as mentioned in the following forum thread:
http://forums.lastpass.com/viewtopic.php?t=83548&p=277044
A PowerShell script is provided in the above MSDN article to check if a process has opted into SEHOP. It is unlikely that a process or DLL will actively opt-into SEHOP since only some applications use the more well-known DEP and ASLR mitigations:
http://krebsonsecurity.com/2010/07/top-apps-largely-forgo-windows-security-protections/
http://0xdabbad00.com/2012/12/05/finding-slop-common-windows-apps-still-without-dep-and-aslr/
Please note that the second link about common applications using security mitigations dates from July 2010.
I hope the above information helps to answer your questions as to why LastPass works when system wide SEHOP is enabled but not when per process SEHOP is enabled. If you have any further questions, please let me know.
If anybody has more information/further insight into the exact reasons why the above behavior occurs, please feel free to contribute.
Thank you.
- Edited by JamesC_836 Thursday, May 30, 2013 8:38 PM Added extra link
------------------------------------
Windows SBS Server 2003 will not update; install IE 7 or 8
Whenever we try to install Internet Explorer 7, the installer gives us the error message "The program is incompatible with the operating system."
This is for a Windows Small Business Server 2003 is upgraded to SP2; however, the Windows Server Update Services will not connect or download any updates and gives an error every 5 minutes in the logs.
The most common error is that of Event ID: 7000: "The update services service failed to start due to the following error: the service did not respond to the start or control request in a timely fashion."
And Event ID: 7009: "Timeout (30000 milliseconds) waiting for the Update Services service to connect"
We have reinstalled the Windows Server Update Services several times and it continues to give these error messages.
I'm wondering if it has something to do with the SQL database?
Reply:
Update!
Internet Explorer 7 successfully installed - because there is a different version for Windows Small Business Server 2003 than there is for the regular Windows. I can't believe I overlooked this - I may have solved my own problem, but I cannot restart the server at the moment to see if WSUS works.
So, a little more information on the services that are currently not working. There is a notification on the bottom toolbar that shows a picture of a computer with some sort of a bullseye on it, when I hover my mouse over it, it says "Stopped - \\SERVERNAME\MICROSOFT##SSEE - MSSQLS" Whenever we restart this service, it immediately stops and will not run.
Whenever the server is started up, we get an error message that informs us that a service did not start in a timely manner - we believe that the above-stated service is the problem.
Anyone have any ideas?
------------------------------------
Can't create cluster via VMM 2012 sp1
The GUI and Powershell are both saying that the servers I'm trying to add are in untrusted domains, even though they aren't. I can't seem to find any verbose powershell argument to get the full stack dump to see why it thinks the hosts are in untrusted domains, or what domain it thinks they are in. Any ideas here?
- VMM (2012 SP1) host and both hyperv (win 2012 core) hosts are in the same domain
- All IPs (including the intended cluster IP) reverse back to the correct hostname and domain name
- All hosts can be resolved by either FQDN or hostname
- From the VMM server's server manager, I can manage the two HyperV hosts (restart, open powershell, manage teams, etc)
- Everything resolves the same way from the domain controller. This is the only domain controller in the forest
- The VMM server, domain, and 2 hyperv hosts are on a different VLANs (I can't think of a reason this would matter as long as they can talk to each other)
I can't think of any other thing to check or any way to further troubleshot this issue without more information from VMM.
Reply:
I think I figured this out and the situation is likely unique to test related implementations.
In my environment we have our testlab on a private non-trusted domain in an isolated forest from the rest of our workstations and servers. My workstation, which I was using to manage the VMM environment, was therefore a different domain. When I added the HyperV servers to VMM, I had to pick server from an "untrusted" domain even though the domain which the HyperV servers are on is trusted by the VMM server's domain. Apparently this flags those servers forever and you can't create a cluster out of them. I ejected the servers from VMM and re-added them via the VMM management console running on the VMM server and that did the trick.
The cluster did fail to create once due to disk configuration. The documentation doesn't spell this out explicitly, but this is the only way I could get the initial storage mount test to complete successfully:
- Present storage to both nodes with at least one LUN greater than 512MB. (VMM Cluster creation automatically picks the smallest disk > 500mb for the quorum if you have an even node cluster).
- Online all the disks on all nodes
- Using one of the nodes: Initialize all disks, create a primary volume on each disk but don't format or assign drive letters, then format and assign a drive letter for the quorum disk.
------------------------------------
(Resolved) New accounts unable to login to Admin Console
Hello Windows Intune users,
We are currently experiencing an issue with new accounts created in the last 2 days. IT Pros will be unable to login to the Admin Console after their account has been created. This is not impacting accounts created prior to 1/22/2013.
The Windows Intune team is investigating the issue and will provide updates as needed to this sticky in the forums.
If you believe your account is affected by this issue please open a support request.
Thank you for your patience,
Jon L. - MSFT
Update 1/26/2013 8:55am: Most customers should be able to log in now. We are still tracking some issues but most accounts will be able to log in and utilize the service. If you are still unable to log into the service please contact support and open a case.
Resolved: 1/26/2013 11:00am: All core scenarios for new account provisioning and log in are working from all regions.
- Edited by Jon LynnMicrosoft employee Saturday, January 26, 2013 7:54 PM
Reinstalling windows 8
I am genuine user of windows, i had downloaded windows 8 as an upgrade from windows 7. And i successfully did it, i registered myself there, inserted the product key and activated it accordingly. But later on windows 8 worked very slow with several restarts needed, no card games running, sudden boots in between works etc. So i installed windows 7 again and also later on i changed my PCs hardware and software. So my question is, what if i wanted to reinstall windows 8 again with no further download charges as i am registered user ?? Is there any possible solution ??
kindly reply here: aparanjape921@gmail.com
thank you.
Reply:
Carey Frisch
------------------------------------
Reply:
------------------------------------
Solution - Windows 2008 R2 Domain and GPO with Windows 8 clients
There was no big doing to fix the drive mapping for Windows 8 Clients when the Domain Controller is running on Windows 2008 R2.
What I have done?
- I installed a Windows 2012 Server as Member Server
- Add this server as Domain Controller (works perfect)
- Managed the GPO on Windows 2012 and saved it
What exactly I have done?
- Open GPMC on Windows 2012
- Select the Mapping GPO (Example: Dom-Drive-Mapping)
- Just select the GPO "Dom-Drive-Mapping" on the left panel
- Select "STATUS" within the right panel
- Next to the Domain Controller FQDN you will see the link "CHANGE"
- Select new Baseline DC for the GPO and choose the Windows 2012 Server
- Wait for replication (almost few seconds)
- Doublecheck this with the button "Detect now" within the right buttom corner
- Edit now the "Dom-Drive-Mapping" Policy
- Double click one Drive Mapping (example: drive M - double click)
- Keep the reconnect ticked. No need to untick it. If done, enable this.
- Select on the Top Tab "COMMON"
- Enable "Remove this item when..."
- Select new Baseline DC for the GPO and choose an Windows 2008 Server - or leave it on 2012.
- Done!
I have an item based drive mapping, which is based on group member ship. Don't know how you have done the settings. But now the drive mapping will work on Windows 8 and also on Windows 7.
Enjoy this!
- Changed type Torsten Jahnke Friday, January 25, 2013 2:04 PM
- Edited by Torsten Jahnke Friday, January 25, 2013 2:17 PM

No comments:
Post a Comment