Internet Explorer crashes when viewing pdf files.

I got a call that Internet Explorer kept crashing when trying to click on a link. I suggested upgrading to Acrobat 9. That did not help. I did a site visit and got nowhere fast. I tried doing IE reset, deleting temp IE files and deleting temp files. No diff of course. To be less vague the insurance company had links to pdf files. I could save them and open them but when I would click on them in IE to view in IE it would crash IE. I gave up. A few weeks later another user at another account complains of the same thing. I went to Control Panel/Add Remove and removed the Acrobat reader. I went to Adobe and found Reader 7.x which installed fine and worked fine. No more IE crashes. I did not tempt fate by installing newer versions of Acrobat Reader. I will save that for another day.

Lately I can only find some version 8 which still works better than version 9.

Microsoft Mail, telnet, Wireshark, WHS, crummy cable internet

I got a call that a person could not send email using Microsoft Mail in Vista. Charter Cable said just use our web interface. Not so easy for my customer. I used Log Me In free edition so I could see what they were doing. Yes indeed it was failing with useless messages. I tried turning off their Circuit City supplied Webroot firewall. No difference. I started a download of Wireshark. The download is taking forever. I tried to download on my workstation and the download was done in less than a minute. I fuss about my slow download speed being so far from my DSLAM. They were downloading at less than 40k. That is pretty slow as they supposedly have Charter Cable high speed internet. Dialup modems are that fast.

While I am waiting for the download I try to use Telnet. Telnet is not installed in Vista Home. I have it on My Vista Ultimate. Wah. I kill the download and try to do some Flash speed testing at DSLreports.com. Speed was less than 1,000. Some tests at 700-800 actually. I restarted the Wireshark download.

Wireshark is one of my favorite tools. I don’t know how to really use it but I can sometimes get clues. I mean I am not so good with filters. Anyhow I see the LogMeIn UDP traffic taking up most of the Wireshark capture. I sifted through all of that and saw some problems with the smtp conversation. I tried to do copy and paste but the LogMeIN Free does not allow that. So from their workstation I logged in to my Windows Home server and placed that file for later look see. So with the failure I deleted the two emails from their Outbox. I sent myself a simple email which made it. I replied. I then replied back attaching the 800k Wireshark capture. It bombed. So that crummy internet speed is biting us. Hopefully the cable company will send out a tech to test the modem and premise wiring.

I logged in to my Windows Home Server to look at that capture. I click on Analyze and Display Filters choosing to show only tcp. Thousands of lines of UDP gone from view.  I use a Microsoft article to do telnet tests often enough. That little bit of telnet experience at least let me know what I was looking at. When you see TCP Previous segment lost in red you know something is not so happy. No quit either in the conversation. http://support.microsoft.com/kb/153119 Telnet can be your friend as can Wireshark

VBScript problems on XP boxes going to remote on SBS 2003 and 2008 register mstscax.dll Send users the 08 cert

I have a SBS 2008 at home with a static ip. I have the server and a XP Pro domain member in my little network. To access domain servers or workstations you have to first install the SBS 2008 certificate. So I sent it in an email and installed the cert. I can access the workstation or the server in the domain from Vista boxes. I can access the computers from a Server 2003. I cannot access them from XP Pro boxes. I have tried 4 different XP boxes. 3 have IE7, one has IE8. One had SP2, the others had SP3. I get a script error. Yes I imported the certificate the same way on the Vista boxes as I did on the XP boxes by expanding the zip file and clicking on the exe. Yes the XP boxes  can access other SBS 2003 remote web page connect to servers pages so  I do not believe the remote desktop add in is broken.  Except the IE8 XP box could not access the SBS 2003. It was really broke. I was getting VBSCRIPT errors. I do get the VBSCRIPT error from the XP boxes when trying to access the 2008 network but they worked fine accessing the 2003 network. I googled a bit and that got me no where.

 On my Vista box the add on is mstscax.dll. On two of the XP boxes the add on is msrdp.ocx.  I could not reach the other XP box so I will assume it has msrdp.ocx. The IE8 box had the mstscax.dll listed as installed but not used. Note that I can access application servers on SBS 2003 sites fine with these XP boxes (except for the IE8 box) so I suspect that the IE  rdp stuff is good enough for SBS 2003.

 Note that I can reach the SBS 2008 network and computers from a Server 2003 that uses the same mstscax.dll like a Vista box. I logged on to another Server 2003 and I see that it uses the mstscax.dll.

 Maybe I am reading the addins incorrectly but it appears to me that the more modern operating systems are not using the same remote desktop add on as XP. I am I misreading the situation? Has anyone else tried to access SBS 2008 domain workstations via  remote.realworlddomain.com from a XP box? Rhetorical questions a day later as I was asking for help in forums yesterday and got no answers.

So Susan told me things in an email I did not want to hear. It was related to the SBS 2008 certificate. She says buy a real one and eliminate that problem of how to get a good cert to an end user. I say fooey. What is generated should work.  So we can disagree on that point. But she did tell me to http://support.microsoft.com/kb/928055/en-us which fixed the problem on 3 boxes. One of those boxes was running IE8 which had the mstscax.dll listed as an installed add on but not used.

regsvr32 %systemroot%\system32\mstscax.dll,

Note that the IE8 box was not able to reach a SBS 2003 application server correctly so it is not just a SBS 2008 issue. So I am 3 for 3 when registering the mstscax.dll. When I register that on the IE7 boxes I now see that listed instead of the msrdp.ocx file. So I was indeed on to something when I was really cranky last night. Happiness in the morning when Susan gave me the solution.

So how do you get the SBS 2008 certificate to your end user in East Bumbleduck right now when Microsoft says carry it to them on a usb key? I logged in to the SBS 2008. I made a new OWA email and I attached the Install Certificate Package.zip to emails I sent to the remote users. Remote users can access OWA without the cert. So they open the email, right click the attachment and save as. Extract all and click on the exe to install. So the zip file never really left the domain so it does not get munged up by a bunch of email scanners. Sneakernet for the 21st century?

So my theory of the day is some folks say who cares, it is just SBS 2008 that is having the issue. No one uses that. Well they will real soon. I was getting complaints about SBS 2003 access so it is not really just a SBS 2008 issue.

Thanks to Susan for being the obsessive queen she is.

Holy cow 30 gigs of WSUS content on the wrong drive

I had a backup failure at an account. I noticed that WSUS managed to get installed on my USB backup drive when I did the last WSUS upgrade. 30 gigs of stuff in content. I clicked on just English and ran the celanup wizard. That did virtually nothing over a long, long time. Plan on a day or more on that wizard. I found this post http://forums.technet.microsoft.com/en-US/winserverwsus/thread/59b5c659-b09e-4d05-84dc-04202fa9f136/ where I ended up here http://technet.microsoft.com/en-us/wsus/bb466192.aspx and downloaded the server diagnostic tool. I installed that tool at c:\wsuscleanup tool. I jumped out to the command prompt and did a cd\wsuscleanup tool. I ran this command wsusdebugtool /tool:purgeunneededfiles and a few minutes later my content was now 4.5 gigs. I can now move that folder over to my server hard drive so my backup can work. That will be another task for another day.

Out of Office not working with Exchange 2003 and Outlook 2007, MDBVU32 and OWA

I had a user call saying their Out of Office was not working. A few years back I had another user at the same account report that same issue. I used mdbvu32 to dig out the crummy OOF and all was good when creating a new OOF. I think they refer to this as OOF but I do not get where the letters came from. OOO seems like what it should be.  http://support.microsoft.com/kb/248709 or this article with pictures is how you dig stuff out. http://www.msexchange.org/articles_tutorials/exchange-server-2007/tools/troubleshooting-out-of-office.html

So I dug the stuff out just as the local administrator had done but no luck. So here is the rest of the story. SBS 2000 swung to SBS 2003. Years ago though like maybe 2-3 years ago. The user that was having problems has gone on vacation a number of times since the new server. Workstations are XP Pro SP2 and recently upgraded to Office 2007. They were on Office 2003 until a few months ago. So as you know when in doubt work from Outlook Web Access. I cleaned up the OOF with MDBVU32 and then I turned on the OOF from OWA and it worked. OOF absolutely refused to work from Outlook 2007. I swear I cleaned things up more than a few times with MDBVU32 and tried to turn OOF back on in Outlook 2007.

So short take away is if OOF is not working with Exchange 2003 and Outlook 2007, try digging out with MDBVU32 and turn it on  with OWA.

SBS team invites your suggestions

http://blogs.technet.com/kevin_beares/archive/2008/05/23/the-windows-small-business-server-2008-ww-community-survey-is-live.aspx


 The SBS team is curious about what you think and what you want. Spend a few minutes giving them some feedback. Just as a point of reference the SBS MVPs and the MVPs friendly to SBS are considered the minority.  What I mean is that a lot of my SBS friends run ISA and love/like it. They use SQL for line of business uses. We are constantly told that we are a minority. Maybe so, but we sure are vocal. If you love/like ISA or SQL let them know. Even if you don’t tell them what you think and what you want. The do listen and lots of noise creates lots of interest.

Slow XP SP2 boot up, updated nic drivers fixed that.

I had a call that a user’s workstation is taking 5 minutes to boot up. I did some user file cleanup which should have nothing to do with the issue as the slow boot is before the user gets the CAD screen. I did an ipconfig/all to make sure dns was correct. I did an ipconfig/flushdns. I then updated the Realtek nic from a 2002 driver to a 2008 driver. I rebooted the workstation and it came up in a minute after the bios finished its stuff.


Some computer manufacturers are not so good about getting you the latest nic drivers. If you have a computer that uses Broadcom nics you usually need to go to Broadcom to get the latest drivers. 


 

Tiny USB thumbdrives drives? Put them to use, or how to flash your server with a thumbdrive

I have all these crummy usb thumbdrives . Crummy means  too small to carry a lot of files on. I considered them useless until my Intel server said create a bootable usb thumbdrive and place the updates on the usb bootable thumbdrive. In the past I had to make a bootable floppy and then a few more floppys to update the various Intel utilities. Now they say place them all on a thumbdrive and boot from that. Finally a use for 128 meg thumbdrive.


This guy has great instructions with screenshots for those of us who can’t read instructions.


http://www.bay-wolf.com/usbmemstick.htm


 

I can’t get my default printer to stick on my application server. Make a group policy.

I had a user buy some wham bam Dell portable pc for $4,000. It sure was fast with Vista Ultimate, Blue Ray, Bluetooth keyboard, lots of ram and processor. Well it sort of looks like a laptop but it weighs a lot. The primary business application does not run on Vista so we set him up to use the pretty new application server. He also has a dog slow XP laptop. I could not get the default printer to stick on the application server. I would log in with one laptop and set the default printer on the application server. He would log in with the other laptop and the default printer on the application server changed. The default printer kept flopping back and forth. Every day was a new day.

 

So here is what I did. Group Policy management. I made a new GPO under domainname.local Windows Components/Terminal Services/Client/Server data redirection. Do not set default client printer to be default printer in a session. Enabled.

 

Problem of default printer flopping about due to the client machines was solved.


 

Exchange connection filter using a Real Time Block list, and IMFPerfmon.msc

Here are some things I do. I may miss a step so you may have to
confirm things. After you added connection filter provider you need to
make sure you have checked that stuff in the default virtual server.

Global Settings/Message Delivery right click Properties.
Sender Filtering: Check Filter messages with a blank sender and Drop
connection if address filter matches filter.
Connection Filtering: Add your favorite RBL services. I happen to use zen.spamhaus.org Please visit www.spamhaus.org to review terms and conditions to see if you are eligible to use their services.
Intelligent Messaging Filtering: I set it at 7 and Reject. You want
reject so if there was a valid message the sender receives notice that
your server rejected the message.
Recipient Filtering: Filter recipients who are not in the Directory.

Apply and go to Servers/Servername/Protocols/Default SMTP Virtual
Server right click Properties.
Advanced.
Edit
I check everything but Sender ID Filter.

Make sure you are on Exchange SP2 and you add the registry dword
HKLM\Software\Microsoft\Exchange\ ContentFilterState set to 1. That
key lets Microsoft Updates get IMF definitions.

I open up perfmon.msc from the Run box.
On the icon bar I click on the notebook icon to get the report view.
Click on the + sign next to it to add some counters.
In the Performance Object drop down box look for
MSExchange Transport Filter Sink. Choose all counters and Add.
Back to Performance Object and choose MSExchange Intelligent Message
Filter. Choose all counters and Add. I really do not care for the per
second counters so you can choose select counters from list if you
like.

Now you have a permon that is showing how much stuff is going in to
your Exchange server that the IMF considers spam. It shows you how
many connections are being rejected by the RBL. It shows you how many
connections are being dropped because the recipient is not in your
Active Directory. I do a little math and come up with some interesting
numbers.

Click on File and save as. I save it as imfperfmon.msc. I right click
on the desktop and make a new shortcut. Type imfperfmon.msc in the
next two boxes. Now you have a shortcut on your desktop anytime you
want to see how the RBL and IMF are doing.

Back to your question. If you have the imfperfmon working you can see
a little about what is coming in. Last night I had an account getting
slammed with some mailer daemon nonsense. I need to visit to see what
is really going on.

Mail may still be stuck in the queue as your server is trying to send
out Non Delivery Reports to bogus addresses. If you have done the
clicks I mentioned and others hopefully the junk will be blocked.
Those NDRs will die off after a few days. The default setting in
Exchange is to try to deliver for 2 days and then give up. There is a
trick to flush all the messages out but it may be just as easy to let
them die out on their own. As long as you do the clicks I did you
should eventually be ok.

Another rant is that I do in Exchange System Manager. Properties of
the Default SMTP Virtual Server/ Access/Relay. I have the button only
in the list. Below that list I do not have the checkbox clicked for
All computers that successfully authenticate. There is no computer
that I want to relay against my server. I want everyone to be using
Outlook or Outlook Web Access to deal with email. That is just another
way for people to cause trouble. Of course after a misadventure I get
to suggest now is the time to have passwords 8 characters long and
having more than 2 things from the keyboard. Since there are at least
6 easy things on the keyboard it should be not hard to create and easy
to remember complex password.
http://www.microsoft.com/protect/you…rd/create.mspx