Search This Blog

Thursday, December 30, 2010

Viewing Windows 7 Event Log remotely from Windows XP or 2003 computer

Surprisingly (or rather not), lot of people are having issues with that. Some even claiming that it is impossible to view Windows 7 Event Log remotely from an XP or Windows 2003 machine because "it's not designed for that". They are getting "Unable to connect. The network path was not found" error when trying to open Event Viewer, even though Services, Storage, Shared Folders etc are working

Problem is that Remote Registry service has to be running on Windows 7 machine and it's set to Manual startup type by default.

So, just start Computer Manager on XP/2003 machine, connect to remote computer (if you are not able to connect at all, check the firewall settings) and start this service manually first.

Monday, December 20, 2010

How to delete directories using wildcards

This script is also useful for deleting user profiles from Citrix servers (since they could be C:\Documents and Settings\UserID, C:\Documents and Settings\UserID.DOMAIN,  C:\Documents and Settings\UserID.old etc - last usually happens if somebody renames them)

It's a bit tricky since rmdir doesn't support wildcards.
Also , "CD" doesn't work with UNC path, so you either can do the registry fix described here or just use pushd /popd as I did.


rem Usage : DelCtxprof.cmd UserID

IF (%1)==() GOTO ERR

Pause This batch file will delete all profiles that start with "%1%" from all Citrix servers. If you don't want to do it, press Ctrl-C

pushd "\\CitrixServer1\C$\Documents and settings\"
for /d %%a in (%1*) do rd /s /q "%%~a"

rem Do the rest of your citrix servers there


ECHO Please specify User ID !!!

Thursday, April 22, 2010

You cannot compose or reply to messages in Exchange OWA using Internet Explorer 7 or 8

After e.g. upgrading to VISTA or Windows 7 which comes with Internet Explorer 7 or 8 you're not able to use your Exchange based webmail. If you hit Reply or New - you'll not be able to type anything, you'll see a red cross in the message body. That was done, of course, for your own good - to make your email more secure. Don't you get it? If you don't use email - you have less chance to get a virus out of it, right? Ironically you can still use Chrome or Firefox.

There are 3 ways to fix the issue:

1. Use another browser , e.g. Chrome ( most preferable one :-) )

2. Fix your browser. This is not recommended (you don't want to fix everybody's browser do you?)
Use it at your own risk - I haven't tested it.
Here are some explanations:

Here is another fix , but it only works with Exchange 2003 OWA (Exchange 2000 doesn't have "Email security" under "Options")

3. Fix your Exchange server.
The hotfix itself never appears on Windows/Microsoft Update - this is not a bug, this is a feature, right :-)?

You can download the hotfix for Exchange 2003, but if you have Exchange 2000 then you can call MS back for support and they gladly provide you with the hotfix for Exchange 2000.... for additional cost of course. Be prepared to pay at least $300 upfront. You can also download it from 3-rd party at your own risk here:

Tuesday, April 20, 2010

Connecting to a printer, shared on Windows 32-bit, from Windows 7 64-bit

Mapping a printer being hosted by a computer running 32bit Windows OS on a VISTA/Windows 7 64bit machine is a bit tricky.
You cannot do it by simply adding Network printer as you do it usually - via searching AD or directly by name - it will say that driver is not available even though you have it installed already e.g. by connecting similar printer locally. Windows will suggest you to browse your computer for .inf files and even if you know where they are (C:\windows\inf folder) or you have printer's CD it will still say driver is not available and will not present you list of available printers to choose from.

First, you need to know exact name of shared printer (what you see in Windows 7 when you search for network printers is not really printer shared name but description which could be different)

On the host computer:
Start > Settings > Printers and Faxes > Right click on the shared printer > Properties > Sharing tab > write the name down
On the Windows 7 / Vista 64bit computer:
Start > Control Panel > Printers > Add printer > Add a local printer > Click on ‘Create a new port’ > ‘Local Port’ > ‘Next’.
Type the port name like this: "\\Computer name\printer shared name", click ‘OK’.
After that continue installation as you would do it normally. You can either select the make and model of your printer from the lists (for Windows 7 it will most likely be there) or use your printer installation disk.

Friday, April 16, 2010

SceCli Warning 1202 Events

I've seen 2 cases for those 1202 events so far (see below)
Lately I had lot of NullDACL issues (Case 2) specifically on VM servers connected to SAN.
It's usually this folder
\\server\C$\Documents and Settings\User\Local Settings\Application Data\VMware
and this file
\\server\C$\Documents and Settings\User\Local Settings\Application Data\VMware\hgfs.dat

Additionally it could be some file related to Symantec Antivirus.

It could also some file under \windows\system32\ that is being created by an OpenSSH freeware

So far I couldn't find the reason why it's happening but I think the reason could be that SAN VM servers using gets too busy sometimes (e.g. during backups)

Case 1
If your Windows 2000 Server posts the following events to the Application event log, every five minutes, your local Group Policy database file is corrupt:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 6/7/2000
Time: 2:56:53 PM
Computer: ASKO-ONE
Description: The Group Policy client-side extension Security was passed flags (17) and returned a failure status code of (1208).

Event Type: Warning
Event Source: SceCli
Event Category: None
Event ID: 1202
Date: 6/7/2000
Time: 2:56:53 PM
User: N/A
Computer: ASKO-ONE
Description: Security policies are propagated with warning. 0x4b8 : An extended error has occurred.
Please look for more details in TroubleShooting section in Security Help.

Event Type: Error
Event Source: ESENT
Event Category: Logging/Recovery
Event ID: 454
Date: 6/7/2000
Time: 2:56:53 PM
User: N/A
Computer: ASKO-ONE
Description: services (304) Database recovery/restore failed with unexpected error -530.

Event Type: Error
Event Source: ESENT
Event Category: Logging/Recovery
Event ID: 412
Date: 6/7/2000
Time: 2:56:53 PM
User: N/A
Computer: ASKO-ONE
Description: services (304) Unable to read the log header. Error -530.

To resolve the problem, and return the Local Security Policy to its' installation state:

01. Create an OldSecurity subfolder at %SystemRoot%\Security.

02. Move the log files and chk file from %SystemRoot%\Security\logs to %SystemRoot%\Security\OldSecurity.

03. Move the database from %SystemRoot%\Security\Database\Secedit.sdb to %SystemRoot%\Security\OldSecurity and change the file extension to .old.

04. Start / Run / MMC / OK.

05. Console / Add/Remove Snap-in.

06. Add the Security and Configuration Analysis snap-in. Press Close and OK.

07. Right-click Security and Configuration Analysis and press Open Database.

08. Navigate to the %SystemRoot%\Security\Database folder, type Secedit.sdb into File name, and press Open.

09. When prompted to import a template, select Setup security.inf.

10. Press Open. Ignore any Access Denied error.

11. Right-click Security and Configuration Analysis and press Configure Computer Now.

Case 2

Thursday, April 15, 2010

Error message when you try to start Outlook 2003: "MAPI32.DLL is corrupt or the wrong version"

Happened on 2 newly bought computers (laptop and desktop) with Windows 7 64-bit, that had Microsoft Office 2007 pre-installed. I had to uninstall it because I use Office 2003. Trick is that there is really nothing wrong with MAPI32.DLL. You need to rename C:\Program Files\Common Files\System\Msmapi\1033\MSMAPI32.DLL to fix the issue.

(But, if you ever need to rename MAPI32.DLL you wouldn't be able to do it unless you take ownership and give yourself RW permission, even if you have admin credentials already).

Friday, February 26, 2010

Unexpected Windows 2003 server shutdown when working with a file on DFS share

Unlike the scenario described in MS KB (BSOD on logon) in my case a Windows 2003 SP2 Server was producing BSOD when saving Word file on a DFS share (no matter domain or stand-alone one). The bugcheck was: 0x00000035 (0x88ee95f8, 0x00000000, 0x00000000, 0x00000000).
Another server had 0x00000035 (0x87b34008, 0x00000000, 0x00000000, 0x00000000)

If you save the same file somewhere else and then copy it to the share, nothing happens.
Sometimes I saw similar behavior on other Windows 2003 servers when you try to rename a file on DFS share (either from command line or File Explorer).
The hotfix seems to be superseded by SP2 (SP2 has newer version of mup.sys - it's 2-Feb-2007 instead of 23-Sep-2005), so all you need is just to modify the DfsIrpStackSize registry entry and reboot:

Click Start, click Run, type regedit, and then click OK.
  1. Locate and then click the following registry subkey:


  2. In the right pane, right-click DfsIrpStackSize, and then click Modify.
    Note If the DfsIrpStackSize registry entry does not exist, you must create it. To do this, follow these steps:

    1. On the Edit menu, point to New, and then click DWORD Value.
    2. Type DfsIrpStackSize, and then press ENTER

  3. In the Base box, click Decimal, type 10 in the Value data box, and then click OK.

    • A value of 10 allows for a maximum of eight file system filter drivers.
    • The default value of the DfsIrpStackSize registry entry is 5. A value of 5 allows for a maximum of three file system filter drivers.
    • If you set the value to a number that is greater than 10, the value is automatically set back to 5.
    • If you do not apply this hotfix, the DfsIrpStackSize registry value is ignored (Check mup.sys timestamp - if it's 23-Sep-2005 or later - you do not need to install the hotfix)

  4. Exit Registry Editor.

  5. Restart the computer.

Affected servers:
s00339 ticket PN0000007617745