FRITZ!Box Fon WLAN 7390 gestört durch Mikrowelle. Ich habe diese Woche per Zufall endlich herausgefunden was den meine Fritzbox stört. Es ist tatsächlich eine in der Schweiz gekaufte Mikrowelle (Alter ca. 5-7 Jahre).

Mcafee has released VSE 8.8 Patch 1 Repost. This is a repost that means that there WAS a Patch 1 which made problems and was took back from Mcafee. This is the cleaned out version. Please check the Hotfix KB75007 if you have VPN clients.

Mcafee VSE 8.8 REPOST (Erneuter Release) Patch 1, Release Notes

https://kc.mcafee.com/corporate/index?page=content&id=PD23408

Hotfix VPN and ON Demand Scanning with 8.8 VSE Patch 1 Repost

https://kc.mcafee.com/corporate/index?page=content&id=KB75007

Rootkits removal free and yes Mcafee and Symantec both work with those even in enterprise ;-) No one understands why...

Norton Power Eraser

http://security.symantec.com/nbrt/npe.aspx?lcid=1033

Mcafee Stinger

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Problem: WIN7. Der User wird mit einem temporären Profile angemeldet.

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: Date
Event ID: 1511
Task Category: None
Level: Warning
Keywords: Classic
User: User
Computer: Computer
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Ein User Profile z.B. Roaming Profile wird nach einem Acronis Restore, Windows Recovery oder einem Restore ab Backup (z.b Backup Exec) geblockt.

Der Benutzer wird mit einem temporären Profil angemeldet.

1. Kontrolle ob man auf den client REMOTE Registry drauf kommt. Per default ist auf dem Windows 7 Rechner das ändern der Registry remote nicht möglich.

Kontrolle "Remote Registrierung " Dienst aktivieren und auf Automatisch stellen.

Ansonsten kommt man von Admin PC nicht auf die Registry des Users.

http://support.microsoft.com/kb/947242/de (Deutsch)

http://support.microsoft.com/kb/947242 (Englisch)

1. Den User abmelden (Logon Screen)
2. Connecten auf den client und den KEY, welcher mit .BAK endet löschen.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Problem: WIN7. Der User wird mit einem temporären Profile angemeldet.

Log Name: Application
Source: Microsoft-Windows-User Profiles Service
Date: Date
Event ID: 1511
Task Category: None
Level: Warning
Keywords: Classic
User: User
Computer: Computer
Description:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Ein User Profile z.B. Roaming Profile wird nach einem Acronis Restore, Windows Recovery oder einem Restore ab Backup (z.b Backup Exec) geblockt.

Der Benutzer wird mit einem temporären Profil angemeldet.

1. Kontrolle ob man auf den client REMOTE Registry drauf kommt. Per default ist auf dem Windows 7 Rechner das ändern der Registry remote nicht möglich.

Kontrolle "Remote Registrierung " Dienst aktivieren und auf Automatisch stellen.

Ansonsten kommt man von Admin PC nicht auf die Registry des Users.

http://support.microsoft.com/kb/947242/de (Deutsch)

http://support.microsoft.com/kb/947242 (Englisch)

1. Den User abmelden (Logon Screen)
2. Connecten auf den client und den KEY, welcher mit .BAK endet löschen.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Here is how to make a complete new SMTP-connector on Port 26 and set it to Authenticate. So if the appliance/Software has to send an email you need an Active Directory account. You will not get this done with the GUI only in a regular Exchange 2007/2010. Small business version is different the STD or ENT.

1 Generate an Active Directory User called "smtp". No further special membership. No Exchange Mailbox.

2 For testing Translate/Encode the username "domain\smtp" and password to BASE64

http://base64-encoder-online.waraxe.us/

Both are sample values do not use!

YOURWINDOWSDOMAIN\smtp

TU9SQe4QlRcc210cA==

smtpasswordmysecrect

c210cG1h33aW44w5OQ==

3 Make a new Receive Connector and call it "RELAY"

4 Change following GUI settings on the Connector

5 Change the Port from 25 to 26 and tell the Connector which IP are allowed to connect (Also mention your test server/Another than the exchange)

6 Do following Powershell to configure the Connector finally

Add-ADPermission "RELAY" –User "smtp" –ExtendedRights ms-Exch-SMTP-Accept-Authoritative-Domain-Sender

Add-ADPermission "RELAY" –User "smtp" –ExtendedRights ms-Exch-SMTP-Accept-Any-Sender

7 Test the relay

telnet myexchangeservername 26

ehlo

AUTH LOGIN

TU9SQe4QlRcc210cA==     (Information from Step 2 BASE64 DOMAIN\username)

c210cG1h33aW44w5OQ==     (Information from Step 2 BASE64 password)

In this moment you should GET a "235. 2.7.0 Authentication Successful"

How to disable certain Control Items/Icons for enduser. As good example would be Bit locker which you don't want enduser to activate by their self.

Check the User part of your Policy:

Here are the values:

Microsoft.AddHardware

Microsoft.AdministrativeTools

Microsoft.AudioDevicesAndSoundThemes

Microsoft.AutoPlay

Microsoft.BackupAndRestoreCenter

Microsoft.BitLockerDriveEncryption

Microsoft.Bluetooth

Microsoft.CardSpace

Microsoft.ColorManagement

Microsoft.DateAndTime

Microsoft.DefaultPrograms

Microsoft.DeviceManager

Microsoft.EaseOfAccessCenter

Microsoft.FolderOptions

Microsoft.Fonts

Microsoft.GameControllers

Microsoft.GetPrograms

Microsoft.GetProgramsOnline

Microsoft.IndexingOptions

Microsoft.Infrared

Microsoft.InternetOptions

Microsoft.iSCSIInitiator

Microsoft.Keyboard

Microsoft.MobilityCenter

Microsoft.Mouse

Microsoft.NetworkAndSharingCenter

Microsoft.OfflineFiles

Microsoft.ParentalControls

Microsoft.PenAndInputDevices

Microsoft.PeopleNearMe

Microsoft.PerformaceInformationAndTools

Microsoft.Personalization

Microsoft.PhoneAndModemOptions

Microsoft.PowerOptions

Microsoft.Printers

Microsoft.ProblemReportsAndSolutions

Microsoft.ProgramsAndFeatures

Microsoft.RegionalAndLanguageOptions

Microsoft.ScannersAndCameras

Microsoft.SecurityCenter

Microsoft.SpeechRecognitionOptions

Microsoft.SyncCenter

Microsoft.System

Microsoft.TabletPCSettings

Microsoft.TaskbarAndStartMenu

Microsoft.TextToSpeech

Microsoft.UserAccounts

Microsoft.WelcomeCenter

Microsoft.WindowsAnytimeUpgrade

Microsoft.WindowsDefender

Microsoft.WindowsFirewall

Microsoft.WindowsSideShow

Microsoft.WindowsSidebarProperties

Microsoft.WindowsUpdate

 Windows Update Client Stuck on Server

1) Als erstes wuauclt.exe /resetauthorization /detectnow

Reboot des Server und Kontrolle ob es schon geht.

2) Siehe http://support.microsoft.com/kb/555175/en-us

3) Loeschen der Registry Keys:

• HKEY_LOCAL_MACHINE\COMPONENTS\PendingXmlIdentifier
• HKEY_LOCAL_MACHINE\COMPONENTS\NextQueueEntryIndex
• HKEY_LOCAL_MACHINE\COMPONENTS\AdvancedInstallersNeedResolving

4) Loeschen der Datei pending.xml in Ordner %systemroot%/winsxs

There are several bugs or limitations with Outlook 2003 and Exchange 2010. If you try to open more than two calendars you receive errors. There is also a hard limit of 16 additional calendars (Reception) which you may have to keep an eye on.

Office Outlook 2003 does not connect to two or more additional mailboxes in a mixed Exchange Server 2007 and Exchange Server 2010 environment. http://support.microsoft.com/kb/978777/en-us

1) If you have Exchange 2010 SP1 then try following:

$a = Get-ThrottlingPolicy | where-object {$_.IsDefault -eq $true}

$a | Set-ThrottlingPolicy -RCAMaxConcurrency 100

Screenshot shows the maximum value. Do not set to maximum to prevtn handys and "Virus" in worst case to open as many connections as the OS is limited to.

Restart the Service itself to make sure the new settings apply:

2) Also on the XP Office 2003 client which DID run before on 2000/2003 and other Exchange run:

 Check for Event 26 on the client:

Die Verbindung mit dem Microsoft Exchange Server wurde getrennt. Outlook wird die Verbindung so bald wie möglich wiederherstellen.

Weitere Informationen über die Hilfe- und Supportdienste erhalten Sie unter http://go.microsoft.com/fwlink/events.asp.

"C:\Program Files (x86)\Microsoft Office\Office14\Outlook.exe" /resetnavpane

3) Check also for Events 4696 and if so:

If you know a certain user account that you have the problem because he reports it than also check the Exchange Stats:

get-Logonstatistics -Idnetity USERNAME | fl applicationID

Then count the "Client=MSExchangePPC which may not be over 16! If you have a full slot (16 connections) the change the hard coded limit of 16.

Here is an exmaple with 11 connections:

"Mapi session "00cc3dde-64d7-4353-8050-00fc2057aae3: /O=xxxx/OU=xxxx/cn=Recipients/cn=customer.ch" exceeded the maximum of 32 objects of type "session"."

http://technet.microsoft.com/en-us/library/ff477612.aspx

You need to use:

• Start Registry Editor (regedit).
• Navigate to the following registry subkey:
  \\HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem.
• Right-click ParametersSystem, point to New, and then click DWORD (32-bit) Value.
  The new value is created in the result pane.
• Rename the key to one of the following values, and then press Enter:
  • Maximum Allowed Sessions Per User   This limit specifies the maximum allowable sessions per user.
  • Maximum Allowed Service Sessions Per User   This limit specifies the maximum allowed service sessions per user.
  • Maximum Allowed Exchange Sessions Per Service   This limit specifies the maximum allowed Exchange sessions per service. The default value is 10,000, and the Maximum value is 65536.
  • Maximum Allowed Concurrent Exchange Sessions Per Service   This limit specifies the maximum allowed concurrent Exchange sessions per service.
  • Disable Session Limit   This limit disables session limits. Set the value to 0 to turn off session limits. Set the value to 1 to turn on session limits.
• Right-click the newly created key, and then click Modify.
• In the Value data box, type the number of objects to which you want to limit this entry, and then click OK. Use the preceding table to view the default settings.

 See also:

http://social.technet.microsoft.com/wiki/contents/articles/1586.concern-is-having-outlook-2003-clients-going-to-prevent-me-from-deploying-exchange-2010.asp

Concern: Is Having Outlook 2003 Clients Going to Prevent Me from Deploying Exchange 2010?

 An these two hotfixes:

http://support.microsoft.com/kb/2212002/
Description of the Outlook 2003 hotfix package (Outlook.msp): July 1, 2010
Meeting Text Wrong

 http://support.microsoft.com/kb/2510153/en-us
Description of the Office Outlook 2003 hotfix package (Olkintl.msp, Engmui.msp): March 9, 2011
The connection to the Microsoft Exchange Server is unavailable. Outlook must be online or connected to complete this action.

http://technet.microsoft.com/en-us/library/aa997907(v=exchg.80).aspx

http://technet.microsoft.com/en-us/library/aa996905(v=exchg.80).aspx

Download Setspn.exe from ms:

http://www.microsoft.com/download/en/confirmation.aspx?id=25233

Check the entries you have:

setspn.exe -a SMTPSVC/mail.computerladen.ch mail

setspn.exe -a HOST/mail.computerladen.ch mail

Default Permissions Exchange 2003 SP2 IIS, Activesync

During testing with mobile/phone devices and certificates you sometimes mix up the security settings.

Here are the "default" security settings of an Exchange 2003 SP2 on the IIS after installation.

Enable the Windows directory Service mapper (IS OFF/not checked)

Default Web site, Permissions

On all directories the Secure Communications is turned OFF.

Microsoft-Server-ActiveSync, Permissions

Exchange, Permissions

Or:

• Good bye Apple and all your annoying trouble and disturbance in corporate IT
• Apple devices back to the Designers and black pullover users

Finally we reach a level where Android may be used in Enterprise corporate enviroment. Version 4 of Android brings advanced ActiveSync Support (Without Touchdown Nitrodesk). A lot of new in direction of Certificates (Exchange). The new phone from HTC is hipping Easter week in CH/DE and Austria room. There is no reason to BUY a Apple product anymore. With the Android 4 and Nokia Lumia 710/800 (Windows Mango) there are real options for enterprise users on the market. Since the Blackberry Stock (nasdaq) is doing what it want's this may be a good time to migrate away from Blackberry or IPHONE and apple.

HTC X One = LED Display, 32GB RAM, Quad Core (Except USA because of the new WIFI chip which needs more space)

HTC S One = Amoled Display, 16GB RAM, DUAL Core

Both 8MP camera and Android 4.X out of the box

Android 4 does have a new keychain API, and underlying encrypted storage lets applications store and retrieve private keys and their corresponding certificate chains. Applications can use the keychain API to install and store user certificates and certificate authorities

http://myitforum.com/cs2/blogs/mnielsen/archive/2011/10/20/android-4-0-in-the-enterprise.aspx

Read "Comparison of Exchange ActiveSync clients" to see what the different ActiveSync version offer and what not.

http://en.wikipedia.org/wiki/Comparison_of_Exchange_ActiveSync_clients

This error has been reported as bug in Outlook 2010 and can be safely ignored. If you want to get rid of the error there is an options to set a Registry key on each client.

HKEY_CURRENT_USER\ Software\Microsoft\Office\14.0\Outlook\Options

EnableConflictLogging    Wert:    0

0 = Logging deaktivieren (Activate Loging)

1 = Alle Fehler protokollieren (Log all errors) > DEFAULT

2 = Nur kritische Fehler protokollieren (Only log critical)

Ready NAS DUO V2 Failure

The manual of the Ready NAS Duo and the Ready NAS Duo V2 are awful. Here is how to complete factory reset the device. The manual "Raedynas DUO V2 and NV+ V2 Hardware Manual" is wrong and the information on page 25 "To access the boot menu" did not work for a ReadyNAS Duo V2 bought in Europe.

Just to make sure you understand:

• You lose all DATA on the existing drivers. We are at the status where after trying several hours with existing documentation you can't access anything and want it going running again.
• We need to format a USB device with Firmware. You are able to identify your Local Drivers for the procedure. If you are unsure leave it or with the tool to format the USB key you destroy the pc and make even more trouble. Call Netgear if you are unsure.

Situation: You have special hardissk (self buyed) or existing hard disk swapped and mixed up and the RAIDAR shows: "corrupt root".

Prelude:

If there are data on the disk there is a LINUX OS with several partitions on it. If you insert an existing OLD disk while doing the steps mentioned below the Netgear will TRY to boot that environment setting. If that happens you end up in a loop or where you where before. To make sure there is absolute nothing left from other Netgear devices or old RAID Volumes hang the disk to a PC with and USB/SATA connector and clean everything. You will see several partitions on your disk. Just delete those. Use Windows XP/7 disk management for that or some Acronis/Hiren.

Finally put the TWO "cleaned" or new disk into the turned off NAS and start:

1. Power off The Netgear device
2. Push a paperclip in the "reset" hole at the back and hold it down
3. Push power button (Blue Button once short to turn it on)
4. After 5 seconds two green led's will show (1 and 2 on front)
5. Push reset and power button TOGETHER and hold it down
6. After aprox. 30 seconds two green led will show again
7. Let go of the reset and power button together
8. Wait until the Flashing blue front Power button turns of
9. Continue from here with normal setup using RAIDar

Situation 2: The Netgear is complete done and no matter what you try you are kind of stuck. You are used to NAS/SAN/Storage but this thin drives you crazy.

Your Netgear is blinking and doing and you tried all steps in every Google info you found and it's still not working. You are on 192.168.168.168 and after some times or while inserting an extsing disk you and up in losing the connection to the device or failure.

Reset the Firma of the Netgear NAS DUO V2.0

• Search and download the tool "rw32-setup-1.0.2.3.exe" in Google (Rawrite32)
• Search and download the Firmware File "ReadyNAS_USB_Flash_Recovery-4.1.8.img"
• Search and download the Raidar tool if you don't have it already. The tool does a broadcast scan and find's the Readynas whatever IP address it has.

1. Start with a USB Stick which is empty. Start the RAWrite32 which you installed.

1. Choose the .IMG File we mentioned or any newer one. As example "ReadyNAS_USB_Flash_Recovery-4.1.8.img"
2. Choose "All Files" so you see it

1. Now check where you existing USB drive is. Do not USE the options "Write to physical Devices". Those are you local hard disk (Noob reminder ;-)

$

1. Check that you have selected your USB devive and not local disks

1. Once again! Check in Explorer again if you have chosen the CORRECT USB drive! Do not format your Windows or Data disk. Usage at own risk.

1. Performing USB recovery information

Before doing the USB boot on the ReadyNAS, remove any additional USB devices (UPS, Printers, etc.) that are connected to the ReadyNAS.

Connect the USB-stick drive to any USB port and hold down the power button for 20 seconds until after the hard drive lights blink the 4th time.

While you are holding down the power button, you will see the hard drive lights flash at 5 sec, 10 sec, 15 sec and finally at 20 seconds. After you let go of the power button the Netgear NAS will boot normal and fresh.

Exchange Analyzer Error:

'Domain Admins' does not have 'Read' permission of folder 'D:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\OAB\8b27efc1-81c1-46cf-a09d-5f99bffcf097' on server. This will cause clients fail to download Offline Address Book via HTTP(s). Please add 'Read' permission of this folder to this group.

This is an Analyzer Error and false Report in mixed environment (As example und and English [Exchange] and German [Active Directory] Environment)

The Permissions are set correct:

http://technet.microsoft.com/de-ch/library/9983b665-6040-4343-9e83-c85b5bb330c3.aspx

Windows Mobile 7 / 7.5 shows Code 0x85010014

Activesync Logfiles shows:

C:\inetpub\logs\LogFiles\W3SVC1\*.*

403 0 0 15

For Activesync to work for the Migrated old users try the following

Open "Active Directory Users and Computers", checked the user properties, then clicked on the "Security" Tab, clicked on "Advanced" options, and you will find "Include Inheritable Permissions from this Object's Parent" will be unchecked. Check that option.

Open the Adsiedit container by going to "start", "run" and typing "adsiedit.msc", then opened the Domain partition, then opened "CN=System", then click the properties of "CN=AdminSDHolder", click "Security" Tab, clicked "Advanced" and check the option "Include Inheritable Permissions from this Object's Parent"

users are moved to new server, please check the permission settings and verify application event log to see what error is recorded; besides, test the connectivity via https://www.testexchangeconnectivity.com/.

More info on AdminsHolder:

http://policelli.com/blog/archive/2009/11/06/understanding-adminsdholder-and-protected-groups/