Archive for the ‘Uncategorized’ Category

Missing OAB in migration to Exchange 2013

If you have deployed Exchange 2013 within an environment with Exchange 2007 or 2010 already deployed, you may experienced issue when downloading OAB with Outlook for users which have been moved to Exchange 2013 (Outlook Send/Receive generates 0×8004010F An object cannot be found error or Microsoft Exchange offline address book 0X8004010F error in the synchronization issues folder).

If you check autodiscover settings via Outlook “Test E-mail Autoconfiguration” (Ctrl-Rightclick outlook icon in systray) you may see no OAB URL defined – there is no URL neither no OAB parameter.

To solve this issue, Run the following command from EMS on the Exchange 2013 server: Get-offlineaddressbook | fl WebDistributionEnabled,VirtualDirectories,Identity

If you have WebDistributionEnabled set to False and/or no value defined for VirtualDirectories, this is why you have the issue

To solve this issue, run the following command

Get-ClientAccessServer | Get-OabVirtualDirectory | fl identity to get OAB virtual directory identity (this will be required for the next command)

Set-OfflineAddressBook -VirtualDirectories “” –Identity

Wait a little bit, recycle the MSExchangeAutodiscoverAppPool and try a new autodiscover check; you should now have OAB URL parameter and value.

No Comments

Moving copiers to 2008 server

Older copiers that you got scanning working to 2003 servers may not work on 2008 and above servers. It seems that MS “enhanced” the SMBv2 protocol in 2008 and now reject SMBv2 requests if the requester doesn’t support extended attributes (whatever those are) In any case, the fix is to set the server to allow legacy SMBv2 negotiation as follows:

1.Open Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press ENTER.
2.Locate and then right-click the following registry subkey:

3.On the Edit menu, point to New, and then click DWORD (32-bit) Value.
4.Type AllowLegacySrvCall, and then press ENTER.
5.Right-click AllowLegacySrvCall, and then click Modify.
6.Type 1 in the Value data box, and then click OK.
7.Exit Registry Editor.
No reboot necessary.


No Comments

Edit the registry contained in a Wim File

How to open a wim and edit the registry….

•Open the Deployment Tools Command Prompt (Contained in the Microsoft Windows AIK folder on your start menu)
•Mount your wim file, by entering the below command . Substitute the filename, index and mount directory for your wim filename and image index. The mount directory just needs to be an empty pre-existing directory.

dism /mount-wim /wimfile:C:\WimImages\Win7.wim /index:2 /mountdir:C:\AIKMount
•Once DISM reports that the image has been mounted successfully, you need to mount the registry. I’m going to mount the wim’s HKLM\Software hive in this example. You’ll notice the root of my reg path below is the folder I mounted the WIM into, given in the previous command. Type

•Open RegEdit and load the software registry hiver from the mounted image (it’s in the c:\windows\system32\config folder) Make your changes.
•Once you are finished, Unload the hive and exit Regedit.
•Unmount the wim image and commit the changes back into the .wim file.
dism /unmount-wim /mountdir:C:\AIKMount /commit

If you want to not save the changes use the /discard switch instead of /commit


No Comments

Access denied attempting to access windows 7 administrative shares in a workgroup.

Getting Rid of the “Access Denied” Error Message

To solve this issue you need to make a small registry modification on the TARGET computer.

Use Regedit to add a dword value named LocalAccountTokenFilterPolicy to the following key and set it to “1″

Note: To revert to the original setting, change the LocalAccountTokenFilterPolicy value to 0 (zero).

Next, try to access the administrative share on the remote machine. This time you should succeed

No Comments

@#$@#%#$% Gmail has blocked me!

you’ve had an “event” on your email server and now you’re on all kinds of RBLs. You get yourself off all the bad guy lists, but google is still blocking you with a message that looks something like this:
550-5.7.1 [x.x.x.x] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to

or #5.5.0 smtp;550-5.7.1 [x.x.x.x] Our system has detected an unusual rate of ……

And you find that google doesn’t have a way to get yourselves off their list. Can you say 1-800-wedontgiveadamn? There is an I can’t send mail to you guys form that you can fill out here: but don’t hold your breath.

The one thing you CAN do, however, is make sure you have an SPF record setup on your sending domain. If you don’t have one setup, setting one up will almost instantly release the block by Google.

To setup an SPF record, simple add the following txt record under a host id of @.
v=spf1 mx ptr ip4:x.x.x.x ~all

And then tell everyone that google is the new evil empire (along with apple and microsoft).