Missing OAB in migration to Exchange 2013

If you have deployed Exchange 2013 within an environment with Exchange 2007 or 2010 already deployed, you may experienced issue when downloading OAB with Outlook for users which have been moved to Exchange 2013 (Outlook Send/Receive generates 0×8004010F An object cannot be found error or Microsoft Exchange offline address book 0X8004010F error in the synchronization issues folder).

If you check autodiscover settings via Outlook “Test E-mail Autoconfiguration” (Ctrl-Rightclick outlook icon in systray) you may see no OAB URL defined – there is no URL neither no OAB parameter.

To solve this issue, Run the following command from EMS on the Exchange 2013 server: Get-offlineaddressbook | fl WebDistributionEnabled,VirtualDirectories,Identity

If you have WebDistributionEnabled set to False and/or no value defined for VirtualDirectories, this is why you have the issue

To solve this issue, run the following command

Get-ClientAccessServer | Get-OabVirtualDirectory | fl identity to get OAB virtual directory identity (this will be required for the next command)

Set-OfflineAddressBook -VirtualDirectories “” –Identity

Wait a little bit, recycle the MSExchangeAutodiscoverAppPool and try a new autodiscover check; you should now have OAB URL parameter and value.

No Comments

Moving copiers to 2008 server

Older copiers that you got scanning working to 2003 servers may not work on 2008 and above servers. It seems that MS “enhanced” the SMBv2 protocol in 2008 and now reject SMBv2 requests if the requester doesn’t support extended attributes (whatever those are) In any case, the fix is to set the server to allow legacy SMBv2 negotiation as follows:

1.Open Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press ENTER.
2.Locate and then right-click the following registry subkey:

3.On the Edit menu, point to New, and then click DWORD (32-bit) Value.
4.Type AllowLegacySrvCall, and then press ENTER.
5.Right-click AllowLegacySrvCall, and then click Modify.
6.Type 1 in the Value data box, and then click OK.
7.Exit Registry Editor.
No reboot necessary.


No Comments

Edit the registry contained in a Wim File

How to open a wim and edit the registry….

•Open the Deployment Tools Command Prompt (Contained in the Microsoft Windows AIK folder on your start menu)
•Mount your wim file, by entering the below command . Substitute the filename, index and mount directory for your wim filename and image index. The mount directory just needs to be an empty pre-existing directory.

dism /mount-wim /wimfile:C:\WimImages\Win7.wim /index:2 /mountdir:C:\AIKMount
•Once DISM reports that the image has been mounted successfully, you need to mount the registry. I’m going to mount the wim’s HKLM\Software hive in this example. You’ll notice the root of my reg path below is the folder I mounted the WIM into, given in the previous command. Type

•Open RegEdit and load the software registry hiver from the mounted image (it’s in the c:\windows\system32\config folder) Make your changes.
•Once you are finished, Unload the hive and exit Regedit.
•Unmount the wim image and commit the changes back into the .wim file.
dism /unmount-wim /mountdir:C:\AIKMount /commit

If you want to not save the changes use the /discard switch instead of /commit


No Comments

WDS Multicast is really slow!

When using WDS to load images, direct SMB unicast works fine but overloads the network and/or server if you have too many sessions. So we try Multicast and that goes incredibly slow! What is going on? There is all sort of info on how to “tune” multicast, but the most likely culprit is your network switches, especially if you have HP procurve switches. There are two things to do. 1) make sure IGMP snooping is turned on for the VLAN you are using. Do this by getting into config mode and issuing the following vlan 1 ip igmp (if you want to enable it on VLAN 1). 2) Change the default mulitcast IP range in WDS from - to - because apparently the default range is ignored by IGMP on ProCurve switches. Nice!

Speeds should be back up to blazing after this.


No Comments

Access denied attempting to access windows 7 administrative shares in a workgroup.

Getting Rid of the “Access Denied” Error Message

To solve this issue you need to make a small registry modification on the TARGET computer.

Use Regedit to add a dword value named LocalAccountTokenFilterPolicy to the following key and set it to “1″

Note: To revert to the original setting, change the LocalAccountTokenFilterPolicy value to 0 (zero).

Next, try to access the administrative share on the remote machine. This time you should succeed

No Comments

@#$@#%#$% Gmail has blocked me!

you’ve had an “event” on your email server and now you’re on all kinds of RBLs. You get yourself off all the bad guy lists, but google is still blocking you with a message that looks something like this:
550-5.7.1 [x.x.x.x] Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to


goodguys.com #5.5.0 smtp;550-5.7.1 [x.x.x.x] Our system has detected an unusual rate of ……

And you find that google doesn’t have a way to get yourselves off their list. Can you say 1-800-wedontgiveadamn? There is an I can’t send mail to you guys form that you can fill out here: http://mail.google.com/support/bin/request.py?contact_type=msgdelivery but don’t hold your breath.

The one thing you CAN do, however, is make sure you have an SPF record setup on your sending domain. If you don’t have one setup, setting one up will almost instantly release the block by Google.

To setup an SPF record, simple add the following txt record under a host id of @.
v=spf1 mx ptr mx:mail.yourdomain.com ip4:x.x.x.x ~all

And then tell everyone that google is the new evil empire (along with apple and microsoft).


Citrix App won’t launch

Citrix app won’t launch in windows 7/Vista and IE9.  you get the “Do you want to open or save this file” dialog when you try to launch it.  IE reset doesn’t fix it, niether does changing the security zone.  Try executing the following:  c:\Program Files (x86)\Citrix\ICA Client\wfica32 /setup  Nope - I don’t know what all that does - other than make it work :)

No Comments

WOL not working from new server

When moving things from an old server (that happenes to be running Windows 2008 R2 (64bit)) WOL does not seem to get to anything. It worked on the old server but not on the new one. WTF? First thoughts are something 2008 R2 related or 64bit related. It turns out it probably isn’t any of that. It’s probably the fact that newer servers tend to have multiple NICs and your older hardware only had a simgle NIC. What is going on is that even though the extra NICs aren’t used, as long as they are active (not diabled) then WOL will use one to send it’s packets. Don’t know yet how to reorder the NICs so WOL usues the active one so the simple fix is to diable the NICs that aren’t plugged in to the network. WOL then has to use the active one and it works fine. Jeesh.


No Comments

WSUS breaks after update KB2720211

Another oops by MS…..

Console can’t connect to WSUS.  It errors out and tells you to look at the softwaredistribution.log file. (Where the f… is that???)  It’s in the c:\windows\program files\update servise\logfiles folder of course!  Look at the log and it shows that it can’t connect to susdb and reports Login failed for user ‘NT AUTHORITY\NETWORK SERVICE’ and Cannot open database “SUSDB” requested by the login.


- Applied KB2720211 to a WSUS 3.0 SP2 server thats running on Windows 2008 64 bit server with local SQL db.

-Applied KB2720211 to Windows 2003 server running WSUS 3.0 SP2 and local SQL db.


1. Download the KB2720211 installer for your architecture from Microsoft (http://support.microsoft.com/kb/2720211)
2. Extract WUSSetup.msp from the installer by running the installer with the /extract parameter (example: “WSUS-KB2720211-x64.exe /extract”)
3. With 7-zip, open WUSSetup.msp and extract “PCW_CAB_SUS”.
4. With 7-zip, open “PCW_CAB_SUS” and extract “DbCert”, “DbCertDll”, and “DbCertSql”.
5. Rename those files to “WSUSSignDb.cer”, “WSUSSignDb.dll”, and “WSUSSignDb.sql”, respectively.
6. On your WSUS server, navigate to “C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\SchemaSig” and copy the extracted “WSUSSignDb.cer” and “WSUSSignDb.dll” to it. Make a backup copy of the two existing versions, just in case.
7. On your WSUS server, navigate to “C:\Program Files\Update Services\Database” and copy the extracted “WSUSSignDb.sql” to it. Make a backup copy of any existing versions of the file.
8. Reinstalled 2720211 - it runs successfully this time.

Don’t even have to reboot or restart anything on 2008 R2 server.

You do have to reboot Windows 2003 server before rerunning the update (step 8)

I’ll update this If microsoft every comes up with an official fix.



Enable Remote Desktop Logon

To allow automatic logon to a computer running Windows XP through Remote Desktop, follow these steps while logged on as an Administrator: 1.Click Start, click Run, type MMC, and then press ENTER.
2.Click File, and then click Add/Remove Snap-in.
3.Click Add, select Group Policy, click Add, and then click Finish.
4.Click Close, and then click OK.
5.Navigate to the following directory:
Local Computer Policy/Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Encryption and Security

6.Double-click Always prompt client for password upon connection.
7.Click the Disabled box, and then click OK. You may now quit the MMC snap-in. Remote Desktop clients should now be able to connect to this Windows XP computer using the automatic logon feature of the Remote Desktop client.

No Comments