Tuesday, September 16, 2014

Windows 7 Desktop Can't Join the Domain - Path Not Found? Blame AVG (and everything else!)

Spoiler Alert:  uninstalling AVG from the desktop fixes the problem.

A desktop is complaining that it's Trust Relationship has failed.  Normal stuff, probably went through a system restore and ended with an old SID, no biggie.  Remove it from the domain, reboot, readd to the domain, boom done, right?  Not so fast... after changing the domain name and hitting OK I'm presented with the normal domain login to which I input my domain administrator credentials.  The computer complains with an error message:
The following error occurred attempting to join the domain "somedomain.local":
The network path was not found. 
This points to a DNS issue on our SBS 2008.  Rebooting the server was my first step and it yielded no positive results.

The SBS 2008 in question seems slow and balky.  It's an HP ML110 with 8GB of RAM serving as an SBS for a group of 10 or so people using email and file storage in the server as well as its normal duties authenticating users and doling out Group Policy.

Noted error 13568 with source NtFrs in the event log which basically says that the File Replication Service is in Journal Wrap Error.  It reads kind of like:

The File Replication Service has detected that the replica set "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.   Replica set name is    : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"  Replica root path is   : "c:\windows\sysvol\domain"  Replica root volume is : "\\.\C:"  

A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to read from the NTFS USN journal is not found.  This can occur because of one of the following reasons.   

[1] Volume "\\.\C:" has been formatted.  

[2] The NTFS USN journal on volume "\\.\C:" has been deleted.  

[3] The NTFS USN journal on volume "\\.\C:" has been truncated. Chkdsk can truncate the journal if it finds corrupt entries at the end of the journal.  

[4] File Replication Service was not running on this computer for a long time.  [5] File Replication Service could not keep up with the rate of Disk IO activity on "\\.\C:".  

Setting the "Enable Journal Wrap Automatic Restore" registry parameter to 1 will cause the following recovery steps to be taken to automatically recover from this error state.  

[1] At the first poll, which will occur in 5 minutes, this computer will be deleted from the replica set. If you do not want to wait 5 minutes, then run "net stop ntfrs" followed by "net start ntfrs" to restart the File Replication Service.  

[2] At the poll following the deletion this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.  

WARNING: During the recovery process data in the replica tree may be unavailable. You should reset the registry parameter described above to 0 to prevent automatic recovery from making the data unexpectedly unavailable if this error condition occurs again.  

To change this registry parameter, run regedit.  Click on Start, Run and type regedit.  Expand HKEY_LOCAL_MACHINE. Click down the key path:    "System\CurrentControlSet\Services\NtFrs\Parameters" Double click on the value name    "Enable Journal Wrap Automatic Restore" and update the value. 

 If the value name is not present you may add it with the New->DWORD Value function under the Edit Menu item. Type the value name exactly as shown above.

Also noted Event ID 25:

The shadow copies of volume \\?\Volume{83195036-2013-11e0-9593-3c4a92d51777} were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

It sounds like the hard disk could too busy to serve up essential functions - looking at the Resource Monitor I could see that SQL was going crazy reading itself from the hard drive.  I decide to run the SBS 2008 BPA and see if it can tell me more.  I also update the HP System Management Agents and the HP Array Configuration Utility so that I could rule out hard disk problems (which indeed were not an issue).

Here's my BPA report:

I quickly dispatched with items 1-4 as they were simple netsh commands that were detailed in the item.  But the outsized Sharepoint and SBSMonitoring were an issue as was the server being in Journal Wrap condition.

The outsized databases don't seem like they'd keep desktops from joining the domain, but the journal wrap might be a different story.  I followed the link to http://support.microsoft.com/kb/292438 and said to myself, "Oh Crap, they've linked to an outdated article, this is for Win2k!  Nice job Microsoft..."  Worthless - except, it's not.  Things haven't changed much in the last 14 years of Active Directory.

Sure enough, upon reading http://blog.ronnypot.nl/?p=738 I check and find the SYSVOL share was not available.  I changed the registry value (which was what the error message directed, also) and waited a few minutes.  The SYSVOL share came available again.  BUT... still cannot connect the workstation to the domain.

I decided to pursue the other issues indicated by the BPA and fix the SBSMonitoring and Sharepoint Services databases.

First SBSMonitoring - Google yielded http://kwsupport.com/2013/05/sbsmonitoring-database-is-nearing-maximum-size/  which suggests using http://blogs.technet.com/b/sbs/archive/2011/08/22/how-to-recreate-the-sbsmonitoring-database.aspx to replace the database with a new blank one.  What are the drawbacks?  Loss of historical data - no biggie.  Downloading and running the script was a breeze, I just needed to set-executionpolicy unrestricted to get it to execute.  That article then recommended I complete the steps at http://blogs.technet.com/b/sbs/archive/2009/07/14/sbs-2008-console-may-take-too-long-to-display-alerts-and-security-statuses-display-not-available-or-crash.aspx which will shorten the amount of time which logs are kept and reduce the amount of information which is logged.

Now to deal with the overweight Sharepoint Services Database - http://support.microsoft.com/kb/2000544 seems like a good place to start and it features a convenient "Fix It For Me."  This removed the issue from the BPA, but the desktop still won't join the domain.

Others have been feeling this pain, I see posts with similar issues all over the Internet.  This one:  http://richardburley.com/windows-7-unable-to-join-domain-fix/ seems like it might finally be the one which most closely matches my situation.  On the afflicted PC I cannot browse to \\servername.  I checked this from another computer and found that \\servername worked fine - an exact fit!  This fellow fixed his issue by removing everything from the network configuration that wasn't TCP/IP v4 or v6.  I'm working remotely so this seems like a real bummer of a solution, but examining the network protocols I noted the AVG Network Filter Driver.  Perhaps this is it?  I removed AVG and rebooted the PC.

Uninstalling AVG fixed the issue - a fifteen minute fix found through four hours of work.  The server is certainly having issues, but they weren't causing THIS issue!

Wednesday, August 27, 2014

Using the Same Alias in Multiple Domains in Office365


  1. Start PowerShell as an Administrator
  2. If you haven't before issue the command issue it now: Set-ExecutionPolicy RemoteSigned
  3. Connect PowerShell to Office365 - (from http://technet.microsoft.com/en-us/library/jj984289(v=exchg.150).aspx)
    1. Issue the command and input your credentials: $UserCredential = Get-Credential
    2. Then issue this command to connect:  $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    3. Import the PowerShell commands from the Exchange Server by issuing:  Import-PSSession $Session
    4. Now test your connection by issuing: Get-Mailbox and making sure you get output.
  4. https://www.cogmotive.com/blog/office-365-tips/create-shared-mailboxes-with-same-alias-at-different-domains-in-office-365 gives us the following steps
    1. :  New-Mailbox -Name "Test Shared Mailbox 2" -Alias test_shared2 -Shared -PrimarySMTPAddress test_shared@cogmotivereports.com       Be certain to replace "Test Shared Mailbox 2" with the desired display name, the alias "test_shared2" with the desired alias (prefix before the @ sign) and fix the primary SMTP address with the desired address.
    2. Next correct the login name for this mailbox - set-mailbox test_shared2 -MicrosoftOnlineServicesID test_shared@cogmotivereports.com - you may receive the following error WARNING: UserPrincipalName "test_shared1@cogmotivereports" should be same as WindowsLiveID "test_shared@cogmotive.onmicrosoft.com", UserPrincipalName should remain as"test_shared1@cogmotivereports". Which may be safely ignored.
  5. Check you work by issuing Get-Mailbox verifying that the new mailbox entry appears.
  6. Close your session with Remove-PSSession $Session
This will create a new shared mailbox with the desired alias.  To make certain users send from the desired address and not the placeholder alias (test_shared2) sign into Exchange and go to the shared mailbox.  Edit the email addresses and set the desired alias as the primary address.


Wednesday, August 20, 2014

Migrating Outlook 2010 Autocomplete to Outlook 2013


  1. Run Outlook 2013, allow it to finish loading, then close it - no need to wait for it fully synchronize if you have a large mailbox.
  2. Open C:\Users\username\AppData\Local\Microsoft\Outlook\RoamCache
  3. Look for files named Stream_Autocomplete.dat  and note the latest one (this is the target) and the largest one (this is the source).
  4. Make a backup copy of both files, I placed mine in C:\temp.
  5. Go back to C:\Users\\AppData\Local\Microsoft\Outlook\RoamCache and rename the source file Stream_Autocomplete.da~ by replacing the "t" with a "~".  Before you commit the change, highlight the entire name before the period and copy it with Ctrl+C then commit the change.
  6. Rename your target file by pasting the source file name over the target file name.
  7. Run Outlook and feel the joy.
Why didn't Microsoft make this an automatic function like they did in prior versions? 0_o

Thursday, July 31, 2014

Linking a Bypass Code in Umbrella by OpenDNS

Here's a stumper:  you've created a bypass code for a user under Block Page ->Bypass Codes, and as you're admiring your shiny new bypass code entry you note that there is a yellow Hazard symbol in the column under Linked Policies next to n/a.  Furthermore the users bypass code doesn't work - it says that it must be linked to a policy, and there isn't a "link policy" button anywhere to be found.

This situation can be avoided entirely by creating each bypass code by clicking Policies in the left hand pane, selecting the relevant policy in the main pane, then jumping to Step 3. "Select Block Page Settings" and clicking Add Code.  Create and save your new code, share it with the relevant user, and your done.

But say you've gone and created your bypass code by navigating to Block Page Settings in the left hand pane, selecting Bypass Codes underneath it, and clicking "+ Create a New Bypass Code."  Don't worry, you haven't just wasted that time - click Policies in the left hand pane, select the relevant policy in the main pane, then jump to Step 3. "Select Block Page Settings," check the box next to the desired user, and then click Save.

Thursday, July 24, 2014

Assigning a Public IP using AT&T UVerse - Pace Modem

1.  Visit your gateway address using your favorite browser.

2.  Go to Settings -> Firewall

3.  Go to Application Pinholes and DMZ

4.  Select your device and then click Allow All (the last option)

5.  Click Save

This will DMZ the device and allow all traffic to all ports on that device.

Wednesday, July 02, 2014

Scheduling Periodic Bandwidth Checks Between pfSense Routers Using iPerf

I have a customer who, for years, has complained that their point to point connection (over a dedicated Point-to-Point Cable connection referred to as EoC or Ethernet over Cable) slows down every afternoon regardless of the number of users.  Initial investigations revealed nothing of importance.  iPerf tests would show periodic slowdowns but without any consistency as I could only run iPerf at the console, which required me to stand over it and initiate the tests.

What I desired was iPerf tests every 5 minutes during business hours.

To get started install the iPerf packages in both of your pfSense systems.  I am clueless why there are iPerf options in the Webmin, they seem to do nothing, please ignore them and use iPerf from the console.

iperf -c 192.168.0.1 -t 28800 -i 300

SEEMS to work, but it would need to be invoked every morning, and only outputs to the screen. Furthermore it runs the test ALL DAY LONG, not just every 5 minutes.  This would hog up the connection and prevent real work from being done quickly.  What I need is for it to be done periodically then output to a text file that I can check occasionally.  Furthermore, the office is only open 8am-5pm Monday through Friday, so why fill up my file with tests all the rest of the time?  Lastly, iPerf doesn't include dates and times in the report, so I need to add them.  I decided to haul out Crontab and do the following:

1.  Install the iPerf package in both pfSense systems.

2.  Pick a pfSense system to be ny server, log into its administrative console, and run the following command:

iperf -s -D

This runs iPerf as a daemon and allows me to close the session but keep iPerf running.

3.  Create an sh script (mine is iperftest.sh) using vi containing the following:

date
/usr/local/bin/iperf -c 192.168.0.1 -t -x CSV


The date line adds the date and time to the output file, and the -x CSV prevents showing info beyond the amount of data transferred and the speed at which it was transferred.

4.  Add a crontab job (crontab -e) for the user admin similar to the following:

00/5 8-17 * * 1-5 /root/autoiperf.sh >> iperfreport.txt

5.  Now all you need to do is cat your iperfreport.txt to see reports.

Wed Jul  2 13:25:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  6.00 MBytes  5.03 Mbits/sec
Wed Jul  2 13:30:00 CDT 2014
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  6.00 MBytes  4.98 Mbits/sec



Wednesday, March 05, 2014

Outlook 2010 and Office 2013 - Problems Changing an Expired Password

This puzzled us for a while, while there is a hotfix available (MS KB 2687351) you have to request it.  Without the hotfix the user may be repeatedly prompted to change their password, even if they changed it in the online portal.  Go to your account settings and select "Always Prompt for Credentials" then restart Outlook, input your new password, then make sure it works.  After you have verified your account is working go back to your account settings and clear the "Always Prompt for Credentials" checkbox so you may save your password.

Tuesday, February 18, 2014

Configuring Entourage 2008 for Office365 Exchange

Mac users are a different breed - they often just want to get things done and not spend a lot of time learning a new program.  Sometimes this means spending a lot of time making our old stuff work with our new stuff.  My friend Brent recently tackled the issue of using Entourage 2008 and Office365 Exchange with some success (though there seems to be a limitation which causes Entourage to only sync the past 6-8 weeks of email and not display the balance).


First Brent had to install several updates for his Office 2008:


Next he configured his Mac and Entourage using information from the following web sites to:




Thanks for sharing this solution, Brent!

Tuesday, November 26, 2013

Avoiding Malware and Viruses

Tips for avoiding malware infections (spyware, adware, and scareware):

  • Use Windows 7 or Windows 8.  Windows XP users are 6 times more likely than Windows 8 users and twice as likely that Windows 7 and Vista users to be infected with a virus.  (http://blogs.technet.com/b/mmpc/archive/2013/10/29/infection-rates-and-end-of-support-for-windows-xp.aspx).  For what it's worth, I haven't seen a virus-infected Mac.
  • Uninstall Java.  I know, computers without Java seem crippled.  If it's your work computer it may be required in order to get your job done - big business and governments have implemented any number of systems which require Java.  At home Java may be required to read your email or shop.  In the case that you're at home and need Java consider installing Java, completing the necessary task, then uninstalling it.  I know that's a bit of a headache but it sure beats dealing with a malware infection! (http://www.theguardian.com/technology/askjack/2013/feb/08/java-remove-ask-jack-technology)
  • Uninstall Adobe Reader.  Again, I know this is going to hurt, but it won't be as inconvenient as living without Java.  Shoot, you might even enjoy the alternative apps as they tend to be both faster and more feature rich!  I like Tracker-Software's PDF XChange Viewer.  (http://www.pcworld.com/article/2030153/)
  • Uninstall Adobe Flash Player.  This one is the least productive yet the most prevalent.  I wouldn't blame you for keeping it - some web sites are worthless without it.  That said, there are some who report that, though some web sites don't render as they should, they have been able to live a pretty full Internet life without it.  Uninstall it and see what the Internet is like, you might be pleasantly surprised!  (http://www.hou2600.org/software/six-months-without-adobe-flash-and-i-feel-fine/)
  • Update Windows.  This one should go without saying as it's been said all too many times.  Still, I see healthcare providers, aerospace companies, and grandmothers everywhere who are behind on their updates.  Even IT people are behind on their updates.  Please, for the love of all that is good, update your operating system.
  • Use the latest version of your browser.   The fact is that Chrome, Firefox, and IE all have vulnerabilities, and on any given day one is less vulnerable than the other two.  Keeping your browser up to date is the surest way to prevent infections, regardless of which one you prefer.  I've read that Crome is more secure than Firefox.  I've read that Firefox is more secure than Chrome.  I've read that Internet Explorer 11 is more secure than Firefox or Chrome.  It doesn't matter, use whatever you like or your work requires, just keep it up to date!
  • Block malware sites.  Ad blockers such as AdBlock Plus can go a long way towards preventing malicious code running on your computer as many advertising servers serve up malware as well.  Additionally you might consider using OpenDNS to block malware - OpenDNS takes a bit of work to get going, but once it's going it can not only block malware but pornography and other undesirable content as well.
  • Install antivirus software and keep it up to date.  Microsoft's latest statistics show that just over 50% of users don't have antivirus installed.  Wow.  That's like walking on the beach with no flip-flops - sooner or later you're going to step on something nasty.  Please install antivirus - Microsoft Security Essentials is free and works pretty well.  Safe Mode also offers AVG to our customers at a deep discount - call or email us to find out more!
So these are things you can do to your computer and network, but that's only half of the equation as your computer isn't the one surfing the Internet, reading emails, and clicking links.  The other half is between your ears - an educated computer user is a safe computer user!  These behaviors will help keep you safer when used in conjunction with the above (in many cases these tips work better).
  • Don't click "OK" or "Open" or "I Agree" or even the "X" on popup ads!  Don't even click the red "X" if a security warning or software installer pops up unexpectedly.  On your keyboard press and hold "alt" then press the "F4" key to quit your browser completely.  This will take you away from that awful place and you will have prevented a possible infection.
  • Don't open unexpected e-mail attachments.  Unless you know for certain that someone you know is sending an attachment don't open it.  If its from someone you know and it looks legit, think twice then call the sender and politely ask if they sent you something in your email.  If they didn't, inform them that they may have a virus and recommend professional assistance.
  • Don't open any attachments from Paypal, UPS, Fedex, Amazon, the IRS, or a bank.  It's likely not from them anyway, so it's probably a virus.  If one of those organizations needs to reach you they know other ways besides your e-mail.  Especially the IRS.
Safe Mode offers AVG Antivirus and OpenDNS  - call or email us today to learn more!  We can also manage and monitor your network to fix issues before they become problems.

Monday, October 28, 2013

VirtualBox Error VERR_SUPDRV_COMPONENT_NOT_FOUND on OSX after upgrading to Mavericks

Using VirtualBox 4.2.18 r88780 on OSX I encountered this error in a Win8 Guest after upgrading from my host OS from Lion to Mavericks.  Further testing revealed that it affects all guests, Windows and Linux.  Changing my adapter mode from Bridged to NAT fixed the issue but I could not run in Bridged mode.

Using the uninstall application and removing VirtualBox then reinstalling it fixed the issue.