Thursday, December 13, 2012

PDF Free Utility to add Passwords and Merge documents

http://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Ffreepdfxp.de%2FxpDownload.html

It is a german website; Stefan Heinz is the developer.

Use link above for English site translation (original http://freepdfxp.de/xpDownload.html)

Not only merges PDF’s but will add passwords to them.

PDF Free Utility to add Passwords and Merge documents

http://translate.google.de/translate?hl=de&sl=de&tl=en&u=http%3A%2F%2Ffreepdfxp.de%2FxpDownload.html

It is a german website; Stefan Heinz is the developer.

Use link above for English site translation (original http://freepdfxp.de/xpDownload.html)

Not only merges PDF’s but will add passwords to them.

Wednesday, December 12, 2012

SHA-1 checksums for files

hash-1

To obtain the hash, you’ll need a utility that calculates SHA-1 checksums for
files – fortunately Microsoft has a free download called the File Checksum Verifier
Utility
. Run fciv.exe from the command line on your reference PC to obtain
the desired checksum:

SHA-1 checksums for files

hash-1

To obtain the hash, you’ll need a utility that calculates SHA-1 checksums for
files – fortunately Microsoft has a free download called the File Checksum Verifier
Utility
. Run fciv.exe from the command line on your reference PC to obtain
the desired checksum:

Tuesday, December 11, 2012

SCCM Task Sequence rebuild not adding computer back into AD

Overview: I am trying to image a computer and it is not joining the 'Contoso' domain
I restructured a sub OU, what changes need to be made to add the computers to the renamed OU?

Resolution: Reset the FQN for each renamed OU in the MDT DataBase.  The task sequence references the MDT database during the step.

SCCM Task Sequence rebuild not adding computer back into AD

Overview: I am trying to image a computer and it is not joining the 'Contoso' domain
I restructured a sub OU, what changes need to be made to add the computers to the renamed OU?

Resolution: Reset the FQN for each renamed OU in the MDT DataBase.  The task sequence references the MDT database during the step.

SCCM "Closing the allow unknown computer support to take control"

SCCM-unknown

Applies To: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3

Unknown computer support is an operating system deployment feature in Configuration Manager 2007 R2 that allows unmanaged systems to be discovered and receive operating system deployment.
http://technet.microsoft.com/en-us/library/cc161877.aspx

~But why is it showing up in my SCCM task sequence? ...


This is not an error, it was an informational message just saying that the Task Sequence Availability Checker did not need to add the machine to a collection for task sequences to be available at the next step. This is because we have advertised the task sequences to the unknown computer collections. Any machines that boot up and request task sequences that do not have a record in SCCM will be able to start running one of those advertised task sequences.

We are using non-integrated WDS which means we can’t use the unknown computer support on PXE service points. However, the issue here isn’t to do with unknown computer support anyway, it’s to do with known computers and task sequences not being available to them. That’s why we created the task sequence checker tool to add machines to the right collection at boot time.

Advertising task sequences without mandatory schedules to all machines is out of the question, it would take just one person to think “that task sequence didn’t run on that computer properly, I know I’ll right click and rerun on the advertisement” to rebuild every machine in the company! Obvious no no.

SCCM "Closing the allow unknown computer support to take control"

SCCM-unknown

Applies To: System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3

Unknown computer support is an operating system deployment feature in Configuration Manager 2007 R2 that allows unmanaged systems to be discovered and receive operating system deployment.
http://technet.microsoft.com/en-us/library/cc161877.aspx

~But why is it showing up in my SCCM task sequence? ...


This is not an error, it was an informational message just saying that the Task Sequence Availability Checker did not need to add the machine to a collection for task sequences to be available at the next step. This is because we have advertised the task sequences to the unknown computer collections. Any machines that boot up and request task sequences that do not have a record in SCCM will be able to start running one of those advertised task sequences.

We are using non-integrated WDS which means we can’t use the unknown computer support on PXE service points. However, the issue here isn’t to do with unknown computer support anyway, it’s to do with known computers and task sequences not being available to them. That’s why we created the task sequence checker tool to add machines to the right collection at boot time.

Advertising task sequences without mandatory schedules to all machines is out of the question, it would take just one person to think “that task sequence didn’t run on that computer properly, I know I’ll right click and rerun on the advertisement” to rebuild every machine in the company! Obvious no no.

Friday, December 7, 2012

SCCM DCM Creation and KPI

Microsoft Security Compliance manger

Possible to import Backed up GPO's and then export as DCM baseline for compliance.  For computers not on the domain and able to receive a GPO can use teh local policy tool that is included with the SCM tool to import teh Group policy backup instead.

 

 

Verify that bitlokcer is enabled on the C drive

Option Explicit On Error Resume Next Dim objWMI, obj, colTPM

Set objWMI = GetObject("winmgmts:\\.\ROOT\CIMv2\Security\MicrosoftVolumeEncryption") If Err <> 0 Then Script.Quit End If

Set colTPM = objWMI.ExecQuery ("Select * from Win32_EncryptableVolume") For Each obj in colTPM If ( UCase(obj.DriveLetter) = "C:" And obj.ProtectionStatus = 1 ) Then WScript.Echo "BitLocker Enabled on C Drive" WScript.Quit End If Next

SCCM DCM Creation and KPI

Microsoft Security Compliance manger

Possible to import Backed up GPO's and then export as DCM baseline for compliance.  For computers not on the domain and able to receive a GPO can use teh local policy tool that is included with the SCM tool to import teh Group policy backup instead.

 

 

Verify that bitlokcer is enabled on the C drive

Option Explicit On Error Resume Next Dim objWMI, obj, colTPM

Set objWMI = GetObject("winmgmts:\\.\ROOT\CIMv2\Security\MicrosoftVolumeEncryption") If Err <> 0 Then Script.Quit End If

Set colTPM = objWMI.ExecQuery ("Select * from Win32_EncryptableVolume") For Each obj in colTPM If ( UCase(obj.DriveLetter) = "C:" And obj.ProtectionStatus = 1 ) Then WScript.Echo "BitLocker Enabled on C Drive" WScript.Quit End If Next

SCCM DCM What is it?

What is Desired Configuration Management (DCM)?

DCM is a feature in SCCM that will provide a framework for assisting organizations in both defining and enforcing corporate policies and standards for system configurations, whether related to the operating system or an application installed on the system.

Feature include authoring and scheduling, model-based design leveraging Service Modeling Language (SML) (a component of Microsoft's Dynamic Systems Initiative) which makes the features we're about to discuss possible.

Some of the key scenarios that drove the features Microsoft delivered in the final release of DCM include:

Regulatory Compliance - demonstrating regulatory compliance in system configurations. Not only deploying a compliant standard system configuration, but being able to periodically prove adherence to these policies.

Pre and post change configuration - Verify that no unplanned changes took place during the implementation of a planned change.

Monitoring for "drift" - Verify that new systems are built in accordance to the planned role in your infrastructure, and monitoring for human error and misconfiguration in day-to-day administration. Ensuring corporate policies are implemented in base machine builds and maintained over time.

Streamline Support - Incorporating DCM reporting into the troubleshooting process to drive down time to resolution and overall support costs.

The bottom line - DCM monitors your systems actual configuration against a "desired configuration" model and identifies policies that have drifted outside this policy.

DCM Components

3 key concepts: Configuration Items, Configuration Baselines, and Configuration Packs.

The smallest unit of measure in the DCM model is the Configuration Item (CI). Configuration Items represent a desired object or setting or value on a client or within an application. Configuration items can include registry values, objects on the file system (files, folders) and attributes (firewall settings, NTFS permissions), as well data retrieved via scripts. The Configuration Items fall into one of the following categories:

Application CI - Settings within an application like MS Word, Exchange, or SQL Server.

OS CI - Representing a specific operating system object or setting.

General CI - General settings related to corporate policies like corporate security policy, Sarbanes-Oxley, etc.

These configuration items are reusable, and can be grouped into multiple, logical collections of settings known as a Configuration Baselines, which represent your base unit of management in DCM. Within the configuration baseline, you can define mandatory, optional and prohibited configuration items.?

Configuration Baselines will generally be constructed to map to machine roles (a type or class of system), such as Domain Controller, Exchange 2003 Server, SQL Database Server. Creating all the configuration items for configuration baseline for something like Exchange is time consuming and the use of Configuration Packs comes in. Configuration Packs are pre-defined configuration baselines (templates so to speak) created by Microsoft and 3rd parties representing best practice configuration for common OS and server applications. Configuration packs are designed to be used as a starting point for your own corporate baseline, and then modified to meet your organizations requirements.

Configuration packs templates are best served using the Solution Accelerator Microsoft Security Compliance Manager

Apendix: systemcentercentral.com

SCCM DCM What is it?

What is Desired Configuration Management (DCM)?

DCM is a feature in SCCM that will provide a framework for assisting organizations in both defining and enforcing corporate policies and standards for system configurations, whether related to the operating system or an application installed on the system.

Feature include authoring and scheduling, model-based design leveraging Service Modeling Language (SML) (a component of Microsoft's Dynamic Systems Initiative) which makes the features we're about to discuss possible.

Some of the key scenarios that drove the features Microsoft delivered in the final release of DCM include:

Regulatory Compliance - demonstrating regulatory compliance in system configurations. Not only deploying a compliant standard system configuration, but being able to periodically prove adherence to these policies.

Pre and post change configuration - Verify that no unplanned changes took place during the implementation of a planned change.

Monitoring for "drift" - Verify that new systems are built in accordance to the planned role in your infrastructure, and monitoring for human error and misconfiguration in day-to-day administration. Ensuring corporate policies are implemented in base machine builds and maintained over time.

Streamline Support - Incorporating DCM reporting into the troubleshooting process to drive down time to resolution and overall support costs.

The bottom line - DCM monitors your systems actual configuration against a "desired configuration" model and identifies policies that have drifted outside this policy.

DCM Components

3 key concepts: Configuration Items, Configuration Baselines, and Configuration Packs.

The smallest unit of measure in the DCM model is the Configuration Item (CI). Configuration Items represent a desired object or setting or value on a client or within an application. Configuration items can include registry values, objects on the file system (files, folders) and attributes (firewall settings, NTFS permissions), as well data retrieved via scripts. The Configuration Items fall into one of the following categories:

Application CI - Settings within an application like MS Word, Exchange, or SQL Server.

OS CI - Representing a specific operating system object or setting.

General CI - General settings related to corporate policies like corporate security policy, Sarbanes-Oxley, etc.

These configuration items are reusable, and can be grouped into multiple, logical collections of settings known as a Configuration Baselines, which represent your base unit of management in DCM. Within the configuration baseline, you can define mandatory, optional and prohibited configuration items.?

Configuration Baselines will generally be constructed to map to machine roles (a type or class of system), such as Domain Controller, Exchange 2003 Server, SQL Database Server. Creating all the configuration items for configuration baseline for something like Exchange is time consuming and the use of Configuration Packs comes in. Configuration Packs are pre-defined configuration baselines (templates so to speak) created by Microsoft and 3rd parties representing best practice configuration for common OS and server applications. Configuration packs are designed to be used as a starting point for your own corporate baseline, and then modified to meet your organizations requirements.

Configuration packs templates are best served using the Solution Accelerator Microsoft Security Compliance Manager

Apendix: systemcentercentral.com

Adobe Reader Error Opening a PDF

Adobe-EULA

"Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement"

To analyze, filter to only AcroRd32.exe process using Process monitor. Then exclude all “SUCCESS” results.

Note the key:

HKLM\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer\EULAAcceptedForBrowser NAME NOT FOUND

Confirm the key is not present in Regedit; create a DWORD called “EULAAcceptedForBrowser” & set the Value Data to 1

NOTE: relating to a bug; if "CR" is in the folder or file name : http://forums.adobe.com/message/3791868

Adobe Reader Error Opening a PDF

Adobe-EULA

"Before proceeding you must first launch Adobe Acrobat and accept the End User License Agreement"

To analyze, filter to only AcroRd32.exe process using Process monitor. Then exclude all “SUCCESS” results.

Note the key:

HKLM\SOFTWARE\Adobe\Adobe Acrobat\10.0\AdobeViewer\EULAAcceptedForBrowser NAME NOT FOUND

Confirm the key is not present in Regedit; create a DWORD called “EULAAcceptedForBrowser” & set the Value Data to 1

NOTE: relating to a bug; if "CR" is in the folder or file name : http://forums.adobe.com/message/3791868

Thursday, December 6, 2012

1E NOMAD overview

What is Enterprise View?

http://www.1e.com/helparchive/NightWatchman%20and%20WakeUp/v6.0/User_Guide/User-Guides/Enterprise%20View%20Users%20Guide.pdf

Enterprise View is aimed at personnel who want a quick overview of their network and how the 1E products are working to bring them environmental and cost savings. Enterprise View is a management dashboard, providing at-a-glance overviews of the energy consumption and computer-related information that 1E is gathering on your network.

How does Enterprise View operate?

Enterprise View provides a web-based portal onto the 1E databases. The portal lets you choose from a number of pre-defined tiles to display significant PC and Server information in a handy, summarized format.

1E NOMAD overview

What is Enterprise View?

http://www.1e.com/helparchive/NightWatchman%20and%20WakeUp/v6.0/User_Guide/User-Guides/Enterprise%20View%20Users%20Guide.pdf

Enterprise View is aimed at personnel who want a quick overview of their network and how the 1E products are working to bring them environmental and cost savings. Enterprise View is a management dashboard, providing at-a-glance overviews of the energy consumption and computer-related information that 1E is gathering on your network.

How does Enterprise View operate?

Enterprise View provides a web-based portal onto the 1E databases. The portal lets you choose from a number of pre-defined tiles to display significant PC and Server information in a handy, summarized format.

NOMAD 1E not responding to a package status request

Overview: During a SCCM task sequence a specific application is to be installed.  The task sequence is designed to use a NOMAD cache to poll the source.  The sequence fails as no available cache is available.

How to troubleshoot?

On the NOMAD cacheing server Open regedit and check the package status details.

Select the sub folder that corresponds to the cached item and review the details on the right.  You should check the following item are present and correct

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\1E\NomadBranch\PkgStatus\LDC002FE]
"Percent"="100.000"
"Version"="2"
"CachePriority"="1"
"CacheToFolder"="D:\\NomadBranchCache"
"ReturnStatus"="Completed Successfully"
"AlreadyCached"="0"

Also check the logs for specific behaviour. C:\ProgramData\1E\NomadBranch\LogFiles

The log should state "CacheStatus: (ELD)  pkgID="LDC002FE"(0) local=100.000%
verifiedUTC=09/04/2012

NOMAD 1E not responding to a package status request

Overview: During a SCCM task sequence a specific application is to be installed.  The task sequence is designed to use a NOMAD cache to poll the source.  The sequence fails as no available cache is available.

How to troubleshoot?

On the NOMAD cacheing server Open regedit and check the package status details.

Select the sub folder that corresponds to the cached item and review the details on the right.  You should check the following item are present and correct

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\1E\NomadBranch\PkgStatus\LDC002FE]
"Percent"="100.000"
"Version"="2"
"CachePriority"="1"
"CacheToFolder"="D:\\NomadBranchCache"
"ReturnStatus"="Completed Successfully"
"AlreadyCached"="0"

Also check the logs for specific behaviour. C:\ProgramData\1E\NomadBranch\LogFiles

The log should state "CacheStatus: (ELD)  pkgID="LDC002FE"(0) local=100.000%
verifiedUTC=09/04/2012

PXE-E32: TFTP Open Timeout

SYMPTOM

When the PXE client comes up with the PXE copyright message and
completes the DHCP phase, but then displays:

TFTP....

After a
while, the following error message is displayed:

PXE-E32: TFTP open timeout

Depending on the PXE client's system setup boot device list
configuration, the PC then either stops or tries to boot from the next boot
device in the system setup boot device list.

CAUSE 1

The "PXE-E32" error indicates that the PXE did not get a reply from the TFTP server when sending a request to download its boot file. Possible causes for this problem
are:

1. There is no TFTP server
2. The TFTP server is not running
3. TFTP and DHCP/BOOTP services are running on different machines, but the next-server (066) option was not specified

RESOLUTION 1

Make sure that a TFTP server is set up and running. When the TFTP service is running
on a different machine than the DHCP or BOOTP service, you need to add option
066 (next-server) to the DHCP/BOOTP server configuration, and set this option's
value to the IP address or "resolvable hostname" of the TFTP server. When option
066 (next-server) is not defined, the PXE client assumes that the TFTP service
is running on the same machine from which it received its DHCP/BOOTP
configuration information.

CAUSE 2

This problem occurs after you apply security update MS08-037.  For more information, click the following article number to view the article in the Microsoft Knowledge Base:
953230

MS08-037: Vulnerabilities in DNS could allow spoofing


RESOLUTION 2

Windows Server 2008 R2


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
      (http://support.microsoft.com/kb/322756/            )

How to back up and restore the registry in Windows


To work around this problem if you do not require Windows Deployment Services to use a static port range, you can configure Windows Deployment Services to dynamically query WinSock for available ports instead of using a port range.
To do this, follow these steps:

  1. Start Registry Editor. To do this, click Start

    Collapse this imageExpand this image , type regedit in the Start Search box, and then press ENTER.



    Collapse this imageExpand this image



    If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

  2. Locate and then click to select the following registry key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters


  3. Right-click UdpPortPolicy, and then click Modify.

  4. In the Value data box, type 0, and then click OK.

  5. On the File menu, click Exit to exit Registry Editor.

  6. Restart Windows Deployment Services.



WDS logging can be enabled by editing the value of this registry key and setting it to
1:

HKLM\SOFTWARE\Microsoft\Tracing\WDSSERVER\EnableFileTracing

This then logs to %WINDIR%\tracing\WDSServer.log

One thing which can go wrong with TFTP is that WDS tries to use a temporary range of UDP ports, if any of these are already in use instead of nicely failing the connection and trying again on another port it simply borks, and fails, silently (unless you enable
the log...)

The logging in question is:

[8436] 12:01:36:
[698808][WDSPXE] [WDSPXE][UDP][Ep:10.10.0.11:4011] Sent To:10.10.0.114:68
Len:1024
[8436] 12:01:36:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\udphandler.cpp:369]
Expression: , Win32 Error=2
[8436] 12:01:36: [WDSTFTP][UDP][Ep=0]
Registration Failed (rc=2)
[8436] 12:01:36:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\ifhandler.cpp:238]
Expression: , Win32 Error=2

Oddly it seems that under "normal" operation
you get a lot of these:

[9488] 12:42:17:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\udpendpoint.cpp:811]
Expression: , Win32 Error=5023

PXE-E32: TFTP Open Timeout

SYMPTOM

When the PXE client comes up with the PXE copyright message and
completes the DHCP phase, but then displays:

TFTP....

After a
while, the following error message is displayed:

PXE-E32: TFTP open timeout

Depending on the PXE client's system setup boot device list
configuration, the PC then either stops or tries to boot from the next boot
device in the system setup boot device list.

CAUSE 1

The "PXE-E32" error indicates that the PXE did not get a reply from the TFTP server when sending a request to download its boot file. Possible causes for this problem
are:

1. There is no TFTP server
2. The TFTP server is not running
3. TFTP and DHCP/BOOTP services are running on different machines, but the next-server (066) option was not specified

RESOLUTION 1

Make sure that a TFTP server is set up and running. When the TFTP service is running
on a different machine than the DHCP or BOOTP service, you need to add option
066 (next-server) to the DHCP/BOOTP server configuration, and set this option's
value to the IP address or "resolvable hostname" of the TFTP server. When option
066 (next-server) is not defined, the PXE client assumes that the TFTP service
is running on the same machine from which it received its DHCP/BOOTP
configuration information.

CAUSE 2

This problem occurs after you apply security update MS08-037.  For more information, click the following article number to view the article in the Microsoft Knowledge Base:
953230

MS08-037: Vulnerabilities in DNS could allow spoofing


RESOLUTION 2

Windows Server 2008 R2


Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756
      (http://support.microsoft.com/kb/322756/            )

How to back up and restore the registry in Windows


To work around this problem if you do not require Windows Deployment Services to use a static port range, you can configure Windows Deployment Services to dynamically query WinSock for available ports instead of using a port range.
To do this, follow these steps:

  1. Start Registry Editor. To do this, click Start

    Collapse this imageExpand this image , type regedit in the Start Search box, and then press ENTER.



    Collapse this imageExpand this image



    If you are prompted for an administrator password or for confirmation, type the password or provide confirmation.

  2. Locate and then click to select the following registry key:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters


  3. Right-click UdpPortPolicy, and then click Modify.

  4. In the Value data box, type 0, and then click OK.

  5. On the File menu, click Exit to exit Registry Editor.

  6. Restart Windows Deployment Services.



WDS logging can be enabled by editing the value of this registry key and setting it to
1:

HKLM\SOFTWARE\Microsoft\Tracing\WDSSERVER\EnableFileTracing

This then logs to %WINDIR%\tracing\WDSServer.log

One thing which can go wrong with TFTP is that WDS tries to use a temporary range of UDP ports, if any of these are already in use instead of nicely failing the connection and trying again on another port it simply borks, and fails, silently (unless you enable
the log...)

The logging in question is:

[8436] 12:01:36:
[698808][WDSPXE] [WDSPXE][UDP][Ep:10.10.0.11:4011] Sent To:10.10.0.114:68
Len:1024
[8436] 12:01:36:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\udphandler.cpp:369]
Expression: , Win32 Error=2
[8436] 12:01:36: [WDSTFTP][UDP][Ep=0]
Registration Failed (rc=2)
[8436] 12:01:36:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\ifhandler.cpp:238]
Expression: , Win32 Error=2

Oddly it seems that under "normal" operation
you get a lot of these:

[9488] 12:42:17:
[d:\longhorn\base\ntsetup\opktools\wds\wdssrv\server\src\udpendpoint.cpp:811]
Expression: , Win32 Error=5023

Monday, November 12, 2012

HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003

Assign the Imported Certificate to the Web Site



  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the left pane, click your server.

  3. In the right pane, double-click Web Sites.

  4. In the right pane, right-click the Web site you want to assign the certificate to, and then click Properties.

  5. Click Directory Security, and then click Server Certificate.

  6. On the Welcome to the Web Certificate Wizard page, click Next.

  7. On the Server Certificate page, click Assign an existing certificate, and then click Next.

  8. On the Available Certificates page, click the installed certificate you want to assign to this Web site, and then click Next.

  9. On the SSL Port page, configure the SSL port number. The default port of 443 is appropriate for most situations.

  10. Click Next.

  11. On the Certificate Summary page, review the information about the certificate, and then click Next.

  12. On the Completing the Web Server Certificate Wizard page, click Finish, and then click OK.


http://support.microsoft.com/kb/816794

HOW TO: Install Imported Certificates on a Web Server in Windows Server 2003

Assign the Imported Certificate to the Web Site



  1. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In the left pane, click your server.

  3. In the right pane, double-click Web Sites.

  4. In the right pane, right-click the Web site you want to assign the certificate to, and then click Properties.

  5. Click Directory Security, and then click Server Certificate.

  6. On the Welcome to the Web Certificate Wizard page, click Next.

  7. On the Server Certificate page, click Assign an existing certificate, and then click Next.

  8. On the Available Certificates page, click the installed certificate you want to assign to this Web site, and then click Next.

  9. On the SSL Port page, configure the SSL port number. The default port of 443 is appropriate for most situations.

  10. Click Next.

  11. On the Certificate Summary page, review the information about the certificate, and then click Next.

  12. On the Completing the Web Server Certificate Wizard page, click Finish, and then click OK.


http://support.microsoft.com/kb/816794

Thursday, November 8, 2012

VMWARE: Where can i find the Dell VMware 5.1 ISO for R620 / R720

As you may be aware finding the VMware 5.1 ISO for Dell is a bit challenging.  The Dell Driver and Support page is not working properly and it is a bit frustrating.

Please see the direct link to the Dell FTP server below.

Dell VMware 5.1 ISO for R620 / R720

 

Thanks to a twitter response Dell provided the following link.

http://www.dell.com/support/drivers/us/en/04/DriverDetails/Product/poweredge-r620?driverId=XWYR5&osCode=XI51&fileId=3005015335

VMWARE: Where can i find the Dell VMware 5.1 ISO for R620 / R720

As you may be aware finding the VMware 5.1 ISO for Dell is a bit challenging.  The Dell Driver and Support page is not working properly and it is a bit frustrating.

Please see the direct link to the Dell FTP server below.

Dell VMware 5.1 ISO for R620 / R720

 

Thanks to a twitter response Dell provided the following link.

http://www.dell.com/support/drivers/us/en/04/DriverDetails/Product/poweredge-r620?driverId=XWYR5&osCode=XI51&fileId=3005015335

Friday, November 2, 2012

MDT 2012 stuck on Processing Bootstrap Settings

This can happen if you are not logged in with "the" local administrator account.

I normally create a scratch "Build" account then shortly delete it after I enable the local admin account and finish the build under the local admin account before sysprep and capture

MDT 2012 stuck on Processing Bootstrap Settings

This can happen if you are not logged in with "the" local administrator account.

I normally create a scratch "Build" account then shortly delete it after I enable the local admin account and finish the build under the local admin account before sysprep and capture

VMWare error: Unable to perform the operation. There is no available vRam capacity.

Cannot Add or Connect an ESXi Host to vCenter Server
You cannot add an ESXi host to vCenter Server.

Problem
You attempt to add or connect an ESXi host to vCenter Server but the operation is unsuccessful and you receive
the following error message.

"Unable to perform the operation. There is no available vRAM capacity."

Cause 

The vCenter Server system to which you tried to add the host to is licensed with a license key of vCenter Server Essentials that is part of the Essentials Kits. vCenter Server 5.0 Essentials licenses are hard-enforced, you cannot exceed the amount of pooled vRAM for vSphere 5.0 Essentials license keys that are assigned to the ESXi 5.0 hosts while the hosts are managed by vCenter Server. The memory that is configured to the powered-on virtual machines on the host that you try to add or reconnect exceeds the amount of pooled vRAM for vSphere Essentials. For details about vRAM and vRAM pooling, see “Licensing for ESXi 5.0 Hosts,” on page 68.

Solution
Reduce the amount of memory that is configured for the powered-on virtual machines and retry to add or
connect the ESXi host to vCenter Server.

VMWare error: Unable to perform the operation. There is no available vRam capacity.

Cannot Add or Connect an ESXi Host to vCenter Server
You cannot add an ESXi host to vCenter Server.

Problem
You attempt to add or connect an ESXi host to vCenter Server but the operation is unsuccessful and you receive
the following error message.

"Unable to perform the operation. There is no available vRAM capacity."

Cause 

The vCenter Server system to which you tried to add the host to is licensed with a license key of vCenter Server Essentials that is part of the Essentials Kits. vCenter Server 5.0 Essentials licenses are hard-enforced, you cannot exceed the amount of pooled vRAM for vSphere 5.0 Essentials license keys that are assigned to the ESXi 5.0 hosts while the hosts are managed by vCenter Server. The memory that is configured to the powered-on virtual machines on the host that you try to add or reconnect exceeds the amount of pooled vRAM for vSphere Essentials. For details about vRAM and vRAM pooling, see “Licensing for ESXi 5.0 Hosts,” on page 68.

Solution
Reduce the amount of memory that is configured for the powered-on virtual machines and retry to add or
connect the ESXi host to vCenter Server.

Thursday, November 1, 2012

"Bootmgr is missing" from deployed .wim file

BOOTMGR errors is if your PC is trying to boot from a drive that is not properly configured.  In other words, it’s trying to boot from a non-bootable source.

Cause:

This error occurs when either of the following conditions is true:

  • The Windows Boot Manager (Bootmgr) entry is not present in the Boot Configuration Data (BCD) store.

  • The Boot\BCD file on the active partition is damaged or missing.


It is most likely the captured wim image had a corrupt/missing Bootmgr record.

Open WInPE and run the command below.

bcdboot c:\windows /s c:

Now you should recapture the Wim and test a new Task Sequence deployment.

Bootrec.exe /RebuildBcd

 

http://support.microsoft.com/kb/927391

Here is the content of that article:

Resolution:


Method 1: Repair the BCD store by using the Startup Repair option


You can use the Startup Repair option in the Windows Recovery Environment to repair the BCD store. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Startup Repair.

  7. Restart the computer.


Method 2: Rebuild the BCD store by using the Bootrec.exe tool


If the previous method does not resolve the problem, you can rebuild the BCD store by using the Bootrec.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Command Prompt.

  7. Type Bootrec /RebuildBcd, and then press ENTER.

    • If the Bootrec.exe tool runs successfully, it presents you with an installation path of a Windows directory. To add the entry to the BCD store, type Yes. A confirmation message appears that indicates the entry was added successfully.

    • If the Bootrec.exe tool cannot locate any missing Windows installations, you must remove the BCD store, and then you must re-create it. To do this, type the following commands in the order in which they are presented. Press ENTER after each command.
      Bcdedit /export C:\BCD_Backup

      ren c:\boot\bcd bcd.old

      Bootrec /rebuildbcd



  8. Restart the computer.


Method 3: Rebuild the BCD store manually by using the Bcdedit.exe tool


If the previous method does not resolve the problem, you can rebuild the BCD store manually by using the Bcdedit.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Command Prompt.

  7. Type the following command, and then press ENTER:
    cd /d Partition:\Windows\System32

    Note Partition represents the letter of the partition on which Windows Vista is installed. Typically, this is partition C.

  8. Type the following command, and then press ENTER:
    bcdedit /enum all

    In the Windows Boot Loader section of the output from this command, note the GUID that is listed for resumeobject. You will use this GUID later.

  9. Type the following command, and then press ENTER:
    bcdedit -create {bootmgr} -d “Description

    Note Description represents the description for the new entry.

  10. Type the following command, and then press ENTER:
    bcdedit -set {bootmgr} device partition=Partition:

    Note Partition represents the letter of the partition. Typically, the letter is C.

  11. Type the following command, and then press ENTER:
    bcdedit /displayorder {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  12. Type the following command, and then press ENTER:
    bcdedit /default {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  13. Type the following command, and then press ENTER:
    bcdedit /timeout Value

    Note Value represents the time in seconds before the Windows Boot Manager selects the default entry that you created in step 12.

  14. Restart the computer.


If you are booting from a Server 2008 install disk, when you use the “Repair your computer” option, the available options look like this:

You can access the repair option on a Server 2008 disk by choosing “command prompt”, then running  “x:\sources\recovery\StartRep.exe”.

I did this and it worked like a champ!  It found an error, corrected it, and the server was back up and running 10 minutes later.

I have also done this on Server 2008 using a Windows Vista install disk.  Slightly risky, but the server was down anyway, and I was in a pinch.  That also worked.  Along the same lines, I would guess that a Windows 7 install disk would work for Server 2008 R2 if you had no other option.  But don’t hold me to that!

"Bootmgr is missing" from deployed .wim file

BOOTMGR errors is if your PC is trying to boot from a drive that is not properly configured.  In other words, it’s trying to boot from a non-bootable source.

Cause:

This error occurs when either of the following conditions is true:

  • The Windows Boot Manager (Bootmgr) entry is not present in the Boot Configuration Data (BCD) store.

  • The Boot\BCD file on the active partition is damaged or missing.


It is most likely the captured wim image had a corrupt/missing Bootmgr record.

Open WInPE and run the command below.

bcdboot c:\windows /s c:

Now you should recapture the Wim and test a new Task Sequence deployment.

Bootrec.exe /RebuildBcd

 

http://support.microsoft.com/kb/927391

Here is the content of that article:

Resolution:


Method 1: Repair the BCD store by using the Startup Repair option


You can use the Startup Repair option in the Windows Recovery Environment to repair the BCD store. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Startup Repair.

  7. Restart the computer.


Method 2: Rebuild the BCD store by using the Bootrec.exe tool


If the previous method does not resolve the problem, you can rebuild the BCD store by using the Bootrec.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Command Prompt.

  7. Type Bootrec /RebuildBcd, and then press ENTER.

    • If the Bootrec.exe tool runs successfully, it presents you with an installation path of a Windows directory. To add the entry to the BCD store, type Yes. A confirmation message appears that indicates the entry was added successfully.

    • If the Bootrec.exe tool cannot locate any missing Windows installations, you must remove the BCD store, and then you must re-create it. To do this, type the following commands in the order in which they are presented. Press ENTER after each command.
      Bcdedit /export C:\BCD_Backup

      ren c:\boot\bcd bcd.old

      Bootrec /rebuildbcd



  8. Restart the computer.


Method 3: Rebuild the BCD store manually by using the Bcdedit.exe tool


If the previous method does not resolve the problem, you can rebuild the BCD store manually by using the Bcdedit.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.

  2. Press a key when you are prompted.

  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.

  4. Click Repair your computer.

  5. Click the operating system that you want to repair, and then click Next.

  6. In the System Recovery Options dialog box, click Command Prompt.

  7. Type the following command, and then press ENTER:
    cd /d Partition:\Windows\System32

    Note Partition represents the letter of the partition on which Windows Vista is installed. Typically, this is partition C.

  8. Type the following command, and then press ENTER:
    bcdedit /enum all

    In the Windows Boot Loader section of the output from this command, note the GUID that is listed for resumeobject. You will use this GUID later.

  9. Type the following command, and then press ENTER:
    bcdedit -create {bootmgr} -d “Description

    Note Description represents the description for the new entry.

  10. Type the following command, and then press ENTER:
    bcdedit -set {bootmgr} device partition=Partition:

    Note Partition represents the letter of the partition. Typically, the letter is C.

  11. Type the following command, and then press ENTER:
    bcdedit /displayorder {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  12. Type the following command, and then press ENTER:
    bcdedit /default {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  13. Type the following command, and then press ENTER:
    bcdedit /timeout Value

    Note Value represents the time in seconds before the Windows Boot Manager selects the default entry that you created in step 12.

  14. Restart the computer.


If you are booting from a Server 2008 install disk, when you use the “Repair your computer” option, the available options look like this:

You can access the repair option on a Server 2008 disk by choosing “command prompt”, then running  “x:\sources\recovery\StartRep.exe”.

I did this and it worked like a champ!  It found an error, corrected it, and the server was back up and running 10 minutes later.

I have also done this on Server 2008 using a Windows Vista install disk.  Slightly risky, but the server was down anyway, and I was in a pinch.  That also worked.  Along the same lines, I would guess that a Windows 7 install disk would work for Server 2008 R2 if you had no other option.  But don’t hold me to that!

Thursday, October 25, 2012

SCCM How to deploy a client

Overview

Within Config manager the client is within the "All Systems" collection however, under the column 'Client' the answer is NO.

Stage 1

First thing to do is click on "Client installation methods"  located under Site Settings.  Then right click on "Client Push Installation" and select properties.  On the general tab if you click on "Enable Client Push Installation to assigned resources" any system discovered throug AD (or other) will have a client automatically installed.  Depending on you environment consider this tick box.

On the Accounts tab you must input account credentials that will have administrative access to the admin$ share of the client system.  The account that can access desktops may be different to domain controllers so you can put multiple accounts in here and it will try them in order.

On the Client tab you can specify the Site code.  It is also possible to define SMS cache size rather than the 5gb default. See Microsoft for additional properties http://technet.microsoft.com/en-us/library/bb680980.aspx

Client agents under Site Settings will list the agents that will be pushed out with the SCCM client.
The computer client agent is critical.  On the properties tab is important you have set a Network access account.  This agent will connect back to the SCCM server looking installation folders so it must have suitable access delegated.

Stage 2

Now SCCM is configure correctly and agents have the appropriate account setup for connection.  Right click the system without the client, Then "Install Client".  This will bring up a wizard, i like to select include only clients in this site's boundaries and Always install (repair ...). Finish the wizard.

Stage 3

Check the log files for errors! c:\Prgram Files\Microsoft Configuration Manager\Logs

Using Trace32 open the CCM log on the SCCM server.  Which will show the client deployment process so we can see if it is succeeding.



On the client system you can open the CCMSetup log file to monitor the client installation (this can take a while to complete (located admin$\system32\ccmsetup\ccmsetup.log)

On the client there are three key log to know that your client install was successful (located dmin$\system32\ccm\logs)

"Clientlocation.log" confirm the current management point is correct.
"Location services.log" Confirm the current AD site of machine is "" correct
"Execmgr.log"  This log reads policy from the management point. So advertisements creates a policy which the client reads .  "Software distribution agent was enabled" will not be in red.

Stage 4

Within the control panel there will now be three additional icons.  The Configuration Manager, Run Advertised Programs, Remote control Properties, and Program Download monitor.

There are two services installed on the client system.
SMS Agent Host
SMS Task Sequence Agent

SCCM How to deploy a client

Overview

Within Config manager the client is within the "All Systems" collection however, under the column 'Client' the answer is NO.

Stage 1

First thing to do is click on "Client installation methods"  located under Site Settings.  Then right click on "Client Push Installation" and select properties.  On the general tab if you click on "Enable Client Push Installation to assigned resources" any system discovered throug AD (or other) will have a client automatically installed.  Depending on you environment consider this tick box.

On the Accounts tab you must input account credentials that will have administrative access to the admin$ share of the client system.  The account that can access desktops may be different to domain controllers so you can put multiple accounts in here and it will try them in order.

On the Client tab you can specify the Site code.  It is also possible to define SMS cache size rather than the 5gb default. See Microsoft for additional properties http://technet.microsoft.com/en-us/library/bb680980.aspx

Client agents under Site Settings will list the agents that will be pushed out with the SCCM client.
The computer client agent is critical.  On the properties tab is important you have set a Network access account.  This agent will connect back to the SCCM server looking installation folders so it must have suitable access delegated.

Stage 2

Now SCCM is configure correctly and agents have the appropriate account setup for connection.  Right click the system without the client, Then "Install Client".  This will bring up a wizard, i like to select include only clients in this site's boundaries and Always install (repair ...). Finish the wizard.

Stage 3

Check the log files for errors! c:\Prgram Files\Microsoft Configuration Manager\Logs

Using Trace32 open the CCM log on the SCCM server.  Which will show the client deployment process so we can see if it is succeeding.



On the client system you can open the CCMSetup log file to monitor the client installation (this can take a while to complete (located admin$\system32\ccmsetup\ccmsetup.log)

On the client there are three key log to know that your client install was successful (located dmin$\system32\ccm\logs)

"Clientlocation.log" confirm the current management point is correct.
"Location services.log" Confirm the current AD site of machine is "" correct
"Execmgr.log"  This log reads policy from the management point. So advertisements creates a policy which the client reads .  "Software distribution agent was enabled" will not be in red.

Stage 4

Within the control panel there will now be three additional icons.  The Configuration Manager, Run Advertised Programs, Remote control Properties, and Program Download monitor.

There are two services installed on the client system.
SMS Agent Host
SMS Task Sequence Agent

How to send internet traffic out the ISP (not through the BES server)

http://www.blackberryforums.com.au/forums/general-bes-discussion/3946-how-send-internet-traffic-out-isp-not-through-bes-server.html

When you are on BES you have the three browsers by default, they are Internet Browser (use BlackBerry APN), BlackBerry Browser (uses BES MDS service) and the Carrier’s WAP Browser (Vodafone Live). If you use Vodafone Live you change be charged extra for the data usage so this isn't really recommended. What you should do on the BES is go "I.T Policy > Default Policy > Browser Policy Group" and change the following:

1. MDS Browser Title = MDS Internet
2. Allow IBS Browser = True
3. MDS Browser Use Separate Icon = True

After changing these policies you Internet Browser that uses the BES internet connection will be called "MDS Internet" and you should also see a separate "Browser" icon. This separate Browser icon will bypass your BES internet and use the free Blackberry APN get internet data

How to send internet traffic out the ISP (not through the BES server)

http://www.blackberryforums.com.au/forums/general-bes-discussion/3946-how-send-internet-traffic-out-isp-not-through-bes-server.html

When you are on BES you have the three browsers by default, they are Internet Browser (use BlackBerry APN), BlackBerry Browser (uses BES MDS service) and the Carrier’s WAP Browser (Vodafone Live). If you use Vodafone Live you change be charged extra for the data usage so this isn't really recommended. What you should do on the BES is go "I.T Policy > Default Policy > Browser Policy Group" and change the following:

1. MDS Browser Title = MDS Internet
2. Allow IBS Browser = True
3. MDS Browser Use Separate Icon = True

After changing these policies you Internet Browser that uses the BES internet connection will be called "MDS Internet" and you should also see a separate "Browser" icon. This separate Browser icon will bypass your BES internet and use the free Blackberry APN get internet data

Monday, October 22, 2012

SCCM PXE Task Sequence

Step 1

1 Check DHCP scope has option 66 with the SCCM server name set as the value.
2 WDS service is installed and running.
3 Under site Systems select the SCCM server and make sure "ConfigMgr PXE service point" role is installed
3.1 For a lab environment. Enable "Allow this PXE... to repond to incoming PXE requests" and "Respond to PXE request on all network interfaces".
4 Create a Collection called "Bare Metal OSD deployment"

Step 2

5 Click on "Computer Asscocation"  > "Import computer Information" > Import single computer
5.1 Enter Computer name and MAC address to define system > Add to "Bare Metal OSD deployment" collection
6 Under the node OSD in SCCM click on "Task Sequence"> Select the TS you want to deploy to the collection > Right click and "Advertise", specify the "bare metal OSD deployments".
6.1 Set as mandatory assignemtn. Tick "Ignore maintenance windows when running program and "Allow system restart outside maintenance Window.
6.2 Select "access content directly from a DP ...."

Summary

Setup WDS, DHCP scope, PXE point service, Advertised Task Sequence, Imported system via MAC address and added to collection. SCCM is ready next step is to restart the computer defined for a network boot, typically F12.

The computer will advertise that it is looking for a PXE service, the DHCP server will point it to the SCCM server that will then pick up the computer and push a Win PE image following the TS options.

Deployment

7 While SCCM WinPE  is deploying the WIM file it is possible to press F8 to bring up a DOS window and exam the SMSTSLog directory.

\\Map network drive: enter credentials
x:\> net use z: \\sccm\c$\tempsmslog

\\Copy all logs files to z:\
x:\> copy z:\ *.log

Now on your SCCM server\c$\tempsmslog folder you will find a smsts.log file.  Open with trace32 to troubleshoot.

7.1 Alternatively within SCCM select the Reporting Node and run the "Deployment status of all task sequence advertisements".  This report details the last action, exit code and Action output.

SCCM PXE Task Sequence

Step 1

1 Check DHCP scope has option 66 with the SCCM server name set as the value.
2 WDS service is installed and running.
3 Under site Systems select the SCCM server and make sure "ConfigMgr PXE service point" role is installed
3.1 For a lab environment. Enable "Allow this PXE... to repond to incoming PXE requests" and "Respond to PXE request on all network interfaces".
4 Create a Collection called "Bare Metal OSD deployment"

Step 2

5 Click on "Computer Asscocation"  > "Import computer Information" > Import single computer
5.1 Enter Computer name and MAC address to define system > Add to "Bare Metal OSD deployment" collection
6 Under the node OSD in SCCM click on "Task Sequence"> Select the TS you want to deploy to the collection > Right click and "Advertise", specify the "bare metal OSD deployments".
6.1 Set as mandatory assignemtn. Tick "Ignore maintenance windows when running program and "Allow system restart outside maintenance Window.
6.2 Select "access content directly from a DP ...."

Summary

Setup WDS, DHCP scope, PXE point service, Advertised Task Sequence, Imported system via MAC address and added to collection. SCCM is ready next step is to restart the computer defined for a network boot, typically F12.

The computer will advertise that it is looking for a PXE service, the DHCP server will point it to the SCCM server that will then pick up the computer and push a Win PE image following the TS options.

Deployment

7 While SCCM WinPE  is deploying the WIM file it is possible to press F8 to bring up a DOS window and exam the SMSTSLog directory.

\\Map network drive: enter credentials
x:\> net use z: \\sccm\c$\tempsmslog

\\Copy all logs files to z:\
x:\> copy z:\ *.log

Now on your SCCM server\c$\tempsmslog folder you will find a smsts.log file.  Open with trace32 to troubleshoot.

7.1 Alternatively within SCCM select the Reporting Node and run the "Deployment status of all task sequence advertisements".  This report details the last action, exit code and Action output.

Blackberry How to factory reset your device.

Here's how to FACTORY RESET the device.

Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable.

From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to:

C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc

Run the command:   Loader.exe /resettofactory

That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.

Blackberry How to factory reset your device.

Here's how to FACTORY RESET the device.

Install Blackberry Desktop Manager on a PC.  Connect the Blackberry to the PC with a USB cable.

From a DOS prompt (command) window on the users PC (from Start - Run  type cmd <OK>  then change directory path to:

C:\Program Files\Common Files\Research In Motion\Apploader     by typing cd\ (enter)  followed by cd Program Files (enter) then cd Common Files (enter)  etc etc

Run the command:   Loader.exe /resettofactory

That will bring the Blackberry back to the state it should be in when you get a brand new one out of the box.

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.



For more help with Enterprise Activation issues – KB13852

 

1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database

 

2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent

 

3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating username@company_name.com

Points of Failure – Device

 

4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network

 

5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network

 

















































































IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

 
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.

 

 

1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox

 

2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent

 

 


























IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

 
The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES

 

 

1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device

 

5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device

 

6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device

 

7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, username@company_name.com is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device

 


























IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.

 

1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device

 

9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service

 

10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.

 








































IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.

BES Troubleshooting Enterprise Activation

Troubleshooting the enterprise activation process can be broken down into 4 stages – when troubleshooting activation issues, let the process complete or until an error messages appears.



For more help with Enterprise Activation issues – KB13852

 

1.1.1        Stage 1 – Authentication

1.       The BESAdmin creates a new user and assigns an activation password using the Blackberry Manager (4.1.x) or the Blackberry Administration Service (5.0.X). The user list store in the blackberry Configuration Database is updated with the new user name, email address, mailbox information, activation password, activation status and other user account information.

Points of Failure – BAS, Configuration Database

 

2.       The Blackberry Dispatcher assigns the new user to a Blackberry Messaging Agent. The Blackberry Messaging Agent starts to monitor the user’s mailbox on the messaging server for new email messages. An email message containing the ETP.dat file attachment is required to continue the activation process over the Vodafone Network.

Points of Failure – Dispatcher, Messaging Agent

 

3.       The user goes to the Enterprise Activation screen on the blackberry and enters the email address and activation password. The user selects the menu key and clicks Activate. The blackberry displays Activating username@company_name.com

Points of Failure – Device

 

4.       The Blackberry creates an activation request email message that contains the email address, PIN and public key authentication information, based on the activation password typed in by the user. The activation request email message is encrypted and is sent to the RIM Relay over the Vodafone Network.

Points of Failure – Device, Network

 

5.       The RIM Relay receives the activation email message and identifies uit as an activation request. The RIM Relay forwards the email message using SMTP to the email address that was used for the Enterprise Activation screen.

Points of Failure – Antivirus software, spam filters, provisioning, users mailbox, messaging server, network

 

















































































IssueReason Solution
Failure to add user to the BESIncorrect permissions for the BESAdmin accountEnsure the permissions are correct for the BESAdmin account – KB02276
 Incorrect MAPI subsystem installed on the BESEnsure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285
 User Data cannot be written to the BB Configuration DatabaseBackup the BB Configuration Database - KB10292 and increase the size - KB10969
An Error has occurred. Please contact your system administrator appears on the BB deviceIncorrect password entered on the EA screenThe activation ETP.dat email message has reached the user’s mailbox and the BES has rejected the activation password and sent the error message to the BB device. The BES will allow 4 more attempts with the current password before a new EA password has to be created.
No EA application exists on the BB deviceThe BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
 The BB device may not be registered correctly on the VF networkConfirm that the BB device has in capital letters of either GPRS, EDGE, 3G. And is able to Register Now via the Hosting Routing Table – KB00014
 The BB device may not be running Ver. 4 or later of the device softwareConfirm that the BB device is running ver. 4 or higher of the software. To install BB device software – KB03901
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The BB device may not be provision correctlyConfirm that the provisioning of the BB device is correct via XML i.e. Enterprise or Dual provisioned. If necessary, refer to customer services to have the correct tariff applied to the account.
The BB Device is not in a wireless network coverage area.Confirm that the BB device has the correct signal type. Can the BB device send a PIN message to check coverage?
The users has entered in an incorrect email address in the EA screenThe user must retry the EA process with the correct email address.
An activation password was not createdCreate an activation password
The activation email message was moved to another folder than the inbox.Confirm that there are no filtering or forwarding rules on the Messaging Server or the user’s mailbox to a folder other than the inbox.
The user’s mailbox is full.Confirm that the user’s mailbox can receive email messages.

 
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages do not arrive in the user’s mailbox.
The user’s email messages are being routed to a .pst folder or .ost folder.Confirm that the user’s email mailbox is configures to leave a copy of the messages on the Messaging Server.

Personal and Offline folders are inaccessible to the BES.
The ETP.dat message is not reaching the user’s inbox because it is being deleted or modified by a virus scanning application.Confirm that the company’s antivirus software is not rejecting activation email message and that the EPT.dat attachment is not being deleted, flagged or modified.
The ETP.dat attachment is not reaching the user’s inbox because it is being identified as spam.Confirm that the company’s firewall is not filtering email messages from the blackberry,net domain.

Confirm that the company’s anti spam software is not flagging the activation email message and modifying its title, contents or the ETP.dat attachment.

Confirm that the users email application is not moving the activation email message to the default junk email message folder.

 

 

1.1.2        Stage 2 - Encryption Verification

1.       On arrival in the user’s mailbox, the Blackberry Messaging Agent identifies the new activation request email message and removes it from the user’s mailbox. The Blackberry Messaging Agent recognises the EPT.dat attachment in the activation request email message and begins the authentication process.

Points of Failure – Messaging Agent, Messaging Server, Users Mailbox

 

2.        The Blackberry Messaging Agent compares the authentication key received in the activation request email message with the authentication key generated from the activation password and stored in the Blackberry Configuration Database. If the authentication keys match, the blackberry Messaging Agent notifies the Blackberry device that the activation request has been received. The Blackberry Messaging Agent and the Blackberry device then generate their encryption keys that will be used to encrypt and decrypt all data

Points of Failure – Blackberry device, Messaging Agent

 

 


























IssueReason Solution
The BB device stops responding at the Activating... status screen for 10 minutes. It then retries every 10 minutes, displaying a status of Retrying... after 40 minutes the process ends with the message The server is not responding. Please contact your System Administrator.

During this stage, the activation email messages with the ETP.dat attachment appear in the user’s mailbox.
The BES does not receive the UDP notification for the new email message from the Messaging Server.Confirm that there BES can communicate with the Messaging Server
Incorrect MAPI subsystem installed on the BES.Ensure the MAPIsubsystem is equal or higher than the Exchange versions – KB10197

Recreate the MAPI profile – KB10285

 
The BESAdmin account does not have the correct permissions to access the user’s mailbox and retrieve the ETP.dat activation email message.Ensure the BESAdmin account permissions are correct for the users mailbox – KB10823

The EPT.dat activation email message must arrive in the user’s mailbox before the BESAdmin account is notified is notified that the email message has been received.
An Error has occurred. Please contact your system administrator appears on the BB deviceThe Enterprise Service Policy has restricted which BB devices can be activated on the BESConfirm that the Enterprise Service Policy allows the BB device to be activated on the BES

 

 

1.1.3        Stage 3 - Receiving services

3.       At this stage, the BES and the Blackberry device have established an encryption key and have verified their knowledge of the encryption key to each other. The Blackberry device now displays the message Encryption Verified. Waiting for Services. All data between the BES and the Blackberry device from now on is compressed and encrypted using this encryption key.

4.       The Blackberry Messaging Agent forwards the request to the Blackberry Policy Service to generate the service books. The Blackberry Policy Service adds the unique authentication key that the Blackberry Domain uses to sign IT policy data and then forwards the IT policy data through the Blackberry Dispatcher to the Blackberry Router and then to the Blackberry device. The Blackberry Policy Service waits for confirmation from the Blackberry device that the IT policy has been applied successfully.

Points of Failure – Configuration database, Messaging Agent, Policy Service, Blackberry device

 

5.       The Blackberry device applies the IT policy and sends a confirmation to the BES. The IT policy applied to the Blackberry device. The IT policy applied to the Blackberry device is now in a read-only state and can be modified only by IT policy updates sent from the same Blackberry Domain.

Points of Failure – Blackberry device

 

6.       When the Blackberry Policy Service receives the confirmation that the IT policy has been applied successfully, the Blackberry Policy Service generates and sends the service books to the Blackberry device.

Points of Failure – Configuration database, Policy Service, Blackberry device

 

7.       The Blackberry device receives the service books and displays the following message Services Received. Your email address, username@company_name.com is now enabled. At this point the users can send and receive email messages on the Blackberry device.

Points of Failure – Blackberry device

 


























IssueReason Solution
The BB device stops responding at Waiting for Services...The BB Policy Service or the BB Synchronisation Service is not started or responding.Confirm that the BB Policy Service and the BB Synchronisation Service are started or restart the services if required.
The BB Policy Service is processing the service books and the IT policy.Allow sufficient time for the BB Policy Service to process the service books and the IT policy.
Another user with the same PIN is active in the BB Configuration Database.Remove the duplicate user account from the BES.
IT Policy Rejected. Please wipe handheld and try again appears on the BB device.The BB device was previously active on another BES and has a conflicting IT policy.

This happens when the previous BES and the current BES do not share the same BB configuration database.
The user must delete all data using the Security Wipe option on the BB device to allow the new BES to overwrite the IT policy from the previous BES.

 

1.1.4        Stage 4 – Slow Synchronisation

8.       The slow synchronisation process begins. The Blackberry device requests the synchronisation configuration information from the Blackberry Synchronisation Service, the configuration information indicates whether wireless data synchronisation on the BES is turn on and which PIM databases can be synchronised. The configuration information also provides database synchronisation types (one way or two way) and conflict resolution settings.

Points of Failure – Synchronisation Service, Blackberry device

 

9.       The Blackberry Synchronisation Service returns the configuration information and synchronises the databases in the Blackberry device.

Points of Failure – Configuration Database, Blackberry device, users’ mailbox, Synchronisation Service

 

10.   The slow synchronisation process is complete when all the databases are synchronised between the Blackberry device and the BES. The blackberry device displays Activation Complete and the user account status displays Completed in the BAS console.

 








































IssueReason Solution
The EA process only completes the synchronisation process of the Calendar database.The BB Synchronisation Service is not started or responding.Confirm that the BB Synchronisation Service are started or restart the services if required.

Confirm that the MS XML parser is installed.
The BES has network connection issues with the MS SQL Server.Confirm that there are no network connectivity issues between the BES and the BB Configuration Database.
Not all databases synchronised successfully – Address Book appears on the BB device.Due to requirements for contact information, some entries in the Address Book application might have been skipped.Confirm that all contacts have a first name, last name or company name. When a contact entry is missing information in all 3 fields then the entry is not synchronised and this error message is displayed on the BB device.
PIM databases are not synchronised after the enterprise activation process has finished.The IT policy is disabling wireless bulk load, PIM synchronisation or individual PIM applications.Confirm that the IT policy allows for wireless synchronisation of PIM applications.
The EA process stops responding and the slow synchronisation process cannot complete.Content Protection is enabled on the BB Device.Turn off Content Protection before stating the EA process again.
Multiple users are attempting the slow synchronisation process at the same time.If Multiple users are attempting the slow synchronisation process at the same time, then it may take long to complete depending on BES settings and workload and the Messaging Server performance.
The Desktop [SYNC] service is corrupt.Delete and undelete the Desktop [SYNC] service books – if necessary resend from the BES.