Archive for the ‘Windows’ Category

Having to use another keyboard to unlock a secondary computer over Synergy can be annoying. Synergy let’s you unlock a secondary computer by sending CTRL + ALT + Pause/Break, however a default Windows setting prevents this from working. To allow this follow these steps.

1. Launch the local group policy editor by clicking start and enter “gpedit.msc”.

2. Navigate to Computer Configuration/Administrative Templates/Windows Components/Windows Logon Options

3. Double click “Disable or enable software Secure Attention Sequence”.

4. Check the “Enabled” box and then select “Services” from the dropdown.

5. Click OK.

Unfortunately you will not be able to lock the secondary computer with this same command. For faster locking I recommend creating a shortcut with the following target:
C:\Windows\System32\rundll32.exe user32.dll,LockWorkStation

This can then be placed on your start bar or start menu.

This article describes how to use an existing SSL for use with Stash. The process involves converting the certificate using OpenSSL, importing it into the Java keystore, and then updating the Stash configuration to utilize it.

1. First you will need to arrange your certificate in a .pem file. Open Notepad and copy/paste the certificate, key, intermediate certificate, and root certificate in the following format:
—–BEGIN RSA PRIVATE KEY—–
Private key for yourdomain.com
—–END RSA PRIVATE KEY—–
—–BEGIN CERTIFICATE—–
SSL for yourdomain.com
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Intermediate certificate from the issuing authority
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
Root certificate from the issuing authority
—–END CERTIFICATE—–

2. Save the file as “yourdomain.pem”.

3. Open a command prompt and navigate to where you saved the .pem file. Then run the following command:

openssl pkcs12 -export -in yourdomain.pem > yourdomain.p12

Note: This requires OpenSSL to be installed. If necessary this can be downloaded here.

4. Copy the new .p12 file to the server if it is not already there. Then open a command prompt and run the following to import the certificate into the keystore:

keytool -importkeystore -srckeystore yourdomain.p12 -destkeystore server.jks -srcstoretype pkcs12

You will be prompted for two passwords. Make sure to enter the same password for both and make note of this for later. If keytool is not recognized as a valid command you will have to change directories to the Java JRE bin directory.

5. Edit the Server.xml file located in the “conf” directory of your Stash installation directory. Anywhere before the ending tab enter the following:

<Connector port="8443"
maxHttpHeaderSize="8192"
SSLEnabled="true"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
useBodyEncodingForURI="true"
acceptCount="100"
scheme="https"
secure="true"
clientAuth="false"
keystoreFile="C:\server.jks"
keystorePass="MyPassword"
sslProtocol="TLS" />

You may need to update the following values depending on your setup:
keystoreFile: This is the full path to the .jks keystore file.
keystorePass: This is the import password you used during step # 4.

I did not do any tweaking of the values listed above. They were simply taken from Atlassian’s guide Securing Stash with Tomcat using SSL.

6. Restart the Stash service and test by navigating to the following URL:
https://yourdomain.com:8443

While trying to work with Microsoft Word on a server through .NET the following error was thrown:

Retrieving the COM class factory for component with CLSID {000209FF-0000-0000-C000-000000000046} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)).

To resolve this you will need to grant COM permissions to the user running the application pool.

1. Open up Component Services (Start -> Run -> dcomcnfg)
2. Expand Component Services -> Computers
3. Right click My Computer -> Properties

4. On the COM Security tab click Edit Default under the “Launch and Activation Permissions” section

5. Add the IIS_IUSRS group and check allow next to Local Launch and Local Activation

When trying to use Performance counters with WCAT testing I was getting this error on the final report:

An error occured collecting server information data. Check that WMI is available.

Looking back at the command prompt on the controller I also saw this:

ERROR:Unknown error -1073738789 (c0000bdb)

Wireshark and Procmon did not really indicate any problems. In my situation I was logged into the WCAT controller as a domain user which did not have administrative access on the web server I was trying to start the Perfmon counters on.

After adding this domain user to the administrative users group on the web server, the WCAT test successfully collected the Performance counters specified in my settings.ubr file.

After SQL was removed from Failover Cluster Manager I was unable to uninstall it. The following error was logged in the application logs:

Product: Microsoft SQL Server 2008 Database Engine Services — Error 25012. There was an error attempting to remove the configuration of the product which prevents any other action from occuring. The current configuration of the product is being cancelled as a result.

To correct this I needed to follow the steps below to tell SQL it was no longer in a cluster. Then I was able to uninstall normally.

1. Open Registry Editor (Start -> run -> type in ‘regedit’)

2. Navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.MSSQLSERVER\ClusterState\SQL_Engine_Core_Inst

3. Change the value of this “SQL_Engine_Core_Inst” key from 1 to 0.

4. Uninstall as normal through Programs and Features

These instructions will work for Server 2003 and 2008. Here is the full error message:

The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {12345} to the user NT AUTHORITY\NETWORK SERVICE SID from address LocalHost

1. Open Component Servers (Start -> Run -> dcomcnfg).

2. Expand Component Services -> expand Computers.

3. Right click My Computer -> Properties -> COM Security tab.

4. Click “Edit Default” under the “Launch and Activation Permission section.


5. Click Add -> Advanced -> Find Now.

6. Scroll down and select the “NETWORK SERVICE” user -> OK -> OK

7. Select the “NETWORK SERVICE” user and check the allow box next to “Local Launch”.


8. Click OK -> OK

I received the following error when trying to install the SNMP service on Windows Server 2008:

Attempt to install SNMP Service failed. The source for the specified package or file was not found (error value: 0x800F081F).

The solution was to install the System Update Readiness tool for the appropriate version of Windows. I recommend the manual install (method 2) here:
http://support.microsoft.com/kb/947821

After hotfix 947821 is installed just try installing the failing feature or role again. In my case an incomplete Windows update or feature installation was preventing the installation of the SNMP feature.

Wireshark offers command line options which allows users to capture traffic information through a batch file. This also means the built in Windows scheduled task feature can be used to schedule a capture.

Example batch file:

"C:\Program Files\Wireshark\tshark.exe" -a duration:14400 -a filesize:20480 -a files:512 -w "C:\Program Files\Wireshark\captures\Packet_Capture.pcap"

-w: Specifies the output file:
In this example it will create the following file and increment the names if multiple files are being created:
C:\Program Files\Wireshark\captures\Packet_Capture.pcap

-a: Capture autostop conditions in the example above:
duration: Stop after 14400 seconds (4 hours)
filesize: Create a new file after it reaches 20480KB (20MB)
files: Stop creating new files after it reaches 512 (512 x 20MB = 10GB total)

For a full list of command line options use “wireshark -h” in a command prompt or take a look at the Wireshark command line help page.

If you need to bulk add IPs to a Windows server (2003 or 2008) one of the following batch scripts will make that much easier.

Example one:
This example will add a range of IPs as specified between the parentheses. Here are the values used in the example below:
2 = Starting octet
1 = Value to increment
5 = Ending octet

FOR /L %%i IN (2,1,5) DO netsh in ip add address "EXT" 192.168.1.%%i 255.255.255.192

This will add 192.168.1.2 through 192.168.1.5 to the connection labeled “EXT”.

Example two:
If you have a list of IPs that need to be added in a text file, the following batch script can be used. Ensure that each IP is on a new line:

FOR /F %%i IN (IPs.txt) DO (
netsh in ip add address "EXT" %%i 255.255.255.240
)

Make sure “IPs.txt” is the name of your file, “EXT” is the name of your connection, and the netmask (255.255.255.240) is correct for your range.

This is a quick example of how to automate a FTP task with a batch file. WinSCP allows you to utilize a script file with your connection details and commands, which makes things very easy.

Save the following details into “myscript.txt”:

# Answer all prompts negatively so the script
#does not stall on error
option batch on
# Disable overwrite confirmations
option confirm off
# Connect using a password
open ftp://myftpusername:mypassword@127.0.0.1:21
# Upload files
put C:\mydirectory

Make sure to update these values appropriately:
myftpusername = FTP username
mypassword = FTP user’s password
127.0.0.1 = IP or hostname of machine you are connecting to
C:\mydirectory = directory you wish to copy to the home directory of your FTP user

Then the following can be placed in a .bat file to execute the upload above:

C:\Program Files\WinSCP\winscp.exe /console /script=myscript.txt

Note you may need to update the path to the WinSCP executable or the myscript.txt file depending on your installation.