Andy

http://absoblogginlutely.pip.verisignlabs.com/

Fixed: DigitalPersona fingerprint reader with roaming profiles not saving passwords

By Andy on Sunday, July 24, 2011

The new laptop has a fingerprint reader included and comes with DigitalPersona’s fingerprint software. At first glance, this looks like a useful piece of software but after trying to use it, I’ve found it very buggy and the support is non-existant. DigitalPersona offer no support for the product and refer you to the OEM partner, in my case Dell, who have nothing in their knowledge base about this product either.

My problem was to do with our roaming profile. After receiving the laptop last night I synched (or so I thought) to the domain, took the machine home and logged in. Windows7 decides that it can’t load my profile and uses the temporary saved copy – all well and good for now, my desktop background, images, shortcuts etc all exist. However every time I go to add a new website in DigitalPersona, it seems to take the information but does not actually save it to the machine. Suspecting roaming profiles, I created a local user, logged on as that user and registered my fingers. Note that if you do this, when you use the Windows Login Screen and your finger to login, the pc automatically logs you in without asking which user you want to use. I’m not sure how it determines which user to use, but in my case it used my local user (which was also the most recently created user).

After logging on as the local user I was then able to launch Internet Explorer (9), log into gmail, facebook and this blog and register my usernames and passwords and DigitalPersona kept the information. At this point I also used the option to download and install updates to the software – the most recent version that is now running on the pc is 5.30.252a. Note to get to the updates, click on the plus sign by central management and then the update tab appears.

I then logged off the machine and logged back as my domain account. Tried to use DigitalPersona and yet again the software refused to take my passwords. I opened explorer up, browsed to %appdata% and sure enough – there was no DigitalPersona directory. I then browsed to c:\users\localusername\appdata\local and checked out the DigitalPersona directory. This contains an OTS directory and then a _dp_ots_tmp and DPIconCache directory. The tmp directory was empty and the DPIconCache directory contained an icon for the sites I’d saved the password to. I copied the DigitalPersona directroy from the localusers\appdata\local directory to my own %appdata% directory and magically was able to start saving passwords in IE9.

Unfortunately I’ve yet to get the program to work with Firefox or Keepass – the program is unable to detect Firefox or Keepass having a login window.

If anyone has a better (preferably free) password manager that works with IE, Firefox, Chrome and Keepass (last is optional) then please let me know.

Library

CML Library lookup bookmarklet again.

By Andy on Saturday, July 23, 2011

Several years ago I had a bookmarklet that would let me jump from an Amazon book page to the catalog page on the Columbus Metropolitan Library website. It was then a simple matter of clicking the reserve button to add the book to my reserve list. A while back the library changed their system and I never got round to updating the bookmark,but drag this CML Link to your favourites bar and you too can have the same functionality. If you are not using CML’s system the link is pretty easy to change so you may be able to work it out yourself. Alternatively try using Jon Udell’s Library Bookmark Generator page that got me started in rebuilding this link.

Powerpoint

Fixed – PowerPoint was unable to display some of the text, images, or objects on slides in the file.

By Andy on Wednesday, June 22, 2011

After several hours of work today, Powerpoint suddenly gave the error message “PowerPoint was unable to display some of the text, images, or objects on slides in the file, filename because they have become corrupted. Affected slides have been replaced by blank slides in the presentation and it not possible to recover the lost information. To ensure that the file can be opened in previous versions of PowerPoint, use the Save As command (File menu) and save the file with either the same or a new name.”

Now it is all very well giving a really verbose error message, but to totally blank out slides and wipe out missing data is a very peculiar way of fixing the issue. It looks like a hotfix was released in May 2011 but in our case, I saved the file to a usb drive, copied it across to my machine that had office 2010 installed and then opened the file in Powerpoint 2010. I was able to open the file but this time I got another warning about some data being corrupted but the slides that were empty in 2003 were displayed ok. I then resaved the file back to a new filename on the usb drive, opened the new file back in 2003 and we were really relieved to have a working powerpoint file to continue working on.

Not only is the data back, it also means another 4 hours of work does not need to be repeated and instead more time can be spent surfing waves – a great result all around.

Security

Interesting analysis of Sony password

By Andy on Saturday, June 11, 2011

Troy Hunt has a nice analysis of some of the passwords that were recently stolen from Sony. As usual, most of the characters are pretty easily cracked, although in this case the hackers didn’t need to as the passwords were stored in plain text. The scary thing is how many of the passwords were the same between the Sony site and the Gawker site that was also broken into earlier. Naturally the key (no pun intended) between the sites is the userid is commonly the email address which then also means there is a fairly good chance of having your gmail account broken into. One of these days I’ll break this information up into a password guide for users to show then how it “really could happen to them” and the risk it generates to the company as well as their personal information. I’m actually surprised at the number of people who use their work email address for things like Facebook and other social applications. After all, work email address’s are not exactly permanent nowadays and definitely not private. It would also be really interesting to take all of our email address’s from our clients and run them against the login id’s from this database to see if anyone was in the database. Alternatively checking previous web site history viewing would give a clue if people were using this site (but would be a very painful and time consuming process). The only problem is the time it would take and the fact that only a subset of the data was made available for download to the general public.

SBS

Fixed – “an error has occurred while sending this report” when sending reports in SBS2011

By Andy on Friday, June 10, 2011

One of the things we now do as part of an SBS2011 or SBS2008 migration is to add a report in the console purely for backup purposes. This gives us the ability to check the backups are running every day and can also be sent to the clients IT technical contact for reassurance. If you log on as the administrator and try to run a report to email, the server fails with “An error has occurred while sending this report. As a result, some of the recipients will not receive this report in email.”

The solution is simple. Log off from the administrator account and use the one that was setup for the migration – this seems to do the trick. The only thing left (for me) is to work out how to modify the report to send me the last 24 hours of backups – not just the last and the next backup job. We backup 3 times a day but only find out the status of the last job with the existing reports.

MDT

Troubleshooting MDT software installs.

By Andy on Saturday, May 28, 2011

Took me a while to realise that you don’t need to go through the whole reinstall an OS task sequence if you just want to retest a software install that failed within an MDT installation.

Make sure that a new Task Sequence is created on the MDT server that installs an application. Then once the OS has been installed you can just connect to the mdt server deployment share and run litetouch.vbs. Provide the credentials and test the installs.

Unfortunately I can’t work out why most of my installs are failing with unexpected error 2.

Scripting

Commenting out command in batch file gotcha.

By Andy on Friday, May 27, 2011

I’ve been working on a batch file script (yes I know I am meant to be using powershell) and kept getting a “The syntax of the command is incorrect”.

My code is as follows:-

reg query “hklm\software\microsoft\windows\currentversion\windowsupdate\auto update\Rebootrequired”
if not errorlevel 1 (
::theKey exists therefore we need to do a reboot
echo reboot is required from previous windows updates.
)

The :: is a quick and tidy shortcut to rem out a statement in a batch file.

However – today I found out that you cannot use this trick within an if statement. Instead the :: needs to become rem

So the script becomes

if errorlevel 1 (
rem theKey exists therefore we need to do a reboot
echo reboot is required from previous windows updates.
)

For what it’s worth this is a snippet of code from a script that detects if windows updates are required, installs them, emails the log file and then reboots if required. The step above comes from a recent discovery that the patch detection returns no patches needed if the server is still in a pending reboot after patches were applied (typically because the shutdown failed to take place)

Powershell

Scripting Guys blog formatting – now in html format.

By Andy on Monday, May 2, 2011

You can thank me later 😉

On my way home from work late the other night I was listening to episode 152 of the Mind Of Root Podcast where Keith and Steve interviewed Ed Wilson from the Hey Scripting Guy! blog. It was a really interesting podcast and explained their goals to get users learning Powershell and push out some best practice ideas. So far I like the power of Powershell but I’m finding the learning curve pretty steep. Especially as I can do a lot of my scripting requirements within a normal dos batch file in a lot fewer lines than Powershell requires. However I do understand that Powershell provides a lot more functionality, especially when built into products such as BPOS, exchange etc.

The next weekend I found Ed’s scripting blog, read a few articles, commented on one about using streams.exe to unblock zip files (been there, done that – very frustrating to find out you should unblock a zip file before extracting many thousands of files) and then subscribed to the blog feed.

Unfortunately the blog posts lost all their formatting when reading the rss feed so something that looks nice and clear on the webpage

looked horrendous when viewed in Google reader – there are no line breaks, text formatting or anything else that makes the blog post easy to read.

I’m not quite sure why the post is a garish pink colour either, but I could live with that.

A quick look through other blogs hosted on blogs.technet.com show that formatting can be preserved (see Matt Hesters Blog feed) below so I sent an email to Ed Wilson to see if the settings could be changed.

He responded back the next day and said he would pass the request onto the webmaster. Since then I’ve been checking the rss feed and the website and today everything is displaying correctly (it looks like the switch started yesterday). So thanks to Ed and the Technet website admins – the change is really appreciated. Hopefully this makes the reading of the blog easier for everyone else too!

BPOS

Fixed: “Server is busy or you’ve lost your internet connection” when changing a BPOS password

By Andy on Tuesday, April 19, 2011

Last week I needed to reset a BPOS account password for a new user that I was setting up. I logged into the BPOS control panel and reset the users password, copied the new one to the clipboard and then proceeded to try and login as the user through the web interface. The web interface took the new password and as expected it then prompted me to change the password as this was the first time of logging on as the user. However on entering a new password I got "server is busy or you’ve lost your internet connection". I obviously haven’t lost my internet connection and I am hoping that the Microsoft servers are not that busy.

Attempting to login through the single sign on client gave me the following error message – ”Your password could not be changed due since we couldn’t connect to the service. Please check your network connection or contact your service administrator”.

I couldn’t find anything useful online for this issue so I logged a ticket with BPOS support. They came back with a powershell script (below) that fixed the issue and admitted that this is a known problem that sometimes occurs when a password is changed in the gui.

First the BPOS migration tool needs to be downloaded on a machine with powershell installed. Although the migration tools themselves are not required for this particular issue, it provides the extensions to powershell to allow you to manage BPOS. If you are managing BPOS users then you should have this installed already. If not, the migration tools can be downloaded from either the 32bit migration tool (transporter tool) or the 64bit migration tool pages.

Once installed, from the migration tool powershell prompt, enter the following

$tcred=Get-Credential
Note: In the Credential Popup Window, type in the Exchange Online Administrator account & password.
Once it is saved, type in the following command. I’m not sure that this first step is needed as you are prompted for the credentials again when you enter the next line, but as Microsoft said it, it must be true Winking smile

The second command resets the user password –
Set-MSOnlineUserPassword -identity emailalias@bposemaildomain.com –Password strongpasswordhere -ChangePasswordOnNextLogon $True

You will then be able to login as the user with the new password provided above. Note you will be prompted to change the password again, but this time the password change should be accepted.

Backup Backups SBS Windows 2008 Work

Fixed – “The filename, directory name, or volume label syntax is incorrect" when you add a hard drive to Windows 2008 R2 backup

By Andy on Monday, March 21, 2011

Apparently, according to Microsoft KB Article 2009365 this issue occurs when a previously hard drive (or the only previously defined) hard drive has been removed from the server and a new drive is being attached. This is typically the case when setting up a new server and preconfiguring the backups to go to the second identical usb drive. Most people are just going to unplug the drive leaving the old power supply and usb cable attached to the server and power and plug in the new drive and then attempt to add it to the backup schedule. At this point the backup program will give the error “The filename, directory name, or volume label syntax is incorrect” as the old drive is no longer attached. Microsoft have a couple of solutions, including adding the first drive back to the server, or removing the first drive. Neither of which are very helpful if you are just swapping the external drive itself. The final solution is to add the drives from an elevated command line using the following.

Run the following command from an elevated command prompt to determine the Disk Identifier of the new disk:
wbadmin get disks
Based on the output, locate the disk that will be added to the scheduled backup. Make a note of the Disk Identifier. The output will resemble the following:
Disk name: xxxxxxxxxxx
Disk number: x
Disk identifier: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
Total space: xxx.xx GB
Used space : xxx.xx GB
Run the following command to add the new disk to the Scheduled backup. Use the Disk Identifier from the previous step as the "AddTarget" parameter.
WBADMIN ENABLE BACKUP -addtarget:{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
When you receive the following prompt, type Y for Yes.

"Do you want to enable scheduled backups with the above settings?"

5. You may be prompted to format the drive if it was previously used in another server or for another purpose.

The screenshot below shows the addition of a USB drive to my virtualised SBS server.