Absoblogginlutely!

Roku update

By Andy on Friday, May 28, 2010

I went to use my roku tonight and found it not responsive – the light on the front of the device wasn’t even on so I had to hard power it off and back on again.
After the reboot it was unable to connect to the wireless so I had to run through the wireless setup again. After clicking next all the way through it was able to connect. I then went back to the firmware settings to check for an update and sure enough the new firmware has been released.
For us Netflix users, the long awaited feature of being able to browse and add movies to the queue from the Roku is now available.

So far it looks nicer – the sideways scroll through the queue is a lot smoother and faster and it seems to make much better use of the screen space – the movie picture seems to be bixer and the information on the screen looks cleaner (although I don’t think there’s quite as much information displayed as there used to be – although I could be wrong)

Pressing the down button shows new arrivals – so there is no need to search, you can just pick the ones you want.

I’m not sure, but it looks like there are more tv series out there – at least I’ve stumbled across Monty Python and Blackadder 😉

Even the search function is pretty quick – as you start typing in the letters using a 6*6 grid for the letters and numbers, the available titles auto complete down the right hand side. The search is wild carded, so entering gent will find Gentlemen Prefer Blondes and The League of Gentlemen.

Looks like a great upgrade and this device gets better and better.

Exchange / Outlook

Archive mailbox missing in Outlook 2010 – fixed

By Andy on Sunday, May 2, 2010

If you’re lucky enough to already be running Outlook 2010 and Exchange 2010, then you may have spotted your archive mailbox is missing in the newly released Office2010. There was a bug that is strangely fixed by obtaining a new key from Technet and reentering it from appwiz.cpl, office 2010, change, change product key. I’m not sure why it took so long for the product key to be changed on my machine (about 3 or 4 minutes) but sure enough, after restarting office the mail archive box was back.Thanks to Henrick Walther blog for the heads up.

In my case, there is not a lot in it as we’ve only just switched over to Outlook with Exchange 2010 so there is not a lot of old mail. However I’m already 3/5 of the way through my quota. With no archiving policies set up yet (and office 2007 on the work laptop) the manual housekeeping is going to be a pain.

Small Business Specialist certification upgraded to 2008

By Andy on Sunday, April 25, 2010

I finally got around to taking 70-653 on Friday and passing it. It was an interesting experience as I had to take a survey before the exam that asked questions about my experience with the product and what I thought were my strengths and weaknesses. If I didn’t know the exams were downloaded overnight, it would make me very suspicious – if I answered that I didn’t know remote access very well, would I get lots of questions on vpn configuration or would Microsoft be kind and avoid that area? Although I passed it would have been nice to also get a comparison with my answers from the survey and my final test results. Funnily enough my weakest area was user management – I’m pretty sure that is because I’m so used to doing things in AD and I know to do things with the wizard but I don’t pay attention to EXACTLY what the wizard is called.
Now that I’ve passed I’ve got another Technical Specialist under my belt and this should also upgrade my SBSC to 2008 status (although the SBSC doesn’t appear on Microsoft transcripts as this certification is “awarded to companies rather than individuals” (which I think is a big mistake on Microsoft’s part))

Email Exchange / Outlook

View headers or Source in Outlook 2010

By Andy on Saturday, April 24, 2010

As part of my investigation into the gmail hacks, I needed to check the source of the email I had received to see how the email had been sent to me. It could have been spoofed or sent via gmail and the headers would allow me to see which was the case. The email received in my gmail account was easy to see – I just had to click the down arrow next to the reply button and choose Show Original and then view the headers.

Outlook is a bit complicated. The easiest way is to bring back the view source icon to the ribbon. First you need to right click on in the ribbon and choose Customize the Ribbon. In order to add a new button to the ribbon, a new group needs to be created. It is probably best to expand the Home (Mail) Tab, select the last option which was “Find” in my case and then click the New Group button. Rename the Group and ensure it is selected. Then select “All Commands” under “Choose commands from:”, scroll down and select “Message Options…” and then click Add.

Click Ok back to outlook and you will now be able to select an email, click on the new button in the menu and view the headers.

Gmail Hacking Security

More gmail accounts are being hacked.

By Andy on Saturday, April 24, 2010

This afternoon I received spams from fellow colleagues at work from their gmail account. Emails went to both my personal gmail account and to my work accounts. It looks like the emails are in the sent items, which is rather worrying as it means the spammer sent mail from the account rather than forging the headers to make it look like it came from the account. I know for a fact that the password was secure on at least one of the accounts so a weak password is not the culprit. A quick (ironic) google search shows that several people are twittering this in the past couple of hours (mine came in at 3.43pm (and I had another at 7.30pm).
Google’s standard answer is to change your password, which doesn’t really help when there is obviously a back door that is letting people into the account in the first place. The solutions provided are as follows:

If your account has been compromised/hacked/stolen you will need to check at least all of the following things:

Account Security:
Settings -> Accounts and Import -> Google Account Settings -> Change Password [pick a new secure password]
Settings -> Accounts and Import -> Google Account Settings -> Change Password Recovery Options [verify secret question, SMS and secondary e-mail address]

Potential Spam:
Settings -> General -> Signature [make sure nothing as been added]
Settings -> General -> Vacation Responder [make sure it’s disabled and empty]

E-mail Theft
Settings -> Accounts and Import -> Send Mail As [make sure it is using your correct e-mail address]
Settings -> Filters [no filters that forward or delete e-mail]
Settings -> Forwarding and POP/IMAP -> Forwarding [disabled or correct address]
Settings -> Forwarding and POP/IMAP -> POP Download [disabled]
Settings -> Forwarding and POP/IMAP -> IMAP Access [disabled]

Additional Information
Keeping account secure: https://mail.google.com/support/bin/answer.py?hl=en&answer=46526
Protecting your account: https://mail.google.com/support/bin/answer.py?hl=en&answer=29407
If your account is compromised: http://mail.google.com/support/bin/answer.py?hl=en&answer=50270

Ciao is also reporting similar issues today.

It would be interesting to see if any of the compromised accounts were on the Google Apps servers as this probably has greater repercussions for Google’s business model as people will trust Google even less. It will certainly raise questions at work on Monday as to whether we would recommend moving some clients to Google Apps. Even if you haven’t been hacked (check your sent items, filters and your frequent contacts for spam messages) I would still highly recommend you change your password NOW and ensure it is a complicated, non-dictionary based one.

Symantec

Symantec 11.0.6 is now out – hope you have a large hard drive.

By Andy on Friday, April 16, 2010

According to their website, the download for 11.0.6 is 1183 million Mb in size – thats 1.1Pb of data. I think I’ll need a few usb drives to make this portable.

exchange2007 Microsoft

Could not open key UNKNOWN\Components – fixed

By Andy on Saturday, April 10, 2010

When attempting to install Exchange 2007 sp2 on a server I was getting the error message Could not open Key UNKNOWN\Components\ 32 hex numbers \ another 32 hex numbers (see below)

This turned out to be occurring when the Rollup 9 package was being uninstalled. Checking into the registry and hklm \software \ microsoft \ windows \ CurrentVersion \ Installer \ UserData \ S-1-5-18 \ Components \ numbers \ numbers. Taking ownership of the parent registry key and then assigning my admin user full rights to the parent and cascading permissions would allow the procedure to continue a little bit further. Eventually after a couple of attempts I expanded the Components key in regedit using ctrl + and then used the arrow key to move all the way through, fixing permissions as required. The lazy way would have been to set permissions at the Components Key but that may cause other problems I didn’t really want to deal with in the future.

I have no idea why the permissions were so screwed up but I really do not appreciate wasting 4 hours on a Saturday afternoon trying to fix the issue – it took a while to debug the initial errors and then more time to run the install, find out it kept causing errors with different registry locations and then navigate through the entire component tree.

.Net Bugs Hotfixes Microsoft Patches Windows 2003 Work

The installation failed with: This patch package could not be opened – Fixed.

By Andy on Monday, March 29, 2010

I have been trying to install the KB958481 patch for Microsoft Dot Net Framework 2 for many hours. Each time the installation would fail with “The installation failed with: This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer Patch Package.”

Of course the patch file exists (I am installing it after all) and the patch file came from Microsoft so I would hope it’s valid. Most of the suggestions seemed to resolve around removing the dotnet framework and reinstalling. All of which I had done in a variety of ways. First by uninstalling the software through add/remove programs and then through Aaron Stebner’s dotnet cleanup tool – neither of which solved the problem.

Eventually I stumbled across a tech posting (made after my initial problem started) in the Microsoft forums (first and second posting that mentioned installing the Microsoft Installer 4.5 redistributable component. After an initial reboot before installing, a reboot after installing, installing the .net patch and another reboot afterwards I was up and running and able to install the other .net patches too.

Powershell

Enabling powershell to run scripts with registry permissions.

By Andy on Wednesday, March 24, 2010

As part of my powershell work I obviously need to run powershell scripts. I tried to run one last night and got the usual message about scripts needing to be signed. I had previously changed the settings on my XP machine, but this was obviously the first time I had run a script on my Windows7 machine.

Running the usual “set-executionpolicy remotesigned” I got the following error message “Execution Policy Change. The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose you to the security risks described in the about_Execution_Policies help topic. Do you want to change the execution policy?”

Answering Yes to the prompt I then got the following error message – “Set-ExecutionPolicy : Access to the registry key ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell’ is denied”. Sure enough I don’t have permission to this registry key.

I checked with our admin to ensure this wasn’t set in group policy before I started fiddling around. Found out that there is another setting that is user specific that can be set with “Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy RemoteSigned”

After doing this I was then able to run scripts, and more importantly my profile script runs. Seeing as though this is my workstation I don’t really care about anyone else’s powershell scripts on my machine 😉

However, if you want to set it for all users, then set the Scope Parameter to be LocalMachine

To set it domain wide, you need to download the PowerShell group policy templates from Microsoft and follow the instructions to set up a policy.

Microsoft Vista Windows 2003

When Genuine Advantage fails to work….

By Andy on Sunday, March 21, 2010

I’ve had two issues with Genuine Advantage since Thursday – both issues not currently resolved. The first was a server that was restored from a ShadowProtect backup to a virtual machine on ESXI. This is to try and sort out an issue on the original server without causing any more damage to the original server. The restored server boots up fine and allows me to enter my username and password. Immediately after logging in, it then detects it needs to be activated and gives me the option to activate or cancel. If I select Yes to activate with Microsoft it should then jump into the routine of providing a set of numbers and a phone number to call Microsoft (or via the internet). Instead, this server just logs me off. Very frustrating and not useful at all.

Initially the problem was made worse due to the fact that the initial restoration meant that a normal boot insisted AD was corrupt and to go into safe mode to repair but safe mode had the same problem with Windows Activation. After a re-restore I’m not getting the AD corrupt problem but I am getting the Windows Activation issue. On a side note, it is essential that if you restore a server with shadowprotect that has a C,D and E drive with the NTDS files stored on the E drive, then you need to restore C, then D, then E. If you restore just C and E and specify the drives are C and E, when the machine reboots the E drive will become D and your AD will corrupt itself.

So as you can see I’ve had a troubling week at work doing some restores! The good news is I know how to recover from the above problem but not when Genuine Advantage gets in the way!

The other issue was with a friends Vista machine that had the hard drive fail. I suspect the MBR got corrupted as there was initially no operating system found and my initial repair worked when I told the machine to run diagnostics and fix them and about 5 seconds later the machine was booting. However on the next reboot the system failed again. He then used the HP recovery CD to restore Vista to the machine and then after login Windows (and Security Essentials) was complaining that the copy of Windows was not genuine. However going to the Validate Windows page, the webpage shows that the pc passes with no problems found (although the computer disagrees still). Running the MGADiag tool however returns Validation Status: Invalid License, Validation Code: 50. From the support forums – “Your copy of Windows 7 is using an OEM SLP key. This type of key only comes win Windows that come pre-installed in a computer built by a large manufacturer. When an OEM SLP key is in uses, Windows looks to the Bios on the computer’s motherboard for a OEM Bios Flag. An OEM Bios Flag is information found only in the bios of computers built by a large manufacturer that come with Windows pre-installed. An OEM Bios Flag is specific to the Manufacturer and the version of Windows it’s good for. So, If Windows is using an OEM SLP key and the Proper OEM Bios Flag is present in the computer’s Bios, Windows will self-activate”. Of course this is all well and good until the computer does not self activate…..

I’ll update on the both of these issues when I get time to work on the machines and solve the problems.