Tag Archives: Solved

Fixed – Warning, an attempt to check your OpenID Provider login status returned an invalid SSL certificate error

Using firefox on my main computer at home this morning I started to get a message stating “openid provider login status returned an invalid ssl certificate” and it took me a couple of minutes to work out how to fix this.

Warning, an attempt to check your OpenID Provider login status returned an invalid SSL certificate error.

About 2 years ago, I installed the Verisign Labs PIP seatbelt extension for firefox. This enables me to sign in with an OpenID account and not have to pass my real credentials across the internet all the time. This works great for securely signing into my WordPress account without passing my credentials in cleartext when I am at a conference etc. However, Verisigns certificate expired a couple of days ago and they replaced it with a new one.

Unfortunately it seems that the seatbelt extension knows about the old certificate but does not trust the new one.

The solution is quick and easy, but not obvious from the error message. However thanks to Doug at TakeALeft from back in 2009, you just need to update the seatbelt extension.

In firefox go to Tools, Addons and scroll down until you get to the Seatbelt extension. Select Options and then click on the OpenID Providers tab.

OpenID Providers tab - select the provider and choose Update

Note that in my screenshot above, I have already updated mine, but select the Provider and then click Update.

You will then be prompted with “Your Primary OpenID provider has published a new configuration file. Say OK  to this message.

image

 

OK your way out of all the dialog boxes and the error message is no more.

Fixed – Adobe Reader not opening in ie – turning off Open in browser.

Using Adobe Reader 9.04 on a Windows 2008r2 Remote Desktop server, I was finding that a lot of websites would fail to run when a pdf file was opened in the browser. Going to Edit/Preferences/Internet and unchecking the “Open pdf in browser” fixed the problem. The next problem was making this site wide and for every user on the terminal server.
Using procmon I was able to check the registry changes that occurred when this box was checked (although this does not help when the av software is constantly scanning the registry and files). By creating HKCU\ Software\ Adobe\ Acrobat Reader\ 9.0\ Original\ bBrowserIntegration as a dword and setting the value to 0, this option was checked for everyone. I did notice that the server initially checks HKLM for the same value, but in testing I found that adding this value under HKLM did not make the user interface change. I know Adobe checks other settings in the registry so I’m not sure if it was checking other locations to see if HKLM should also be set, but in that case, why check the HKLM value too?
Using the Group Policy Preferences I was able to create a new setting and now Adobe Reader works for everyone on the server.

Of course, once you know this key it’s easy to find lots of google articles mentioning bBrowserIntegration but I couldn’t find anything when I initially researched this problem. One solution that might make it easier is to download a Adobe Reader Group Policy template which you can then import (computer / Administrative Templates/ Right click and browse) to apply this and other settings. Note that I found the EULA supression did not work for me with Adobe Reader 9.04 on W2k8R2

Fixed – Printers missing in Windows 2008 r2 (and Windows 7)

As part of a client migration this week I had to install a whole load of new printers on a new Windows 2008r2 server. In particular, one copier printer had about 7 different printers setup pointing to the same device – this was to allow the user to select which tray they wanted to print to without having to change the printer settings each time.
By the time I got to my fifth printer I noticed that the devices window was only showing two printers. When I selected the details view in explorer it was only showing printer1 and printer4, pressing F5 to refresh the screen would only show printer2 and printer3. This was really disconcerting as I kept getting interrupted in what I was doing so it was hard to work out which printers had already been setup when they did not appear in the user interface. However they did appear in the list of printers when I went to print something from notepad.
Puzzled, I did some searching and eventually came across Network Steve’s post about bringing back printers in Windows 7. Following his instructions and creating a new Key under hklm \Software \Microsoft \Windows \CurrentVersion\ Explorer \ControlPanel \NameSpace called {2227a280-3aea-1069-a2de-08002b30309d} a new icon appeared in control panel called printers and I can now see all of the printers so Thanks Steve!
Incidentally, these printers were set up and shared on a print server and then accessed on a locked down terminal server. I haven’t been able to work out how to get the list of printers to show up for a locked down user within control panel. The printer icon is not a normal .cpl file so I can’t include that in the list of available icons in control panel for users to use. This is not a critical function but helps when testing and troubleshooting printer issues for users in the future.

Fixed – wifi not resolving dns on laptop with Windows7

I had a strange case the other day at work when all of a sudden my laptop would fail to resolve dns queries for my wireless connection only – my wired card was not affected. Changing dns entries to another server did not fix the issue. Eventually I tried disabling the Microsoft Virtual Wifi Miniport Adapter (from device manager) and immediately I was able to resolve dns again. Once I discovered this fix I remembered something similar with this adapter. Looking back through my previous notes we had an issue with Shrewsoft’s vpn software – with the Microsoft Virtual Wifi Miniport Adapter enabled we were unable to get a vpn session working to a Cisco client.
So far, disabling this adapter does not seem to have caused any issues – apparently it’s purpose is to allow you to connect to more than one wireless connection at the same time – an unlikely requirement in most business situations.

Blat crashes when an email is sent – fixed.

I had an issue with blat yesterday with a new script I was working on. Every time I sent an email, it would crash and I would get “A Win32 command line eMail tool has stopped working.” As this was also running on a Windows2008 server this was also affecting the reliability index on the server – one of the things we check as part of our checkups.
I spent a good while trying to work out what was wrong, typed out the command to send mail and it worked – so I knew the issue was not blat itself. After calling over a colleague to help, demonstrating the (reproducible) problem of pasting the script line and crashing blat I asked what was wrong. The two of us still took a couple of minutes before he realised I had mistyped the server name used to send the mail. Instead of domain.com.s6a1.psmtp.com I had entered domain.com.s6a1.pmstp.com
Sure enough – if the mail server hostname can not be resolved by blat – it will crash. I was also able to reproduce this on my Windows7 machine at home too.

A simple fix but difficult to find after looking at code for a long time – getting someone else to look at your code often does wonders.

Fixed – Right click option to scan files missing in Microsoft Security Essentials Beta

I’ve been doing a bit of work with the latest beta this morning and found that the option to right click on a folder or file and scan it was missing. According to the connect website, the “Item Scan with Microsoft Security Essentials is missing from right click menu because file shellext.dll is not registered in the OS (C:\Program Files\Microsoft Security Client\shellext.dll). To resolve this issue, open a command prompt with administrator permissions, type regsvr32 “C:\Program Files\Microsoft Security Client\shellext.dll” and press ENTER.”
Sure enough this works. Thanks to 777Andrey777 for the solution on the connect website (login required).

The other issues that I have also encountered include the Windows Home Server connector monitor flags the fact that my av is out of date or turned off when the computer is rebooted – this lasts for about 20 to 30 seconds. The instructions to provide feedback are also missing on the connect website (which was not very helpful). However log files can be generated by running “mpcmdrun -getfiles” from the Microsoft Security Client\Antimalware directory within program files.

Fixed – Group Policy settings show “An error occurred while generating report: An unknown error occurred while the HTML report was being created.”

Whilst doing some troubleshooting work for a client’s group policy settings that were not being applied to a vista machine I launched the Group Policy Management Console (gpmc) and when I went to view the Resultant Set Of Policy (RSOP) of a client machine and when I tried to view the default domain policy I received the message “An error occurred while generating report: An unknown error occurred while the HTML report was being created.” All other group policies appeared fine – it was just the default domain policy – arguably the most important one and not an easy one to restore. My first step was to use a DC that did not have the gpmc installed to use the native group policy tools within the Active Directory Users and Computers snapin. Fortunately this tool worked and I could see the settings…..lots of them.
As I knew the group policy did not seem to be corrupt I then went back into gpmc and attempted a backup of the group policies. All but the default domain policy backed up successfully.
The error message almost looked similar to issues when trying to view web pages on a server with the enhanced ie security enabled but it didn’t really make sense that it was only affecting one group policy.

After a few minutes of digging I found an entry on tek-tips (a site I don’t like to use due to the popups and nag screens) but in this case the answer worked. From Roadki11’s posting on tek-tips.com:-

Cause:
Seems to be something with importing IE security settings.

Solution:
Edit install.ins inside: {GUID of Policy}\user\MICROSOFT\IEAK

[Security Imports]
ImportSecZones=1

Set it back to “0”

Using gpmc I obtained the guid of the policy by right clicking the policy and choosing properties then I connected to c:\WINDOWS\SYSVOL\sysvol\domain\Policies\{guid}\user\Microsoft\ieak
First I made a backup and then edited install.ins, set ImportSecZones to 0 and was then able to edit the policy in gpmc.
Hopefully the background information and the instructions on how to connect to the correct file helps others.
Whilst you are in the gpmc make sure you go down to Group Policy Objects, right click, Backup All, select a location, enter the date and time stamp for the description and back those policies up. Document where the backups are stored so that if you need to restore them they are easily accessible – even on another computer.
I’ve now added the backup to our checkup and system documentation instructions so at a minimum we will have monthly backups of the group policies and a documented location for where this information is kept. In an ideal world, printing off the settings would also be a good way to document the information too.

Preparing Network Connections message at startup of SBS – solved.

Today of all days we’ve had two clients that have had their server reboot for a couple of valid reasons but after reboot the server just sat at “preparing network connections” screen and would not continue. We’re not sure right now what caused this issue but the solution was to reboot the server, press F8 and choose the Last Known Good to be able to get into the server.

Today has not been a good day for this to happen as some clients have been closed so they’ve not been around to let us in to look at the server on site but at the same time we don’t really want to wait until Monday to get access to the server, yet this is a holiday weekend.

For me, it’s been a long week . I’ve started work at 4am twice this week and was working at 1am until 2.30am last night so I doubt I’ll be staying up for NewYear – but I think I can make it until 7pm when I’ll be able to watch BigBen strike midnight.

Happy New Year everyone and I hope 2010 starts off better than 2009 finished!