Archive for the 'Microsoft' Category

Research In Motion Releases Integration with Microsoft Office 365 – BlackBerry Business Cloud Services

Published February 2, 2012 BlackBerry , Business Cloud Services , Cloud , Office 365 Leave a Comment
Tags: , , , , ,

Research In Motion (RIM) finally released its evolution of BlackBerry Enterprise Server (BES), BlackBerry Business Cloud Services (BCS), earlier this week on January 30, 2012. BCS provides mobile device service integration with the Microsoft Office 365 hosted Exchange Service and replaces much of the functionality formerly provided by BES. This is a good move forward for RIM and extends much-needed functionality to RIM’s business customers who rely upon services like integrating email, calendar, contacts and tasks to conduct business. Better yet, the service is free compared to the quite expensive cost of BES in the past and this is a positive step forward.

The only drawback I see with the current offering is the complete lack of support for small business and individual users of Office 365. The following excerpt from the press release announcing the new service availability explains this.

“The new service was made available for free for current medium-sized or enterprise subscribers of the Office 365 suite.”

So if you have an Office 365 Enterprise Plan and more than 25 employees then your organization can move ahead with BlackBerry Cloud Services. If you’re like us and lots of other small businesses, though, you will need to continue using a workaround through third-party ActiveSync providers or calendar notifications via text message. In the meantime, I’ve been eyeing some nice Android, iOS and Windows phones.

Active Directory Management Gateway Service (ADMGS) Errors and McAfee Anti-Virus Software

Published January 20, 2012 Active Directory , Active Directory Management Gateway Service , Microsoft Active Directory , PeopleProvision , Powershell , Windows 7 , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , , ,

I posted last month about an issue with the Active Directory Management Gateway Service (ADMGS) on Windows Server 2008. The ADMGS  (which runs as the Active Directory Web Services, ADWS, service) allows you to use the Active Directory module for Windows PowerShell to manage AD remotely in domains where there are no Server 2008 R2 domain controllers running.

I saw the following error messages when running the “import-module activedirectory” command in PowerShell.

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.

I was able to diagnose the ultimate cause based on my previous post but still was receiving errors even after mucking with NTFS directory permissions for temporary .NET files. I finally had the idea to check on anti-virus software to see if that was blocking the communication. Wallah! The domain controller had anti-virus software installed (in this case it was McAfee) and as soon as I adjusted the AV software configuration the AD connection was allowed. The log entries below help pinpoint the cause.

1/19/2012        5:22:05 PM        Blocked by Access Protection rule         NT AUTHORITY\SYSTEM        C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe        C:\Windows\TEMP\t0sggpq5.dll        Common Maximum Protection:Prevent creation of new executable files in the Windows folder        Action blocked : Create

1/19/2012        5:22:07 PM        Would be blocked by Access Protection rule  (rule is currently not enforced)         NT_DOMAIN\SRS-RMRES2-02$        System:Remote        C:\Windows\SYSVOL\domain\Policies\{1C9122E4-78CD-4001-A2E7-8BBCA348C893}\GPT.INI        Anti-virus Outbreak Control:Block read and write access to all shares        Action blocked : Read

So make sure to check your AV software if you have this kind of problem…it just might be the key to a solution!

Web Active Directory Releases Replacement for Microsoft IISADMPWD for Windows IIS7

Published January 6, 2012 Active Directory , Active Directory Password , IIS , IISADMPWD Replacement , Product Releases , Tools Leave a Comment
Tags: , , , , , , ,

We officially launched our Microsoft® IISADMPWD Replacement Tool today. Our simple solution addresses several issues with previous versions of IISADMPWD and allows you to delegate Windows password changes for web applications running on IIS 7 and later. At $599 USD, the new solution provides lots of value to allow users to self manage passwords for a small price. You can get more info about the solution at http://www.webactivedirectory.com/products/iisadmpwd/.

More Information

I have blogged about the need for an IISADMPWD replacement in the past and check out the articles below to learn more about why we built this solution for IIS 7.

BlackBerry Business Cloud Services for Microsoft Office 365

Published January 4, 2012 BlackBerry , Business Cloud Services , Cloud , Office 365 Leave a Comment
Tags: , , , ,

I have been tracking Research In Motion’s (RIM) slow progress toward a hosted service that will allow BlackBerry device integration with the Microsoft Office 365 Exchange hosting service. In late October, RIM announced the new Business Cloud Services product for Office 365 and I blogged about it shortly afterward.

General availability is still slated for this month, January 2012, and RIM now has a page dedicated to the new Business Cloud Services product. I will keep an eye for the final announcement of availability and update our blog with the announcement. Remember, though, if you’re a small business or professional Office 365 subscriber, the service will not be available for you; BlackBerry Business Cloud Services is initially available only for Office 365 Enterprise plan subscribers.

Diagnose Active Directory Management Gateway Service (ADMGS) Errors

Published December 15, 2011 Active Directory , Active Directory Management Gateway Service , Microsoft Active Directory , PeopleProvision , Powershell , Windows 7 , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , , ,

I recently worked on a Windows Server 2008 system with the Active Directory Management Gateway Service (ADMGS) installed. The ADMGS allows you to use the Active Directory module for Windows PowerShell to manage AD remotely in domains where there are no Server 2008 R2 domain controllers running.

The ADMGS service (which runs as the Active Directory Web Services, ADWS, service) worked fine for several months but decided to begin having problems recently. We saw the following error message when running the “import-module activedirectory” command in PowerShell

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.

Needing to troubleshoot the source of the issue, I messed with the IncludeExceptionDetailInFaults attribute in the C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config file. However, this proved to be a daunting task for a number of reasons so I moved on to another solution. (View an example of setting the IncludeExceptionDetailInFaults attribute.)

Finally, I located a post that helped break this open. Adding a couple of debug keys in the <AppSettings> section of the config file allowed me to log the ADMGS error on the server and diagnose the real source of the error.

<add key="DebugLevel" value="Info" />
<add key="DebugLogFile" value="C:\Windows\Debug\adws.log" />

Use the following valid string values (not numeric values) for the DebugLevel value.This will add diagnostic info into the debug log at the DebugLogFile path you specify.

  • 0 – No logging
  • 1 – Error (this logs critical errors only)
  • 2 – Warn (this logs warning events as well as error events) – Recommended value to use unless you need full tracing
  • 3 – Info (verbose)

Once I set up debugging and restarted the ADMGS service, I got to the bottom of the problem with the error below and I can now address the permissions issue that is causing connection problems with the “import-module activedirectory” PowerShell command.

ActiveDirectoryWebServices: [xx/xx/2011 6:14:15 PM] [3] Get: Unhandled Exception System.UnauthorizedAccessException: Access to the temp directory is denied. Identity 'YOUR_DOMAIN\YourAccount' under which XmlSerializer is running does not have sufficient permission to access the temp directory. CodeDom will use the user account the process is using to do the compilation, so if the user doesnt have access to system temp directory, you will not be able to compile. Use Path.GetTempPath() API to find out the temp directory location.

November Update on RIM, BlackBerry, BES and Microsoft Office 365

Published November 4, 2011 BlackBerry , Office 365 Comment
Tags: , , , , , , , ,

I wanted to post a quick update on RIM’s new BlackBerry Enterprise Service (BES) for hosted Exchange on Microsoft Office 365, officially called BlackBerry Business Cloud Services for Microsoft Office 365. In my October post, RIM announced the final release date for the service beginning in January 2012 along with a beta program that began in October.

I signed up for the beta program on October 4 and received a pleasant auto-response email. Since then, I’ve heard nothing but crickets and have been jonesing to see when the beta program will open up for non-Fortune 500 customers. Well, new information paints a bleak picture for small companies like ours as the RIM service will be free to subscribers of Microsoft’s Office 365 Midsized Businesses and Enterprises plan but not even available to Office 365 Professional and Small Business customers.

RIM’s own press release from October 25, 2011, verifies that small business and professionals using Office 365 will not have access to the new RIM BlackBerry Business Cloud Services for Office 365, at least at the initial turnup in January 2012. Perhaps a small business offering will come later but I have yet to see anything about that.

“Research In Motion (RIM) (NASDAQ: RIMM; TSX: RIM) today announced BlackBerry® Business Cloud Services for Microsoft Office 365 – a new RIM-hosted online service for midsized businesses and enterprises that extends Microsoft Exchange Online to BlackBerry® smartphones, and allows organizations to self-manage their BlackBerry deployments in the cloud. An open beta for the service is launching today in over 30 countries.”

I understand that RIM has its bread-and-butter market in the large enterprise. I also understand that RIM has proven it has no interest in small businesses like ours (or even large enterprises judging from the amount of lag between the Office 365 launch and the BlackBerry cloud service to replace BES) and we have chosen to move our services elsewhere. We cancelled our BlackBerry data service last week with our service provider and will be moving to an Android or iOS platform in February.

I will continue to keep folks up to date on this issue and it will be interesting to watch RIM continue to decline in influence as it ignores the customer service market and further alienates its customer base.

Edit 64-bit File with a 32-bit Editor on Windows 2008 64 or R2

Published October 31, 2011 Windows Explorer , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , ,

I worked recently on a project where I needed to make a change to an IIS 7.5 configuration file on Windows Server 2008 R2. While trying to edit the file, I kept getting an error message trying to use my default text editor, TextPad.

C:\Windows\System32\inetsrv\config\administration.config was not found.
File Not Found

File Not Found

I also noticed that Windows Explorer rendered the files on the file system with some strange lock icons I don’t recall seeing before.

Strange File Lock Icons

Strange File Lock Icons

After several attempts to open the files for editing in TextPad, I began searching the interwebs looking for an answer and stumbled across a post that helped me break through. Rick Strahl mentions an issue using a 32-bit application to edit certain files in the System32 folder.

Since all Server 2008 R2 flavors run as a 64-bit OS, I decided to try using the native Notepad installation instead of my 32-bit TextPad editor. Wallah! The file opened just fine and I was able to make my changes and move along once I got past the annoyances of Notepad…but I digress. ;-)

So remember that if you see a strange lock icon or you try to use a 32-bit editor to open files on a 64-bit platform, things may not work out. Try opening the file in Notepad to see if that will work to get you by while you get a 64-bit editor installed.

Custom HTTP Error Handling in IIS 7

Published October 28, 2011 Development , IIS Leave a Comment
Tags: , , , ,

Sometimes you need very precise control over the HTTP error responses returned by IIS 7. IIS 7 provides methods to hook into the response stream in the integrated pipeline and many IIS 7 settings are actually contained in configuration files like Web.config and machine.config.

If you have custom text you want to return for an HTTP status code then don’t forget about the existingResponse attribute of the httpErrors element. This attribute tells the custom error module what to do when the response text is not blank. You can choose to replace the custom text (existingResponse=”Replace”), pass the text through (existingResponse=”PassThrough”) or automatically decide the right thing to do (existingResponse=”Auto”).

The following Web.config snippet for an IIS 7 web application shows how to pass through text from a custom error module running in the web application in response to HTTP 401.1 errors.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <httpErrors errorMode="Custom" existingResponse="PassThrough">
            <remove statusCode="401" subStatusCode="1" />
        </httpErrors>
    </system.webServer>
</configuration>

Addressing the PowerShell Script Error for AuthorizationManager check failed

Published October 21, 2011 Powershell , Windows Server 2008 , Windows Server 2008 R2 , Security Comment
Tags: , , , , , , , ,

I was recently working in a client environment and running a PowerShell script that calls a bunch of other scripts on the file system using the dot sourcing technique. The scripts run fine in a number of other customer environments as well as our test environment but I kept seeing an “AuthorizationManager check failed” when several scripts were called from the main script.

I messed around with permissions for while and then drank a few beers to see if things with PowerShell were now better. The PowerShell wasn’t better but I felt okay with the addition of the beers. I still needed to find a solution, though, and decided to approach this fresh after a few days (and possibly more beers!).

With a fresh approach, I found a simple post that sprung the entire solution for me. I had used Internet Explorer (I know, I know…I was on a Windows Server 2008 R2 box in a customer environment…not much choice there) to pull down a few PowerShell files over HTTP from our website. Guess which files I pulled down using IE. Yep! You betcha…the very script files that all failed when the AuthorizationManager calls ran! Needless to say, you should unblock PowerShell script files downloaded using IE, even if they’re from your own web site!

The key is to unblock files that you’ve downloaded so PowerShell will run them!

Check out the screen shot below to make the simple unblock from the PowerShell script file properties. Just right-click the file and choose Properties from the context menu.

Windows File Properties - Unblock File

Windows File Properties - Unblock File

Active Directory Attributes for Remote Desktop Services

Published October 5, 2011 Microsoft Active Directory , Windows Server 2008 , Active Directory , .NET , Windows Server 2008 R2 , Remote Desktop Services Leave a Comment
Tags: , , , , , ,

We are working with a customer who needs to set some values for the Remote Desktop Services (RDS) Profile (formerly Terminal Services) attributes in Active Directory. Even after working with AD and programming for it for more than 10 years, I’ve never had the need to access these attributes until now. Easy enough, right? We’ll just look up the attributes in the AD schema and be off and running.

Alas, it’s not that easy to set the Remote Desktop Services Profile attribute values in AD. All RDS parameters are stored in a BLOB (binary large object) in the Active Directory userParameters attribute. If you want to interact with this value directly through LDAP, you must decode and encode the attribute value to access the individual BLOB members that represent the values for the RDS Profile attributes. The encoding algorithm is a bit strange, though, and poorly documented. I found a fairly clear and precise reference for the BLOB encoding algorithm (ironically, for use by a Linux admin) and you can give it a try but there is a better option to interact with RDS profile attribute values if you have access to the COM API.

An article by Alejandro Campos Magencio does a nice job of spelling out the technical details needed to properly implement reading and writing RDS Profile attributes in AD. Microsoft added AD schema extensions in Server 2008 to support this need with the msTSProfilePath, msTSHomeDrive and msTSHomeDirectory attributes. At this point, though, these attributes aren’t being used and you still must rely upon the userParameters BLOB. The Tsuserex.dll library provides an ADSI (Active Directory Service Interfaces) extension that allows you to work with RDS profile values through the IADsTSUserEx interface. The interface implements properties including TerminalServicesHomeDirectory, TerminalServicesHomeDrive and TerminalServicesProfilePath that allow you to read and modify RSD profile values in the userParameters BLOB.

This should help you get started with an implementation. I will explore this subject more in a later post and provide some PowerShell and C# code to help illustrate how to read and write RDS profile attributes in AD.

Next Page »

Slipstick Systems Outlook and Exchange Solutions Center
Utilities, how to's and other solutions for Microsoft Outlook and Microsoft Exchange users, administrators and developers

Share this blog

Facebook Twitter More...

Enter your email address to subscribe to WebActiveDirectory blog via email.

Join 243 other followers

Web Active Directory Products

Download PDF product data sheets:
Follow

Get every new post delivered to your Inbox.

Join 243 other followers