Posts Tagged 'windows 7'

Active Directory Management Gateway Service (ADMGS) Errors and McAfee Anti-Virus Software

Published January 20, 2012 Active Directory , Active Directory Management Gateway Service , Microsoft Active Directory , PeopleProvision , Powershell , Windows 7 , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , , ,

I posted last month about an issue with the Active Directory Management Gateway Service (ADMGS) on Windows Server 2008. The ADMGS  (which runs as the Active Directory Web Services, ADWS, service) allows you to use the Active Directory module for Windows PowerShell to manage AD remotely in domains where there are no Server 2008 R2 domain controllers running.

I saw the following error messages when running the “import-module activedirectory” command in PowerShell.

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.

I was able to diagnose the ultimate cause based on my previous post but still was receiving errors even after mucking with NTFS directory permissions for temporary .NET files. I finally had the idea to check on anti-virus software to see if that was blocking the communication. Wallah! The domain controller had anti-virus software installed (in this case it was McAfee) and as soon as I adjusted the AV software configuration the AD connection was allowed. The log entries below help pinpoint the cause.

1/19/2012        5:22:05 PM        Blocked by Access Protection rule         NT AUTHORITY\SYSTEM        C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe        C:\Windows\TEMP\t0sggpq5.dll        Common Maximum Protection:Prevent creation of new executable files in the Windows folder        Action blocked : Create

1/19/2012        5:22:07 PM        Would be blocked by Access Protection rule  (rule is currently not enforced)         NT_DOMAIN\SRS-RMRES2-02$        System:Remote        C:\Windows\SYSVOL\domain\Policies\{1C9122E4-78CD-4001-A2E7-8BBCA348C893}\GPT.INI        Anti-virus Outbreak Control:Block read and write access to all shares        Action blocked : Read

So make sure to check your AV software if you have this kind of problem…it just might be the key to a solution!

Diagnose Active Directory Management Gateway Service (ADMGS) Errors

Published December 15, 2011 Active Directory , Active Directory Management Gateway Service , Microsoft Active Directory , PeopleProvision , Powershell , Windows 7 , Windows Server 2008 , Windows Server 2008 R2 Leave a Comment
Tags: , , , , , , ,

I recently worked on a Windows Server 2008 system with the Active Directory Management Gateway Service (ADMGS) installed. The ADMGS allows you to use the Active Directory module for Windows PowerShell to manage AD remotely in domains where there are no Server 2008 R2 domain controllers running.

The ADMGS service (which runs as the Active Directory Web Services, ADWS, service) worked fine for several months but decided to begin having problems recently. We saw the following error message when running the “import-module activedirectory” command in PowerShell

The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs.

Needing to troubleshoot the source of the issue, I messed with the IncludeExceptionDetailInFaults attribute in the C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config file. However, this proved to be a daunting task for a number of reasons so I moved on to another solution. (View an example of setting the IncludeExceptionDetailInFaults attribute.)

Finally, I located a post that helped break this open. Adding a couple of debug keys in the <AppSettings> section of the config file allowed me to log the ADMGS error on the server and diagnose the real source of the error.

<add key="DebugLevel" value="Info" />
<add key="DebugLogFile" value="C:\Windows\Debug\adws.log" />

Use the following valid string values (not numeric values) for the DebugLevel value.This will add diagnostic info into the debug log at the DebugLogFile path you specify.

  • 0 – No logging
  • 1 – Error (this logs critical errors only)
  • 2 – Warn (this logs warning events as well as error events) – Recommended value to use unless you need full tracing
  • 3 – Info (verbose)

Once I set up debugging and restarted the ADMGS service, I got to the bottom of the problem with the error below and I can now address the permissions issue that is causing connection problems with the “import-module activedirectory” PowerShell command.

ActiveDirectoryWebServices: [xx/xx/2011 6:14:15 PM] [3] Get: Unhandled Exception System.UnauthorizedAccessException: Access to the temp directory is denied. Identity 'YOUR_DOMAIN\YourAccount' under which XmlSerializer is running does not have sufficient permission to access the temp directory. CodeDom will use the user account the process is using to do the compilation, so if the user doesnt have access to system temp directory, you will not be able to compile. Use Path.GetTempPath() API to find out the temp directory location.

Microsoft Problem Steps Recorder for Windows 7

Published May 26, 2010 IIS , Microsoft , Uncategorized , Windows 7 , Windows Server 2008 Leave a Comment
Tags: , , , , , , , ,

If you are a Windows 7 or Windows Server 2008 user, this utility might be useful to you.  Problem steps recorder allows you record the activities leading up to a problem, then save that to a mht file that you can send to support.  If you have an error on an IIS application (yellow screen) then it will even copy all that information out as text and put it as part of the capture.  I like this utility because it’s easy for the user and useful for support…in fact I’m not only a fan, I’m a user of it!

http://technet.microsoft.com/en-us/windows/dd320286.aspx

http://blogs.technet.com/appv/archive/2010/04/12/document-sequencing-on-windows-7-with-the-problem-sequencing-steps-recorder.aspx

For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565

Free powershell cmdlets – Active Directory

Published March 12, 2010 Powershell , Tools Leave a Comment
Tags: , , , , , , , , , , , ,

PowershellPack is a free download with some additional Powershell cmdlets like TaskScheduler which is just what it sounds like, a cmdlet to list, create, or delete tasks which is extremely useful given all the additional functionality the task scheduler has in Windows 2008 and Windows 7.

Here is a list of the other cmdlets and the link to go download them.

http://code.msdn.microsoft.com/PowerShellPack

WPK
Create rich user interfaces quick and easily from Windows PowerShell. Think HTA, but easy. Over 600 scripts to help you build quick user interfaces

TaskScheduler
List scheduled tasks, create or delete tasks

FileSystem
Monitor files and folders, check for duplicate files, and check disk space

IsePack
Supercharge your scripting in the Integrated Scripting Environment with over 35 shortcuts

DotNet
Explore loaded types, find commands that can work with a type, and explore how you can use PowerShell, DotNet and COM together

PSImageTools
Convert, rotate, scale, and crop images and get image metadata

PSRSS
Harness the FeedStore from PowerShell

PSSystemTools
Get Operating System or Hardware Information

PSUserTools
Get the users on a system, check for elevation, and start-processaadministrator

PSCodeGen
Generates PowerShell scripts, C# code, and P/Invoke

For more information contact us at www.webactivedirectory.com, or call us at (+1) 800-747-3565

Windows 7 “GodMode”

Published January 4, 2010 Uncategorized Leave a Comment
Tags:

In case you haven’t already seen this, here’s a shameless link to CNET which describes this feature in a bit more detail.  It’s not so much a “GodMode” as it is a quick control panel link to all of the system’s control panels. 

Definitely something for you administrators who are implementing Windows 7, it would seem that you could copy this folder to a PC when you start working on it and be able to skip all the levels of control panel navigation you would normally need.  Or you could even copy this to user machines start menu via logon script, group policy, etc…it’s just a folder so the options are endless.

http://news.cnet.com/8301-13860_3-10423985-56.html

Windows 7 Tips and Tricks eBook

Published January 4, 2010 Uncategorized Leave a Comment
Tags:

Pretty good little ebook here on Windows 7 tips and tricks, it’s definitely worth a look and given that Windows 7 is much more likely to be adopted by businesses than Windows Vista it’s much more likely this knowledge will come in handy!

http://windowsvj.com/wpblog/2009/12/windowsvj-xclusive-release-windows-7-tips-tricks-ebook/

Slipstick Systems Outlook and Exchange Solutions Center
Utilities, how to's and other solutions for Microsoft Outlook and Microsoft Exchange users, administrators and developers

Share this blog

Facebook Twitter More...

Enter your email address to subscribe to WebActiveDirectory blog via email.

Join 33 other followers

Web Active Directory Products

Download PDF product data sheets: