Manual Print Server Migration

Steps to perform on Old/Current Server

Ø  Create a Backup folder to some location which can be accessed from new print server.

Ø  Backup ‘Drivers’ and ‘Prtprocs’ folder from spool folder to Backup Folder. //This will backup all Print drivers and Print Processors

Ø  Export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print to Backup folder.  //This will backup complete print configuration registry

Steps to perform on a New Print Server

Ø  Copy ‘Drivers’ and ‘Prtprocs’ from backup folder to Spool folder on a new Print Server.

Ø  Take backup and delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print on a new Print Server. Restart Print spooler. This will remove all existing print drivers, printers, print monitors, ports and print processor from new print server.

OR

Run Cleanspl utility to clear spooler //download from http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

Ø  Double click on the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print exported from old server to import on the new server.

Ø  Restart Spooler service and you will be able to see all print queues on a new server.

Batch to change OBJECTGUID to NULL (save below query to a text file as *.bat) //so that there is no reference to Old server

reg query HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers /v ObjectGUID /s | findstr "HKEY_LOCAL_MACHINE" > OG.TXT

for /F "delims=" %%a IN (OG.TXT) do reg add "%%a" /v objectGUID /t REG_SZ /d "" /f

Restart spooler.

File copy fails with the error “Insufficient System Resources”

Ø Apply KB 312362 http://support.microsoft.com/kb/312362

Ø Configure the below keys to maximize server resources. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters subkey, configure the following entries:
• Name: MaxWorkItems Data Type: REG_DWORD Value data: 8196 (decimal)
• Name: MaxMpxCt Data Type: REG_DWORD Value data: 2048 (decimal)
• Name: MaxRawWorkItems Data Type: REG_DWORD Value data: 512 (decimal)
• Name: MaxFreeConnections Data Type: REG_DWORD Value data: 100 (decimal)
• Name: MinFreeConnections Data Type: REG_DWORD Value data: 32 (decimal)

In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters subkey, configure the following entry:
• Name: MaxCmds Data Type: REG_DWORD Value data: 2048 (decimal)

By default, your registry does not have a Configuration Manager subkey. To create the key, locate and then right-click the following subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager Point to New , and then click Key . Type Configuration Manager , and then press ENTER. In the new HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager subkey, configure the following entry:
• Name: RegistryLazyFlushInterval Data Type: REG_DWORD Value data: 60 (decimal)

 =============================
Reason for adding or modifying above keys
==============================
<http://support.microsoft.com/?id=312362>
By default, the Memory Manager tries to trim allocated paged pool memory when the system reaches 80 percent of the total paged pool. Depending on the system configuration, a possible maximum paged pool memory on a computer can be 343MB and 80 percent of this number is 274MB

By tuning the Memory Manager to start the trimming process earlier (for example, when it reaches 60 percent), it would be possible to keep up with the paged pool demand during sudden peak usage, and avoid running out of paged pool memory.

This problem can occur because the functions used by all of the copy utilities use buffered input/output (I/O) to transfer data from the source file to the destination file. Whenever buffered I/O is performed on a file, there is a paged pool memory overhead requirement that is proportional to the size of the file. Because paged pool memory is a limited resource, there is an upper limit on the size of file that can be copied.

Since all of the paged pool that is required to buffer an entire file is allocated when the first read or write procedure is performed on the file, the file copy operation fails immediately, instead of half way through the operation.


Regarding PAE

The CopyFileEx and CopyFile functions are used by all of the standard file-copy utilities. Because these functions use buffered I/O, the maximum size of a file that you can copy depends on the amount of paged-pool memory that is available at the start of the copy procedure and whether the Physical Address Extensions (PAE) kernel which allows access to memory above 4 gigabytes [GB] is in use. With the standard kernel, 1 kilobyte (KB) of paged pool is required for each megabyte (MB) of file size that is opened for buffered I/O. Because there are two files involved in a copy procedure, 2 KB of paged pool are required for each MB in the source file.

When the PAE kernel is used, the overhead is doubled and 4 KB of paged pool is required for each MB in the source file.

The procedure entry point LogonUserExA could not be located in the dynamic link library ADVAPI32.dll

Hi,

This is my first blog ever! I am a Support Engineer at Microsoft for three years now. Living my dream - to work with Microsoft!.

You can read more about me - check my profile. To the point now!

ISSUE: 
On a windows Server 2000 Service Pack 4 when you start an application you get the error message:
"The procedure entry point LogonUserExA could not be located in the dynamic link library ADVAPI32.dll" click on OK and the application loads but certain services might fail to start with "Error 1053: The service did not respond to the start or control request in a timely fashion" error message when you start or stop or pause a managed Windows service.

How do we resovle this?
The tool we could use is Process Monitor available at http://www.microsoft.com and go through the values to analyse what happens at the point when we get the error message! Sounds boring and cumbersome... Let me share what i found but first the disclaimer :)

Guidance on page file size X64 and X32 machines Windows 2003 servers

There seems to be a little confusion on the page file sizing on X64 machines and X32 machines as well. Lots of kb articles have been written; am trying to simplify it in this post.

On 32 bit machines it is easier to determine the size of the paging file because we generally do not come across machines with huge RAM on it.

There is no hard and a fast rule for a particular size of paging file. It depends on scenario to scenario.

Page files have two primary roles

A) As a page file to allow virtual memory to provide support along with the Physical RAM on the machine and potentially allow the server to perform better

B) For use in generating crash dumps for problem investigation when required.

Size required for  scenario A can be argued about, and even whether one is necessary at all, but in general a page file, or page files, of several GB up to or larger than RAM size can be used. And for best performance an additional dedicated page file drive could be used.

Size required for scenario B is usually the key factor and relates to the page file on the boot (i.e. Windows) drive, which may have some space constraints of its own.

Let us take the scenario B into consideration; as this is where we need the guidance most of the times.

First we need to determine whether we need a complete dump or a kernel only dump. Most of the cases a kernel only dump would suffice.

For most crashes; i.e. blue screens of death a kernel only dump would give sufficient information; but there are times when we would need a complete dump of the system to investigate the problem.

32 bit machines:-

===============

1. A kernel only dump would be always <= 2GB due to the 32 bit virtual address space limitation. So a page file of around 2 GB+100 MB should be fine.

2. A kernel only dump with a /3GB switch would always be <= 1GB due to the fact that we are giving the kernel only 1 GB of virtual address space. So a page file of around 1 GB +100 MB should be fine.

3. A Kernel only dump with RAM over 4 GB and PAE switch would always be again <= 2GB due to the virtual address space limitations. So a page file of around 2 GB+100 MB should be fine.

4. A complete dump will require a page file of the size of the Physical RAM +100Mb.

64 bit machines:-

================

64 bit machines are where we generally ponder over the size. On a 64 bit machine the Virtual address space is quite large.

Let us have a look at the below table for the address space layouts

Looking at the above the kernel on X64 Machines could go potentially to the size of the Physical RAM. Most of the machines we have seen are with 64 GB RAM on it .i.e. the high end machines. For ex  a bad driver  leaking Non paged Pool memory on a machine with 64 GB RAM could potentially take up the whole of the Physical RAM as we can see from the table that the mapping capability of the NPP is 128 GB on X64 machines. From the past experience we see the below

1. A kernel only dump on midrange machines would grow up 4 GB. So a paging file of the size of around 4GB +100 Mb is fine

2. A kernel only dump on a high end machine would grow up to 16 GB. So a paging file of the size around 16 GB +100 Mb is fine.

3. A complete dump requires the size of the Physical RAM +100 Mb.

For getting a near exact figure of the page file we would recommend you to monitor the Memory usage on the system using the perfmon ; which will give you a very good idea .

4. Also please note dumping out boxes with huge amounts of RAM would cause significant down time before it can reboot and come back. A 16 GB dump may take around 40 minutes approximately.  

1. For a dump creation it is MANDATORY for the page file to be on the Windows Drive. (C:)

2. You can re direct the dump to another drive to save space on your system drive. It is not MANDATORY that the dump should be saved on the C drive.

3. For a complete dump option in the GUI you will have to edit the following registry key

Change the value from 0x2 to 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl

Value Name: CrashDumpEnabled

Data Type:  REG_DWORD

Value: 1

4. On Windows 2008 and Vista the page file used for creating dumps has changed .

Print Spooler Crash Troubleshooting Steps

Overview of Print Spooler Component

Print Processor

The print processor tells the spooler to alter a job according to the document data type. It works together with the printer driver to move the spooled print jobs from the hard disk drive to the printer.

 

Print Monitor

The print monitors are the name of any component that processes the print job after it has spooled and are responsible for directing the output to the print device. Print monitors can be divided into two classes:

 

·         Language monitors

·         Port monitors

 

Language monitors are typically used only for bi-directional printers. A bi-directional printer

Supports two-way communication to answer status, and configurations questions sent to it. A

        Bi-directional printer can also give unsolicited status information about the job being printed,

and error conditions such as paper out.

 

      Port monitors consist of user-mode DLLs. They are responsible for providing a     communications    path between the user-mode print spooler and the kernel-mode port drivers that access I/O port hardware.

 

Print Spooler crash happens most of the time due to third party print processor and print monitor. We can set printers to use default print processor and monitor by machine changes in the registry called as Print hive cleaning

 

Note that all of the changes described in this section will take effect when the Print Spooler service is restarted.

 

Confirm the default Local Print Provider

1) Use Regedit to locate the Print key in the Registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

2) Click to highlight the Print key in Regedit and export the key as a .reg file for backup purposes (File > Export).

3) Locate the Local Port Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\Local Port

4) Confirm that the Driver value in the Local Port Registry key is set to Localspl.dll. If it is not, double-click the Driver value to edit the Data String and set it to Localspl.dll.

 

Remove 3rd Party Port and Language Monitors

1) Note any 3rd-party Monitors that are listed in the Monitors Registry key for future reference:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors

The default Monitors are:

==========================

AppleTalk Printing Devices

BJ Language Monitor

Local Port

LPR Port

PJL Language Monitor

Standard TCP/IP Port

USB Monitor

Windows NT Fax Monitor

==========================

Note: Not all of the above default Port Monitors will be present in all cases. You may also see the Microsoft Office Document Imaging Monitor which is installed by MS Office.

The 2 types of monitors that may be listed here are Port Monitors and/or Language Monitors. As a general rule, Language Monitors will not have any printer ports defined in the Ports subkey and may be removed without causing a problem. Port Monitors such as HP Standard TCP/IP, however, may have active printers using this port type. If a 3rd-party Port Monitor is in use, with printers defined in the Ports subkey under the Port Monitor, you will need to convert the port(s) to a Standard TCP/IP Port (Standard Port Monitor).

2) To convert the printer ports from the 3rd-party Port Monitor to Standard TCP/IP Port Monitor, perform the following steps:

Convert 3rd Party Ports to Standard TCP/IP Ports

1) Open the Printers and Faxes folder.

2) Right-click the printer that was identified as using the 3rd-party Port Monitor and select Properties.

3) In the Properties for the printer, click the Ports tab.

4) On the Ports tab, click the Add Port button.

5) In the Printer Ports dialog, select Standard TCP/IP and click the New Port button to start the Add Standard TCP/IP Printer Port Wizard.

6) Click Next when the Add Standard TCP/IP Printer Port Wizard starts to specify the printer that will be using this new port.

7) Enter the Printer Name or IP Address for the printer that will be using this new port and click Next.

Note: The wizard automatically fills in the port name for you in the Port Name box. You can either accept this name or type the name that you want to use, and then click Next. Standard Port Monitor then sends a query to the print device. Based on the SNMP values that are returned, the device details are determined and the appropriate device options are displayed. If the print device cannot be identified, you must supply additional information about it.

8) If the Additional Port Information Required page is displayed, perform one of the following tasks under Device Type:

Click Standard, click the appropriate device in the list, and then click Next.

-or-

Click Custom, click Settings, specify the protocol settings (RAW or LPR) and the SNMP status settings that you want to use, click OK, and then click Next.

10) If the wizard prompts you for the print server protocol, specify the protocol that you want to use, either RAW or LPR.

11) If the wizard prompts you to select a port, specify the port that you want to use in the Device Port box, and then click Next.

12) Click Finish, and then click Close. On the Ports tab in the Properties for the printer, you should see that the printer is now set to use the new Standard TCP/IP Port that you just created. The new Standard TCP/IP port is also displayed in the Ports on this server list on the Ports tab in the Print Server Properties (File > Server Properties from within the Printers folder)

13) You can then delete the 3rd-party port from the Ports tab within the Print Server Properties.

14) Repeat these steps for all printers that are using a 3rd-party Port Monitor.

After moving all printers to the Standard TCP/IP Port Monitor, we can delete the 3rd-party Port Monitor's Registry key under the Monitors key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors

Remove All Other 3rd party Monitors

For any other 3rd party Monitors that are identified under the Monitors key and are confirmed to NOT have any printer ports listed under the Ports subkey for the Monitor, we will need to perform the following 2 steps

·         Identify printers configured to use the 3rd party Monitor.

·         Delete the reference to the Monitor for that printer.

·         Delete the Registry key for the 3rd party Monitor.

Note: The Client Printer Port is the Citrix Metaframe Monitor used for autocreated client printers in Terminal Server sessions. Do not remove this Monitor unless it is confirmed to be related to the problem:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\Client Printer Port

Driver REG_SZ cpmmon.dll

==========================

See the following article before removing Lexmark Monitors:

155516 How to Remove the Lexmark MarkVision Monitor

http://support.microsoft.com/?id=155516

1) Note the name of the 3rd-party Monitor that is being removed. We will use this name to search the Print Registry key for references to this Monitor.

Assume, for example, that the HP Master Monitor is installed:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Monitors\HP Master Monitor

EOJTimeout REG_DWORD 0xea60

Driver REG_SZ HPBMMON.DLL

==========================

2) In Regedit, click to highlight the Print key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

3) Press F3, or click the Edit menu and select Find.

4) In the Find What field, type the name of the 3rd-party Monitor that is being removed, HP Master Monitor in this example, and click Find Next. Identify printers that are configured to use the Monitor that we are removing, for example:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\HP Color LaserJet 2500 PCL 6

Configuration File REG_SZ HPBF342E.DLL

Data File REG_SZ HPBF342I.PMD

Driver REG_SZ HPBF342G.DLL

Help File REG_SZ HPBF342E.HLP

Monitor REG_SZ HP Master Monitor

==========================

5) Double-click the Monitor value to delete the 3rd party Monitor data string. In this example, delete the "HP Master Monitor" value. The Monitor value will be left with a blank data string, as follows:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers\Version-3\HP Color LaserJet 2500 PCL 6

Configuration File REG_SZ HPBF342E.DLL

Data File REG_SZ HPBF342I.PMD

Driver REG_SZ HPBF342G.DLL

Help File REG_SZ HPBF342E.HLP

Monitor REG_SZ

==========================

6) Repeat the steps above for all 3rd-party Monitors.

7) Stop and restart the Print Spooler service for the changes take effect.

Net stop spooler

Net start spooler

Note: In most cases, removing the 3rd party Monitors will not affect normal printing. If new problems are seen after removing the 3rd party Monitors, we can restore the backed up Print Registry key to restore the original configuration..

You can then perform the steps above again in smaller steps, stopping and starting the Print Spooler service more frequently, to determine if a specific component is required. If so, skip the removal of this component and continue removing the other 3rd-party items.

Note: If the problem is easily reproducible, you may also individually remove the 3rd-party Monitors to try to narrow the problem down to a particular Monitor. This procedure will take more time and may require restarting the Print Spooler service multiple times.

Remove 3rd-party Print Providers

Remove 3rd party Print Providers by deleting the 3rd-party providers in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers

The default Print Providers are:

Internet Print Provider

Lanman Print Services

The Client Printer Provider is the Citrix Metaframe provider used for autocreated client printers in Terminal Server sessions. Do not remove this Provider unless it is confirmed to be related to the problem:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Providers\Client Printer

Name REG_SZ C:\Program Files\Citrix\system32\cdmprov.dll

DisplayName REG_SZ Client Printer

==========================

2) Stop and restart the Print Spooler service for the changes take effect.

Net stop spooler

Net start spooler

Remove 3rd Party Print Processors

Perform the following steps to confirm that all printers are configured to use the WinprintPrint Processor.

·         Identify printers that are configured to use a 3rd party Print Processor.

·         Change the 3rd party Print Processor to Winprint.

·         Delete the Registry key for the 3rd party Print Processor.

1) Note the name of the installed Print Processors under the following Registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors

The default Print Processor is Winprint:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\winprint

Driver REG_SZ localspl.dll

==========================

Assume, for example, that the HPPRN05 is installed:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\HPPRN05

Driver REG_SZ HPPRN05.DLL

==========================

2) In Regedit, click to highlight the Print key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print

3) Press F3, or click the Edit menu and select Find.

4) In the Find What field, type Print Processor and click Find Next. Identify the Print Processor being used for each printer:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\Client1

ChangeID REG_DWORD 0x1b9fa8c9

Status REG_DWORD 0x180

Name REG_SZ Client\XPWS

Share Name REG_SZ

Print Processor REG_SZ HPPRN05

==========================

5) Double-click the Print Processor value to change the 3rd party processor data string to Winprint:

==========================

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Print\Printers\Client1

ChangeID REG_DWORD 0x1b9fa8c9

Status REG_DWORD 0x180

Name REG_SZ Client\XPWS

Share Name REG_SZ

Print Processor REG_SZ WinPrint

==========================

6) Repeat the steps above for all 3rd-party Print Processors.

7) Stop and restart the Print Spooler service for the changes to take effect.

Net stop spooler

Net start spooler

Note: In most cases, changing the print processor to Winprint will not affect normal printing. If new problems are seen after changing the print processor,  we can restore the backed up Print Registry key and restart the Print Spooler service to restore the original configuration.

You can then perform the steps above again in smaller steps, stopping and starting the Print Spooler service more frequently, to determine if a specific component is required. If so, skip the removal of this component and continue removing the other 3rd party items.

Additional steps to be done

1) Check the Spool folder to see if there are any old files in the folder. When printing is working properly, the files in the Spool folder are deleted as the jobs are printed. The default Spool folder is:

systemroot\System32\Spool\Printers

The Spool folder location can be confirmed by checking the DefaultSpoolDirectory Registry value in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers

Move any old files that are in the Spool folder to see if the problem still occurs. Corrupt files in the Spool folder can cause Print Spooler service problems. You may need to stop the Print Spooler service to move the files from the Spool folder.

2) The Print Spooler service is, by default, dependent only upon the Remote Procedure Call (RPC) service, RPCSS. To confirm the Spooler dependencies, check the DependOnService value in the following Registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler

Confirm that the dependent services are started. If there are any other dependent services listed, in addition to RPCSS, edit the DependOnService Registry value to remove all dependencies except RPCSS.

3) Configure the installed antivirus application to exclude scanning the Spool folder. There can be contention between the antivirus application and the Print Spooler service that may cause intermittent printing problems.

 

If still issue persists we need to collect ADPlus crash dump of print spooler service. ADPlus is a tool that will allow us to get a memory dump from a process that is giving you problems. 

To get this tool, please install the “Debugging Tools for Windows" from http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Once these tools are installed, do the following:

1. Create a directory called c:\adplus

2. Open a command prompt and change to the directory where you installed the debugging tools.  By default, this is c:\Program Files\Debugging Tools for Windows

3. Type the following: "cscript adplus.vbs -hang -pn <mmc.exe> -o c:\adplus”

4. Do not interfere with the windows that is opened, just let it run minimized.
5. You will not be able to log off the system while you are monitoring.
6. When the crash occurs, please zip and send me the contents of the c:\adplus directory.

For more information please see refer to this Knowledge Base article: 286350 HOWTO: Use Autodump+ to Troubleshoot "Hangs" and "Crashes" http://support.microsoft.com/?id=286350

After collecting the dump please contact Microsoft for the analysis.

"Windows Update failing" Torubleshooting Steps

1)  Windows update can fail due to many reasons.But as an initial troubleshooting step we can run script givenbelow.

The following script will re-register windows update dlls and recreate software distribution & catroot folder.

To run the script please copy the highlighted content and save it as wu.bat.

regsvr32 comcat.dll /s

regsvr32 shdoc401.dll /s

regsvr32 shdoc401.dll /i /s

regsvr32 asctrls.ocx /s

regsvr32 oleaut32.dll /s

regsvr32 shdocvw.dll /I /s

regsvr32 shdocvw.dll /s

regsvr32 browseui.dll /s

regsvr32 browseui.dll /I /s

regsvr32 msrating.dll /s

regsvr32 mlang.dll /s

regsvr32 hlink.dll /s

regsvr32 mshtmled.dll /s

regsvr32 urlmon.dll /s

regsvr32 plugin.ocx /s

regsvr32 sendmail.dll /s

regsvr32 scrobj.dll /s

regsvr32 mmefxe.ocx /s

regsvr32 corpol.dll /s

regsvr32 jscript.dll /s

regsvr32 msxml.dll /s

regsvr32 imgutil.dll /s

regsvr32 thumbvw.dll /s

regsvr32 cryptext.dll /s

regsvr32 rsabase.dll /s

regsvr32 inseng.dll /s

regsvr32 iesetup.dll /i /s

regsvr32 cryptdlg.dll /s

regsvr32 actxprxy.dll /s

regsvr32 dispex.dll /s

regsvr32 occache.dll /s

regsvr32 occache.dll /i /s

regsvr32 iepeers.dll /s

regsvr32 urlmon.dll /i /s

regsvr32 cdfview.dll /s

regsvr32 webcheck.dll /s

regsvr32 mobsync.dll /s

regsvr32 pngfilt.dll /s

regsvr32 licmgr10.dll /s

regsvr32 icmfilter.dll /s

regsvr32 hhctrl.ocx /s

regsvr32 inetcfg.dll /s

regsvr32 tdc.ocx /s

regsvr32 MSR2C.DLL /s

regsvr32 msident.dll /s

regsvr32 msieftp.dll /s

regsvr32 xmsconf.ocx /s

regsvr32 ils.dll /s

regsvr32 msoeacct.dll /s

regsvr32 inetcomm.dll /s

regsvr32 msdxm.ocx /s

regsvr32 dxmasf.dll /s

regsvr32 l3codecx.ax /s

regsvr32 acelpdec.ax /s

regsvr32 mpg4ds32.ax /s

regsvr32 voxmsdec.ax /s

regsvr32 danim.dll /s

regsvr32 Daxctle.ocx /s

regsvr32 lmrt.dll /s

regsvr32 datime.dll /s

regsvr32 dxtrans.dll /s

regsvr32 dxtmsft.dll /s

regsvr32 WEBPOST.DLL /s

regsvr32 WPWIZDLL.DLL /s

regsvr32 POSTWPP.DLL /s

regsvr32 CRSWPP.DLL /s

regsvr32 FTPWPP.DLL /s

regsvr32 FPWPP.DLL /s

regsvr32 WUAPI.DLL /s

regsvr32 WUAUENG.DLL /s

regsvr32 ATL.DLL /s

regsvr32 WUCLTUI.DLL /s

regsvr32 WUPS.DLL /s

regsvr32 WUWEB.DLL /s

regsvr32 wshom.ocx /s

regsvr32 wshext.dll /s

regsvr32 vbscript.dll /s

regsvr32 scrrun.dll mstinit.exe /setup /s

regsvr32 msnsspc.dll /SspcCreateSspiReg /s

regsvr32 msapsspc.dll /SspcCreateSspiReg /s

regsvr32 /s urlmon.dll

regsvr32 /s mshtml.dll

regsvr32 /s shdocvw.dll

regsvr32 /s browseui.dll

regsvr32 /s jscript.dll

regsvr32 /s vbscript.dll

regsvr32 /s scrrun.dll

regsvr32 /s msxml.dll

regsvr32 /s actxprxy.dll

regsvr32 /s softpub.dll

regsvr32 /s wintrust.dll

regsvr32 /s dssenh.dll

regsvr32 /s rsaenh.dll

regsvr32 /s gpkcsp.dll

regsvr32 /s sccbase.dll

regsvr32 /s slbcsp.dll

regsvr32 /s cryptdlg.dll

regsvr32 /s schannel.dll

regsvr32 /s oleaut32.dll

regsvr32 /s ole32.dll

regsvr32 /s shell32.dll

regsvr32 /s initpki.dll

regsvr32 /s msscript.ocx

regsvr32 /s dispex.dll

regsvr32 jscript.dll /s

del %temp% /Q /F

del c:\wutemp /Q /F

net stop wuauserv

ren %windir%\system32\catroot2 catroot2.old

cd /d %windir%\SoftwareDistribution

rd /s DataStore /Q

regsvr32 wuapi.dll /s

regsvr32 wups.dll /s

regsvr32 wuaueng.dll /s

regsvr32 wucltui.dll /s

regsvr32 wuweb.dll /s

regsvr32 msxml.dll /s

regsvr32 msxml2.dll /s

regsvr32 msxml3.dll /s

regsvr32 urlmon.dll /s

net start wuauserv

2)      Check if WU is working fine. If not then follow next steps

3)      Clean boot the computer

a.Start-Run-Msconfig
b.  Click "Hide all microsoft services"
c. Click "Disable All"
d. Click Apply/OK and restart

4)              Install latest Windows Update agent

http://technet.microsoft.com/en-us/library/bb932139.aspx

5)      Below two articles contain common steps which can be followed in WU issue.

http://support.microsoft.com/?id=910337

http://support.microsoft.com/?id=836941

But it’s always a good practice to look for the errors in windows update log  and then troubleshoot it.

6)      To open windowsupdate.log click on Startà Runà type “windowsupdate.log”

7)      To find the error search the log (from bottom)with key word like ERROR,

Eg

2008-06-13          11:08:35:022       1068       d58         AU            # WARNING: Search callback failed, result = 0x80244018

2008-06-13          11:08:35:022       1068       d58         AU            # WARNING: Failed to find updates with error code 80244018

Or

2008-06-13          11:14:11:739       1068       cfc          Service **  END  **  Service: Service exit [Exit code = 0x240001]

Search error code on http://support.microsoft.com and follow the article related to the error to fix the issue.

Hope this will help to troubleshoot WU issues J

Services not starting after installing service pack on Windows 2003 server

      1)      Disable all third party services and startup items using msconfig.exe.

2)      Restart the machine.

3)      Open services console (Start à run à services.msc)

4)      Check the status of The Remote Procedure Call (RPC) service (rpcss.exe).

5)      If RPC service is running in Network Service account then change the login account LocalSystem

6)      Following are the two ways to change the login account:

a.       Go to properties of the RPC service and click on Logon.

Select Local System account.

b.      Open registry editor(Start à run à regedit)

Go to registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Value name: ObjectName

Type: REG_SZ

Value data: NT AUTHORITY\NetworkService

Change value of “Value data” to LocalSystem

c.       Reboot the machine.

7)      If all the services started after changing the account then issue could be due to Impersonation rights .  

8)      Open dsa .msc and give account permission impersonation policies under

Computer Configuration- LocalPolicy- Security for the following accounts

-Administrators

-IIS-WPG

-Network service

-Local Service

9)      Change the logon account of RPC service

Open registry editor(Start à run à regedit)

Go to registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs

Value name: ObjectName

Type: REG_SZ

Value data: LocalSystem

Change value of “Value data” to NT AUTHORITY\NetworkService

Reboot the machine.

"COM+ Event System and MSDTC service not starting" Trouboulshooting steps

1. In Control Panel, stop all services, and change the Startup Type to "manual" <except> for the following:

            -           Alerter

            -           COM+ Event System

            -           Computer Browser

            -           Distributed File System

            -           Distributed Link Tracking Client

            -           Distributed Link Tracking Server

            -           DNS Client

            -           Event Log

            -           IPSEC Policy Agent

            -           License Logging Service

            -           Logical Disk Manager

            -           Messenger

            -           Net Logon                                                                                                                                                 

            -           NT LM Security Support Provider

            -           Network Connectors

            -           Plug and Play

            -           Remote Procedure Call (RPC)

            -           Remote Procedure Call (RPC) Locator

            -           Removable Storage

            -           Security Accounts Manager

            -           Server

            -           System Event Notification

            -           Task Scheduler

            -           TCP/IP NetBIOS Helper Services

            -           Windows Management Instrumentation

            -           Windows Management Instrumentation Driver Extensions

            -           Windows Time

            -           Workstation

2. Close Control Panel, and restart your computer.

3. At the command prompt, type the following command:

            "msdtc -uninstall" (without the quotation marks)

4. In the registry, remove the following keys if they exist:

                        HKEY_CLASSES_ROOT\CID

                        HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC

                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC

                        HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC

                        HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC

5. At the command prompt, type the following command:

            "msdtc -install" (without the quotation marks)

6. Check Event Viewer for the following message:

                        Event Source: MSDTC

                        Event ID: 4104

                        Description: The Microsoft Distributed Transaction Coordinator service was successfully installed..

7. Restore the Startup Type of the services to their original values,  and then restart your computer.

8. At a  command prompt, type the following command: "msdtc -resetlog" (without the quotation marks)

9.  Start > Run > Regsvr32 es.dll –u

10. Open registry and delete the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem] key and all its subkeys

11.  Close regedit

12. Reboot.

13. Start > Run > Regsvr32 es.dll

14. Reboot the system in safe mode and delete all the files in the following directory “%systemroot%\registration”

15. Rename the %WinDir%\System32\Clbcatq.dll file to  %WinDir%\System32\~Clbcatq.dll. Make sure that you include the tilde  (~) at the start of the file name.

16. Restart the computer

17. Start Registry Editor (Regedt32.exe).

18. Locate and delete the following key in the registry
 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\COM3

19. At a command prompt, type "cd %windir%" (without the quotation marks), and then press ENTER

20. At a command prompt, type  "rmdir /s Registration" (without the quotation marks), and then press ENTER. This is the location folder of the registration database.

21. Click the Start button, point to Settings, and then click Control Panel.

22. Double-click Add/Remove Programs, and then click Add/Remove Windows  Components

23. Click Next to go through the reinstallation process, to reinstall COM+.

Remote Assistance in Windows 2008

Remote Assistance provides a way for users to get the help they need and makes it easier and less costly for corporate helpdesks to assist their users.

The Remote Assistance application in Windows Server 2008 is implemented in MSRA.exe.

It can be started from the command line by running msra.exe.

%systemroot%\system32\msra.exe

Or

From the Start > All Programs > Maintenance > Windows Remote Assistance

Remote Assistance Registry Keys

User-specific Remote Assistance registry keys will not exist unless Remote Assistance is installed and the current user has run Remote Assistance at least once.

The per-user Remote Assistance registry values are located in the following key: HKCU\Software\Microsoft\Remote Assistance\

The location of the per-machine registry key for Remote Assistance has changed from previous versions of Windows. The new location is:

HKLM\SYSTEM\CurrentControlSet\Control\Remote Assistance

In previous versions of Windows location is:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Service

Remote Assistance may be configured using the group policies located in the following container: Computer Configuration/Administrative Templates/System/Remote Assistance

The policies write registry values to the following area of the registry: HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services

A Remote Assistance connection may be initiated by the following ways:

++Offer Remote Assistance (unsolicited) mode

++Solicited mode

Offer Remote Assistance (or Unsolicited Remote Assistance)

Unsolicited remote assistance is initiated by an Expert user and is used to offer Remote Assistance to a Novice user. The Expert should know the Novice’s machine name or IP address to view the novice’s desktop. If the Expert needs to share control of the Novice’s machine, the Expert can request control and the Novice can accept or deny the request.

Solicited Remote Assistance

The Invite someone you trust to help you option, also referred to as solicited, Remote Assistance, is initiated by a Novice user that looks for assistance from an Expert user. This mode is started by using one of the following methods:

++Send an invitation by email via Simple MAPI The Novice can email the RA invitation to the Expert as an attachment.

To use this method, the Novice’s email application must support Simple MAPI protocol. e.g. Microsoft Outlook, Outlook Express and Lotus Notes support Simple MAPI protocol.

 ++Manually save an invitation file and send it to the Expert Novice has to create the ticket as a file (save it to a file) and manually send the file to an Expert.

 The invitation file is a text file that is XML formatted and contains information that the Expert's machine will be able to start remote assistance.

Session logs are XML-formatted documents.

Log Path: %SystemDrive%\Users\user_name\Documents\Remote Assistance Logs

A unique session log file is created for each RA Session on the computer. Log files stored within this folder are formatted using XML and are named using the convention YYYYMMDDHHMMSS.xml, where the time format is 24-hour.

How to change RDP Port on TS

 Terminal services used port 3389 by default. It is well known port TS uses so there can be a chance that it can be a target for attack by network intruders.

Even though network attackers can find the port that is in use, changing TS port from 3389 can make it more difficult to attack a TS server.

TS port can be changed from the registry

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Value: Port Number

Type: REG_DWORD

Data: 3389 in decimal or d3d in hex

We can use any ephemeral port ranging from 1024-4999 by default. After making the registry changes restart the terminal services

To check the port on which terminal server is listening run nestat –aon from command prompt.

++ Remote Desktop Client

      Launch mstsc.exe. In the computer field specify the <TS name>:<port number> e.g. If server name is termserver1 and port is 3900 then we need to put termserver1:3900

++Remote Desktop We Connection

Make connection to web server which host the remote desktop web connection using http://<server name>/ts

Click on the Remote Desktop icon. In Connect to: field specify the <TS name>:<port number>

++Remote Applications:

To configure Remote Applications, accessible through TS Web Access or a custom .rdp file, to use custom Terminal Server port, you must configure custom RDP Settings  in  TS Remote App Manager MMC snap-in.

RemoteApp Deployment Settings à Terminal Server à RDP Port

Specify the custom port in RDP port field.

How to install application on Windows 2008 Terminal Server

It’s recommended to install Terminal services role before installing any application which will be available to terminal server users. If TS role installed after the applications are installed, some the application may not work correctly in a multiple user environment.

In that scenario uninstalling and reinstalling the affected programs can resolve the issue.

To ensure that an application is installed correctly to work in a multiple user environment, the Terminal Server must be switched into Install mode before applications are installed on the server.

A Terminal Server canbe placed into Install mode using one of the following methods:

++Using the Install Application on Terminal Server tool in Control Panel\Programs.

This tool is available only when we install terminal server. It will automatically put terminal server into execute mode when application installation is complete.

++ Run Change user /install from command promptto place the server into Install mode and install the application. After installing the application, use the Change user /execute command (or restart the server) to place the server back into Execute mode before using the application.

 Change user /query command can be used to find the current mode.

Terminal Server Easy Print

Terminal Server Easy print

Terminal service easy printing is a new feature introduced in windows 2008 server.It enables users to print from a Terminal Services session to the local or network printers configured on the client computer without the need to install drivers on the Terminal Server.

User will see the full printer properties of the local printer in the session and have access to all printer functionality. The Easy Print universal driver acts as a proxy and redirects all UI

To use the Terminal Services Easy Print feature in Terminal Services on Windows Server 2008, clients must be running Remote Desktop Connection (RDC) 6.1 client and have the .NET Framework 3.0 Service Pack 1 installed. Both included with Windows Server 2008 and will be available for download for Windows Vista.

New features in Windows Server 2008 Terminal Services:

++Terminal Services Easy Print.

++Client-redirected printers are now scoped per session.

++Printers now have the Session SID set in the list of ACLs that prevents printers from appearing in another session, even for the same user.

++Ability to view and manage session printers. By default, users, including administrators, can only see the printers that they have redirected in their session.

++Users can change access to the printers by editing the permissions in the printer properties to be    made accessible to other users. 

The Terminal Services Easy Print feature works seamlessly in mixed platform environments:

·         x86 clients > x64 Windows Server 2008 Terminal Servers

·         x64 clients > x86 Windows Server 2008 Terminal Servers

Things we need to check if TS easy printing is not working:

++clients are running Remote Desktop Connection (RDC) 6.1 client and have the .NET Framework 3.0 Service Pack 1.

a) XP SP3 includes RDC 6.1 client. But we need to install .NET Framework

Microsoft .NET Framework 3.5 (which includes .NET Framework 3.0 SP1) can be downloaded from the Microsoft Download Center

http://go.microsoft.com/fwlink/?LinkId=109422

b) On a Windows Server 2008-based server (that is acting as the client), you must add .NET Framework 3.0 SP1 by using either Server Manager or by adding the feature from the command line.

To add .NET Framework 3.0 SP1 by using the Server Manager user interface

  1.  Start Server Manager. To open Server Manager, click Start, point to Administrative Tools, and then click Server Manager.

 2.  In the left pane of Server Manager, right-click Features, and then click Add Features.

 3.  On the Select Features page, expand .NET Framework 3.0.

4.  Select the .NET Framework 3.0 Features and the XPS Viewer check boxes, and then click Next.

 5.  Click Install.

 To add .NET Framework 3.0 SP1 by using the command line

 1.  Start the command prompt with elevated privileges. To do this, click Start, right-click Command Prompt, and then click Run as administrator.

 2.  At the command prompt, type the following, and then press ENTER:

pkgmgr.exe /iu:NetFx3

The installation occurs silently, and may take several minutes.

 c) Windows Vista® with SP1 includes both of the required components. By default, Windows Vista with SP1 supports the Terminal Services Easy Print driver with no additional configuration

++ Check if tsprint.dll in the following location:

%systemroot%\System32\Spool\Drivers\w32x86\3\tsprint.dll (Terminal Services Easy Print is implemented in tsprint.dll)

++Check the Terminal Services Easy Print and compare with the working machine.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\ <architecture>\Drivers\Version-3\Terminal Services Easy Print

Terminal Service Printing Group Policies

Group Policies for Terminal Services printing are located in the following container:

Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server

Table: Terminal Services Print Group Policies

Internet Explorer Administration Kit (IEAK) 7 for begginers

Internet Explorer Administration Kit (IEAK) is a product from Microsoft that enables an organization to centrally manage the customizing, deployment, and maintenance of Microsoft's Web browser, Internet Explorer, for users on different computer platforms. There is no royalty on the deployed copies. Using IEAK, a company can set up every user's browser the same way. Microsoft offers a step-by-step process for using the kit.

Internet Explorer Administration Kit 7 (IEAK 7) enables the most efficient way to deploy and manage Web-based solutions.

Corporations

Learn how the IEAK 7 can help your organization with powerful, easy-to-use options for deploying and managing Web solutions with Internet Explorer 7.

Internet Explorer Administration Kit provides administrators with powerful, easy-to-use options designed to save you time and money in deploying and managing Web solutions.

IEAK allows you to:

·         Establish version control across your organization.

·         Centrally distribute and manage browser installations.

·         Configure automatic connection profiles for users' machines.

·         Customize virtually any aspect of Internet Explorer, including features, security, communications settings, and other important elements.

Internet Service Providers (ISPs)

IEAK programs and tools make it easy for you to create, deploy, and manage custom browser packages, and save you time distributing your browser.

Internet Explorer Administration Kit (IEAK) programs and tools make it easy for you to create and deploy custom browser packages and to manage the browser after the installation.

As an ISP, you can customize Internet Explorer and make it easy for customers to sign up for your services. The IEAK works faster and more reliably to help you save time distributing your browser, get more users to the Web, and reduce your support costs.

The IEAK allows you to:

·         Customize the browser and other features to match your business objectives.

·         Brand Internet Explorer and the dialer software you distribute.

·         Flexibly deploy and distribute the browser.

·         Include third-party add-ons with installation. The Internet Explorer Administration Kit makes it easy for you to generate a custom browser with Internet Explorer that can be deployed via Web download or CD to your subscribers.

Internet Content Providers (ICPs)

Learn how the IEAK enables you to customize the appearance of the browser and tailor it for your users.

As an Internet Content Provider, you can choose customization options for Internet Explorer that help showcase your content in a number of ways. The Internet Explorer Administration Kit (IEAK) enables you to customize the appearance of the browser and the Setup program.

Customizing Internet Explorer Software by ICPs

To customize Internet Explorer, you can add your organization's name or other wording to the title bar. For example, the phrase "Windows Internet Explorer Provided by Proseware, Inc." could appear on your title bar.

You can preset the following Web pages and links:

·         Customer support page

·         Users' home page

·         Users' search providers

·         Links in the Links bar

·         Links in the Favorites bar

·         Links to Explorer Bars

·         Add-on Components page (for optional components)

·         You can also customize the appearance of the browser software so that your organization's content is more prominent when the user browses the Internet. For example, you may want to customize the user's home page with content and links related to your business. By continually updating the content on your Web sites, you can keep your customers interested and informed about your products or services.

Customization Examples for ICPs

To showcase your organization's information and services on the Internet, you may want to consider the following customization options:

       Add links to your organization's Web sites. For example, if your organization is a radio station, you could add links to Web pages that highlight play-lists and composers' biographies.

       Update the browser interface with your organization's branding. You can add your organization's name to the title bar.

       Track information about your customized browser software by using an agent string—a string of characters that a Web browser sends when it visits an Internet site. The custom string that you append to the user agent string enables Web sites to compile statistics about how many of your customers are using your browser to view those sites.

Independent Software Vendors (ISVs)

Find out how you can include your own components and controls for your users when distributing your custom browser program using Internet Explorer.

As an Independent Software Vendor, you can easily distribute your custom program with Internet Explorer. By using the Internet Explorer Administration Kit (IEAK) programs and tools you are able to create custom browser software packages that include your own components and controls for how your users install the packages.

ISVs Customizing Internet Explorer

Using the IEAK, you can include Internet Explorer technologies, such as the Web Browser control, with your custom program and easily create Internet Explorer distribution media. You can also specify home and search providers and add Web sites to the Favorites list when you create your custom browser software packages.

You can also redistribute Internet Explorer. By using setup scripts or command-line switches, you can reduce or eliminate the user interaction required to install Internet Explorer and Internet Tools. This helps ensure smooth installation when users set up your custom program with Internet Explorer.

Customization Examples for ISVs

To distribute your program with Internet Explorer, you may want to consider the following customization options:

       Use a batch file and command-line switches to install Internet Explorer in redistribution mode. This mode installs the underlying program files without overwriting the Internet Explorer icon if Internet Explorer already exists on the user's computer. You can also suppress Windows Update Setup prompts, so that your custom program does not provide setup feedback to the user.

       Update Customize Internet Explorer with links to your organization's Web sites or to sources of related technologies. Then you can use the IEAK to create a CD-ROM package that includes your custom program.

Before you install IEAK 7

Installation requirements

       You must have Internet Explorer 7 installed on your computer in order for IEAK 7 to run successfully.

       You can install this version along with an existing installation of IEAK 6 with SP1 on platforms that support that configuration.

       We recommend that you install IEAK 7 on a computer that is running the same operating system as the destination computer for which you are creating a package.

Supported operating systems

With this version of this product, you can customize and install Internet Explorer 7 on computers that are running the x86-based, x64-based, and Itanium-based versions of Microsoft Windows XP with Service Pack 2 (SP2), Windows Vista or Microsoft Windows Server 2003 operating systems.

After you install IEAK 7

To start using IEAK

1.       Click Start, click All Programs, and then click Microsoft IEAK 7.

2.       Then, do one of the following:

·         Click Internet Explorer Customization Wizard to start creating a custom package. You can also open Internet Explorer 7 Customization Wizard from the command line by typing ieak7wiz.

·         Click IEAK Profile Manager to edit existing settings.

·         Click IEAK Help to access the IEAK 7 product documentation (IEAKHelp.chm).

What is new in IEAK 7

The following are new features in this version of IEAK 7:

Ability to use the Internet Explorer 7 Customization Wizard or IEAK Profile Manager to customize:

·         Web feeds. You can add Web feeds to your customized browser.

·         Multiple home pages. You can add multiple home pages, which use the new tab-browsing feature in Internet Explorer.

·         Search providers. You can make multiple search providers available to your users.

·         Corporate installation options. You can specify whether the Microsoft Windows Malicious Software Removal Tool is updated and run.

·         Anti-phishing. You can specify whether your users can manage the new anti-phishing filter in Internet Explorer.

Ability to create a single package that can automatically configure an existing installation of Internet Explorer 7 or install and configure Internet Explorer 7, depending on whether Internet Explorer is already installed.

Improved Internet Explorer 7 Customization Wizard pages and text designed to provide a better experience than in previous versions of IEAK.

What is not available in IEAK 7

Partly because of changes in Internet Explorer, you will not be able to perform the following tasks with IEAK 7 that you were able to perform with earlier versions of IEAK:

·         The signing functionality is no longer available as a part of the Internet Explorer 7 Customization Wizard. Instead, you should include signed components while creating a package and use tools available on the Web to sign the final distribution package. More details are available in the product documentation (Ieakhelp.chm).

·         You cannot change the installation directory for Internet Explorer on your users' computers.

·         You cannot customize and package Outlook Express and Windows Media Player.

·         You cannot customize the toolbar background bitmap for Internet Explorer.

·         You cannot create custom logos or animated bitmaps for Internet Explorer.

·         You cannot customize the title bar text and custom logo bitmaps for the Internet Explorer Setup Wizard.

·         You cannot install multiple components of Internet Explorer from the Automatic Version Synchronization page in the Internet Explorer 7 Customization Wizard. Internet Explorer is now installed as a single component.

·         You cannot use the Download media option. This option and the Component Download Sites page have been removed.

·         You cannot customize options for the Microsoft Update Web site.

·         The Internet Connection Wizard is not supported on the Windows Vista™ operating system. However, ISPs can still use IEAK 7 to customize the Internet Connection Wizard for Internet Explorer 7 on computers running Windows XP with SP2 or Windows Server 2003.

·

·         User rights deployment is no longer required for Internet Explorer Setup and has been removed from the Internet Explorer 7 Customization Wizard.

·         The toolkit provided with IEAK 7 has been updated and the following files have been removed: Fontinst.exe, Fontinst.inf, Ie55urd.exe, Instmsiw.exe, Welc.exe, Filewiz.exe, Cert2spc.exe, Chktrust.exe, Dumpcert.exe, Makecert.exe, Setreg.exe, Tour.exe, Cdsetup.exe, Isk3ro2.exe, Animbmp.exe, Makebmp.exe, Bitedit.exe, Paledit.exe, Inetlogn.exe, Inetlogn.inf, Netlogon.exe, Installx.exe

Internet Explorer 7 Administration Toolkit Configuration

The Administration Toolkit can be located at http://www.microsoft.com/technet/prodtechnol/ie/ieak7/default.mspx

Once installed, click on START, followed by ALL PROGRAMS, then MICROSOFT IEAK 7, then INTERNET EXPLORER CUSTOMISATION WIZARD.

Follow are the description of different stages that one need go go through (in the wizard) to create a custom IE7 package:

File Locations

On this page of the Internet Explorer 7 Customization Wizard, you can change the destination folders where the custom package is created and the folder where Windows Internet Explorer 7 will be downloaded.

Platform Selection

On this page of the Internet Explorer 7 Customization Wizard, you must choose the operating system and processor architecture for the computers on which you want to install the custom package.

Language Selection

On this page of the Internet Explorer 7 Customization Wizard, you must choose the language for the Internet Explorer Administration Kit 7 (IEAK 7) custom package.

If the language that you want to use for the package is not listed in the drop-down list on this page of the wizard, close the wizard, insert the IEAK product CD that contains the language that you want to use, and then restart the wizard. For information about ordering an IEAK product CD, see http://go.microsoft.com/fwlink/?LinkId.

Media Selection

On this page of the Internet Explorer 7 Customization Wizard, you must specify which type of media you will use to distribute your custom package. You can select more than one media type, if needed.

Feature Selection

On this page of the Internet Explorer 7 Customization Wizard, you can select which parts of Internet Explorer 7, setup, and sign-up that you want to customize. Your selections here determine which remaining wizard screens appear. For example, if you plan to customize only the user interface of Internet Explorer, you can clear the other check boxes, so that the Internet Explorer 7 Customization Wizard displays only Browser Title and Toolbar Customizations page. The items on this page are also limited by the version of Internet Explorer Administration Kit 7 (IEAK 7) that you installed and the operating system that you are using to build the custom package. For more information, see Customization Options for Specific Audiences.

Automatic Version Synchronization

On this page of the Internet Explorer 7 Customization Wizard, the Setup file for Internet Explorer 7 is downloaded to your computer to the location that you specify. The download contains both the full and express packages and the language that you specified earlier in the Internet Explorer 7 Customization Wizard. Automatic Version Synchronization runs each time you run the wizard.

There are two types of versioning used by Internet Explorer Administration Kit: versioning of the custom package and versioning of Internet Explorer itself. For the first type, each Internet Explorer package that you create is assigned a version number and versioning can be enforced so that older packages are not allowed to overwrite newer versions of the same package. Automatic Version Synchronization addresses the second type — versioning for Internet Explorer.

You can also use an older version of the browser. To do this, do the following:

1. Click Cancel to exit the Internet Explorer 7 Customization Wizard.
2. Restart the wizard.
3. On the File Locations page in the wizard, click Advanced Options.
4. In the Advanced Options dialog box, change the Component Download folder to a different location.
5. Continue through the wizard.

Add Custom Components

On this page of the Internet Explorer 7 Customization Wizard, you can add up to ten components that your users can install at the same time that they install Internet Explorer. These components can be compressed cabinet (.cab) files or self-extracting executable (.exe) files, and can be anything from components you created for your organization to components from Microsoft. For Microsoft components, the most current versions and software patches may be available from Microsoft Update (http://go.microsoft.com/fwlink/?linkid=284). To include any components from Microsoft Update in your package, you must bundle the associated files into a custom component.

You should sign any custom code that is downloaded over the Internet to let your users know that they can trust your code before downloading it to their computers. The default settings in Windows Internet Explorer 7 reject unsigned code.

Corporate Install Options

On this page of the Internet Explorer 7 Customization Wizard, you can customize Setup for the Microsoft Windows Malicious Software Removal Tool, the default browser, and browser updates, based on your corporate guidelines.

Customizing the Setup Experience

In this stage of running the Internet Explorer 7 Customization Wizard, you can specify how setup for the custom package functions for your users.

This stage contains the following pages:

• CD Autorun Customizations. If you are using a CD to deploy the custom package, use this page to customize the autorun screen that appears when the CD is first inserted.
• More CD Options. If you are using a CD to deploy the custom package, use this page to provide the location to release notes and the installation instruction text that will appear in the autorun screen.
• User Experience. For the Corporate version only: Specify the level of user interaction during the installation of the custom package.

CD Autorun Customizations

On this page of the Internet Explorer 7 Customization Wizard, if you are creating a CD-ROM version of your custom package, you can create an autorun screen that displays after a user inserts the CD into the drive. As part of this, you can provide custom bitmaps.

More CD Options

On this page of the Internet Explorer 7 Customization Wizard, you can further customize CD installations of Windows Internet Explorer 7 by including release notes for information about the custom package, and by having a Web page with user instructions appear after installation.

User Experience

On this page of the Internet Explorer 7 Customization Wizard, you can specify the amount of user interaction during Setup for the custom package. This page is only available in the Corporate version of Internet Explorer Administration Kit 7 (IEAK 7).

Both the hands-free and silent installation options do the following:

• Answer prompts that enable Setup to continue.
• Accept the license agreement.
• Specify that Internet Explorer 7 is installed and not just downloaded.
• Carry out the type of installation that you specified for this installation package.
• Install Internet Explorer in the default location, unless it is already installed. In that case, the new version of the browser is installed in the same location as the previous version.

Neither of these modes is interactive, and users do not have control over the progress of the installation. In a silent installation, if installation does not finish successfully, users do not see an error message. You might consider using this feature for installations that are deployed when the user is not present.

Browser Title and Toolbar Customizations

On this page of the Internet Explorer 7 Customization Wizard, you can customize the title bar text and toolbar buttons of Internet Explorer 7. If you installed the Corporate version of Internet Explorer Administration Kit 7, after you deploy the custom package, you can update these settings using IEAK Profile Manager.

Search Provider Customization

On this page of the Internet Explorer 7 Customization Wizard, you can add search providers and set a search provider default for the customized version of Internet Explorer 7. If you installed the Corporate version of Internet Explorer Administration Kit 7 (IEAK 7), after you deploy the custom package, you can update these settings using IEAK Profile Manager.

Important URLs - Home Page and Support

On this page of the Internet Explorer 7 Customization Wizard, you can specify the URLs for one or more home pages and an online support page for your customized version of Internet Explorer 7. If you installed the Corporate version of Internet Explorer Administration Kit 7 (IEAK 7), after you deploy the custom package, you can update these settings using IEAK Profile Manager.

Favorites, Links and Feeds

On this page of the Internet Explorer 7 Customization Wizard, you can customize the Favorites, Feeds, and Links features in Internet Explorer 7 by adding links to sites related to your company or services. If you installed the Corporate version of Internet Explorer Administration Kit 7 (IEAK 7), after you deploy the custom package, you can update these settings using IEAK Profile Manager.

Microsoft has provided items in Favorites, Links, and Web Feeds by default. However, you can remove any of these items and/or add new folders and links as part of the custom package.

Welcome Page

Internet Explorer 7 displays a first run page when a user first starts the browser. On this page of the Internet Explorer 7 Customization Wizard, you can disable the default first run page, and/or specify whether you want to display a custom welcome page after the first run page. If you do not customize the settings on this page of the wizard, the first time your users open Internet Explorer, they will see the first run page.

User Agent String

Some companies track Web site statistics, such as how many times their content is accessed and what type of Web browsers are being used. You can track the use of your customized version of Internet Explorer by using a user agent string, which is sent in the header of every HTTP request so that a site's Web server can detect what type of browser is being used.

In this page in the Internet Explorer 7 Customization Wizard, you can customize the user agent string by adding characters to the end of the string. Customizing the user agent string is optional, but if you decide to do this, be aware that other companies that track site statistics will see the customized string.

Connection Manager Customization

On this page of the Internet Explorer 7 Customization Wizard, if you have already created a custom profile using Connection Manager Administration Kit (CMAK), you can import it into your installation package.

If you use a CMAK profile, make sure that the profile is specific to the operating system for which you are creating the package. CMAK creates a self-extracting executable (*.exe) file that installs itself on your user's computer. When your user clicks the custom icon to connect to the Internet, the custom dialer dialog box that you created as part of the CMAK profile appears.

Connection Settings

You can use the Internet Explorer 7 Customization Wizard to preset connection settings for your users' installations of Internet Explorer 7 by importing the connection settings from your computer. If you installed the Corporate version of Internet Explorer Administration Kit 7, after you deploy the custom package, you can update these settings using IEAK Profile Manager.

If you want to first view the settings that you will import, do the following:

1. In Internet Explorer, click the Tools menu, click Internet Options, and then click the Connections tab.
2. On the tab, click Settings to view dial-up settings and click LAN Settings to view network settings.

Automatic Configuration

On this page of the Internet Explorer 7 Customization Wizard, you can specify URLs to files that will automatically configure Internet Explorer 7 for a group of users or computers. You configure options by using Internet settings (.ins) files to set standard proxy settings. You can also specify script files in JScript (.js), JavaScript (.jvs), or proxy auto-configuration (.pac) format that enable you to configure and maintain advanced proxy settings. When an automatic proxy (auto-proxy) script file is specified, Internet Explorer uses the script to determine dynamically whether to connect directly to a host or to use a proxy server.

If you installed the Corporate version of Internet Explorer Administration Kit 7, after you deploy the custom package, you can update these settings using IEAK Profile Manager. To use automatic configuration, you must create a profile consisting of an .ins file and any cabinet (.cab) files generated by IEAK Profile Manager. After creating the profile, you store it on a server.

You can configure network servers using Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) to automatically detect and configure a browser's settings when the user first starts the browser on a network. For more information, see the product documentation for your DNS and DHCP software packages and also Enable Automatic Detection and Configuration of Browser Settings.

Before you begin, you may also want to check the automatic configuration settings on your users' computers. To do this, do the following:

1. In Internet Explorer, click Tools, and then click Internet Options.
2. Click the Connections tab, and then click LAN Settings.
3. Verify that the Use automatic configuration script check box is selected, and confirm the path and name of the file in the Address box.

Proxy Settings

On this page of the Internet Explorer 7 Customization Wizard, you can specify which proxy servers your users connect to for services that are included in the custom Internet Explorer 7 package. If you installed the Corporate version of Internet Explorer Administration Kit 7 (IEAK 7), after you deploy the custom package, you can update these settings using IEAK Profile Manager.

Using a proxy server can allow you to limit access to the Internet. You can also restrict the ability of your users to change the proxy settings using Additional Settings in the Internet Explorer 7 Customization Wizard or later, using IEAK Profile Manager.

Security and Privacy Settings

On this page of the Internet Explorer 7 Customization Wizard, you can manage security zones, privacy settings, and content ratings to help you control the types of content that your users' computers can access on the Internet. You can also set the level of privacy regarding cookies for your users. You can adjust the settings to block content that may be considered offensive or otherwise inappropriate in a corporate setting. If you installed the Corporate version of Internet Explorer Administration Kit 7, after you deploy the custom Internet Explorer 7 package, you can update these settings using IEAK Profile Manager.

Additional Customizations

In this stage of running the Internet Explorer 7 Customization Wizard, depending on the version of Internet Explorer Administration Kit 7 (IEAK 7) that you installed and the operating system that you are using, you can specify settings for Internet sign-up, a root certificate, and access to browser features for the custom Internet Explorer 7 package.

This stage contains the following pages:

• Add a Root Certificate. For the ISP version only: Specify a root certificate to add to the custom package to automatically certify a set of sites, people, and content publishers as trusted for your users.
• Sign-up Method. For the ISP version only: Specify the method that you will use to provide Internet connection sign-up for your users after the custom browser is installed.
• Sign-up Files. For the ISP version only: Specify the location and name of files that will be used to configure sign-up. You can also specify whether these files will be used as they are or configured during the next steps of the wizard.
• Sign-up Server Information. For the ISP version only: Specify connection information for your users to connect to your sign-up server. This information is stored as an .isp file.
• Internet Settings Files. For the ISP version only. Specify a custom .ins file to post on your server or to include in the custom package for client-based sign-up.
• Internet Connection Wizard. For the ISP version only: If you are using this tool to enable your users to connect to the Internet, customize the title bar and image. This option is not applicable to the Windows Vista operating system.
• Programs. For all versions: Specify the programs to use for various Internet services such as newsgroups, e-mail, and a calendar.
• Additional Settings. For the Corporate version only: Configure settings to further control access to features of Internet Explorer for the users and computers in your organization as part of the custom package.

Known issues

The following are the known issues with this product:

       Starting in October 2007, the Windows Genuine Advantage validation check was removed from the Internet Explorer 7 installation executable. The updated IEAK 7 released in English, German, Japanese, French, Spanish, Korean, Simplified Chinese, and Traditional Chinese languages.  Additional localized Internet Explorer 7 installation executables will be released for download as they become available.  If you use IEAK 7 to customize an internationalized Internet Explorer 7 version before the new Internet Explorer 7 installation executables (without the WGA check) are available, the customized package will contain the Windows Genuine Advantage validation check. To learn more, read the Knowledge Base article “.MSI in Active Directory environments”.

       The Internet Explorer 7 Customization Wizard does not work with user names that use double-byte character sets - for example, Chinese and Japanese. To fix this, you need to set the TEMP and TMP environment variable to a path that does not use these characters (for example, C:\temp). To do this, open System Properties and on the Advanced tab, click Environmental Variables. Then, click Edit and modify TEMP and TMP to a directory that is not in the user profile.

       Content ratings and the following groups of settings under the Corporate Restrictions node on the Additional Settings page do not work on computers that are running Windows Vista. That is, if you set one of these settings, the setting will not be retained on computers running Windows Vista. This is because IEAK packages do not have sufficient user rights to set these policies and restrictions.

·         Internet Property Pages

·         General Page

·         Connections Page

·         Content Page

·         Programs Page

·         Browser Menus

·         Favorites and Search

·         Explorer Bars

·         Persistence

·         Dial-Up Settings

·         Security Page

·         Software Updates

·         Startup Restrictions

·         Toolbars (Machine)

·         Temp Internet Files (Machine)

If you are using the IEAK 7 to package Internet Explorer 7 in other languages, the settings on the Additional Settings page (which appears at the end of the Internet Explorer 7 Customization Wizard) will always appear in English, irrespective of the language of IEAK 7.

       When you add feeds using the Favorites, Links and Feeds page of the Internet Explorer 7 Customization Wizard, you can only add feeds underneath a single folder. If you create two levels of folders and create a feed under the subfolder, then the feed will not work.

       The organization name that you specify when installing IEAK 7 should be 15 characters or less. If you specify a name that is longer than 15 characters, the package you create will have 'UNKNOWN PUBLISHER' in the place of your organization's name. To work around this issue, see http://go.microsoft.com/fwlink/?LinkId=75695.

       When you create a custom component, the file name needs to be 16 characters or less, or you will not be able to install the component. If it is longer than 16 characters, the installation will fail but you will not receive an error.

       If IEAK 7 is corrupted, you should uninstall and then reinstall IEAK instead of using the Repair option. If you use the Repair option, then the installation will default to the ISP mode, regardless of the previous mode.

Published printers from AD disappear

Published printers from AD disappear

This normally happens when we have Print Pruning Policy Configured.

The Printer Pruner is a component of the Windows  Spooler service that deletes orphaned PrintQueue objects from the Active Directory. The Printer Pruner runs within the Spooler context, and only on domain controllers. The purpose of the Printer Pruner is to eliminate PrintQueue objects from the Active Directory whose UNCName attribute points to a non-existent or incorrect printer.

Troubleshooting for Published Printers Are Missing:

===========================================

1. Launch GPEdit.msc on the Print Server.
2. Navigate to Computer Configuration / Administrative Templates / Printers.
3. Configure the Allow Pruning of Published Printers policy to Disabled.
4. Refresh group policy.

By default the DC checks 3 times with 8 hours between checks to determine if the
printer is still valid before deleting it.

“The Print Pruner is a thread that runs under the spooler context on all DCs. It
uses ADSI calls ( ADsGetObject, IID_IDirectorySearch->ExecuteSearch) to get the
list of all the printQueue servers in the AD.
To check whether the server is in same site it uses Winsock call (gethostbyname)
and other net APIs (DsAddressToSiteNames,DsGetDcSiteCoverage).
To check if the print queue\print server availability it uses OS APIs
(NetServerGetInfo, OpenPrinter,GetPrinter).
So all the work by pruner is done using ADSI, WinSock and OS functions.”

Work-around to get the Disappeared Printers back:
==========================================
Click on Start, Run, Services.msc
Stop and restart "Print Spooler" service

Note: When the spooler service is restarted on a print server it automatically republishes the printers.

Note: On a cluster service, just stop the Print Spooler service, since the cluster service will automatically start the service when it tries to bring the Print resource online.

Here is a script to republish all the printers to Active Directory

Please save this as a *.vbs and run it as a script file.

'

'                       This VBS enables printer publishing

'

'               Created by Austin Mack.  Last modified on 8/19/2005

'

' Note: The command generated for each printer will display an error for each printer, if

'       it is unable to enable publishing for the printer, for example lack of permissions.

'

' Following link has a list of printer attributes.

' http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/win32_printer.asp

' Attributes of a Windows printing device are represented by a combination of flags.

'   Shared Attribute = 8  (ie Available as a shared network resource)

'

' Additional PRINTUI.DLL syntax information available by running the following command

'   rundll32 printui.dll,PrintUIEntry /?

Option Explicit

on error resume next

Dim Key                     'The dictionary key to each item                                                            

Dim objLocator, objService, objEnumerator

Dim objWSH, strComputerName

Dim WSHShell

Set WSHShell = WScript.CreateObject("WScript.Shell")

Set objWSH = CreateObject("WScript.Network")

strComputerName = objWSH.ComputerName  

set objLocator = CreateObject("WbemScripting.SWbemLocator")

set objService = objLocator.ConnectServer(strComputerName,"root/cimv2")

set objEnumerator = objService.ExecQuery("SELECT * FROM win32_Printer")

Wscript.echo "A message will be displayed after printers are published on ALL of the local printers that are shared.  However it may take a little longer for the GUI to get updated" & vbcrlf & "Click OK to continue"

For each key in objEnumerator    'cycle through each printer on the system

  if ((key.attributes and 8) = 8 ) then    'Only execute printer is shared

    if (left(key.name,2) <> "\\") then     'Only execute if printer is not a UNC network printer (ie should be local)

      'wscript.echo key.name               'Display each printer that is about to have DS print publishing enabled.

      WSHShell.Run("rundll32 printui.dll,PrintUIEntry /Xs /n """ & key.name & """ attributes +Published")

    end if

  end if

Next

Wscript.echo "Printer publishing has been enabled for the local printers that were shared on this system"

How to troubleshoot Internet Explorer's Maintenance Group Policy!