Recently we have some cases that the customers reported the rendering issues with Facebook after upgrading to IE9 RTM.
In every case Facebook had been added to the Compatibility View list due to issues during the Beta or RC or IE8. Facebook does not want to be on the CV list, and we don’t want them on the CV list.
To get back to a great rendering experience, please do the following:
ALT + Tools :: Compatibility View SettingsRemove Facebook.com from the listOK
That should put Facebook back in IE9 mode.
New Update: Hotfix was just released to resolve this issue. http://support.microsoft.com/kb/2530309
Symptom:
Some customers reported GPP is not applying IE9, prior to Upgrading the browser to IE9.0 it was working OK with IE 8.0.
Enabled Logging for Group Policy Preferences and found the below:--------------------------------------------------------------------------------------Non-Working Scenario : ------------------------------------------------------------------------------------------------------------------------------2011-03-29 09:56:37.131 [pid=0x3a0,tid=0xb18] {683F7AD7-E782-4232-8A6D-F22431F12DB5}2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Starting class <IE8> - Internet Explorer 8.2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Starting filter [AND FilterFile].2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Adding child elements to RSOP.2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Set user security context.2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] C:\Program Files\Internet Explorer\iexplore.exe2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] apmGetFileVersionEx2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] apmCompareVersionTokens [SUCCEEDED(S_FALSE)]2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Set system security context.2011-03-29 09:56:37.147 [pid=0x3a0,tid=0xb18] Failed hidden filter [FilterFile].2011-03-29 09:56:37.163 [pid=0x3a0,tid=0xb18] Filters not passed.2011-03-29 09:56:37.163 [pid=0x3a0,tid=0xb18] Completed class <IE8> - Internet Explorer 8.2011-03-29 09:56:37.163 [pid=0x3a0,tid=0xb18] Completed class <InternetSettings>.------------------------------------------------------------------------------------------------------------------------------
When you try to edit a GPP Policy on the Domain Controller you only see an option for IE 5 / 6 / 7 and 8.
Cause:
Windows Server 2008 R2 GPP Internet Explorer preference items does not support IE 9. The problem is clear in the debug log as the filter did not pass. The problem is viewable from the XML file
The released version of Internet Explorer 9 is not 9.0.0.0.
The trick is editing the xml and set "max Version=9.1.0.0", anyway, it is not supported.
More information:
http://technet.microsoft.com/en-au/library/gg699429.aspx
Reference:
http://social.technet.microsoft.com/Forums/pl-PL/winserverGP/thread/2b07b081-554e-4848-b533-0632d19e1a7a
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/361b3bc2-251d-4d45-adad-2ec75996646c
http://social.technet.microsoft.com/Forums/de/gruppenrichtliniende/thread/83237a92-68a4-4bb7-9e79-0112ef6e0a6f
These days, we find a interesting problem from the technet forum.You are using Windows Media player 12 to play a video, then insert an audio CD, WMP will stop the video and begin playing the CD. Obviously it's annoying.
Even tried changing the AutoPlay settings to “Take no action” under Control Panel to prevent audio CD from playing automatically. But still no go.If you are suffering this issue, here is an easy way to stop it in several simple steps.1. Go to Control Panel, AutoPlay2. Change the Audio CD to "? Ask me every time" and click save
3. Open Media Player and insert a CD.4. When the AutoPlay window appears, check the "Always do this for Audio CDs:" checkbox5. Click on the blue link on the bottom: "View more Auto Play options in control panel"
6. Change the Audio CD selection back to "Take no action" and click save7. Click the red X to close the AutoPlay window.Windows Media Player 12 now will no longer kick into AutoPlayReference:========http://social.technet.microsoft.com/Forums/en-US/w7itpromedia/Thread/3EDEBC4E-060A-4474-A5B3-114C74BF5A4Dhttp://social.technet.microsoft.com/Forums/en/w7itpromedia/thread/7ec583ee-0308-4362-af43-3cfac909f3e2http://social.technet.microsoft.com/Forums/en/w7itpromedia/thread/33d03e71-80fb-4810-9d3b-c261db75c0cfhttp://social.answers.microsoft.com/Forums/en-US/w7pictures/thread/bbc92709-b101-4c65-b87f-d6d331528d5e
Edit: KB2475116 was published, please refer it for more details. http://support.microsoft.com/kb/2475116
=========
On a computer with Windows 7 SP1 installed, you develop and build your application that is using ADO for database access, you find the application doesn't run on the Windows XP, Windows Vista, Windows 7 without SP1. But it runs well on Windows 7 with SP1.
There is a by design change in ADO in Windows 7 SP1 that interfaces have new GUIDs.
The reason of this change is mentioned in KB983246(http://support.microsoft.com/kb/983246):
"Some ADO APIs are platform dependent in ADO 2.7 and later versions. On 64-bit versions of Windows, these ADO APIs process arguments by using a 64-bit data type (such as the LONGLONG data type). However, applications that use these APIs still use the LONG data type. Therefore, you receive a "Type Mismatch" error message when you try to run the macro."
The interfaces with new GUIDs (in Windows 7 SP1) don't have such issue.
This change causes a break that if your application is re-compiled on Windows 7 SP1 and it uses early binding to ADO, it probably doesn't work on down-level OSes, such as Windows 7 RTM, Vista, etc. Please note that this break only happens when the application is re-compiled. Existing applications should run on Windows 7 SP1 without any problems.
Solution:
========
If you have to re-compile your application on SP1, there are several solutions:
Edit: please refer to the knowledge base article kb2517589
http://support.microsoft.com/kb/2517589
Recently, some customers could not add additional delegates after applying Outlook Update 913807. If they try to add a delegate in Outlook, the following error message appears: "The delegate settings were not saved correctly. Unable to activate send-on-behalf-of list. You do not have sufficient permission to perform this operation on this object". Removing update 913807 solves this problem. However it is not recommended as new update package will include this update.
The better solution for this issue is to add the "Write Personal Information" permission to the SELF account for the user trying to add the delegate.
1. Start Active Directory Users and Computers (ADUC).
2. Click View -> Advanced Features
3. Locate the user's OU. In the right pane, Right Click the User who wants to add Delegate in Outlook and Click Properties.
4. On Security tab, Locate the SELF account and Set "Write Personal Information" to Allow
5. Click OK
Now, the user can add delegate properly. By the way, if you want to let userB help userA add delegate, besides "Full Mailbox Access", please don't forget to grant this "Write Personal Information" permission to userB.
Recently, you may fail to install Terminal licenses using the “Automatic” or “Web Browser” connection method and receive the error message below:
"The Licensing wizard encountered an error while installing the license key pack. Check your network connections, and then retry the operation. If the problem persists, try using a different connection method. Error code 0x1391"
This issue is caused due to Clearinghouse server communication issue. We have fixed the issue on July 24, 2006.
If you still encounter above error message, please contact our Clearinghouse to feedback the issue. It is really appreciated! You can also work with Clearinghouse to install Terminal licenses manually.
Please refer to the article below to get phone numbers of Clearinghouse.
HOW TO: Locate a Phone Number for the Microsoft Clearinghouse
http://support.microsoft.com/kb/291795/en-us
-End-
Author: Steven Xu
Back pressure is a system resource monitoring feature of the Exchange Transport service that exists on computers that are running Exchange Server 2007 that have the Hub Transport server role or Edge Transport server role installed.
When a monitored system resource, such has hard disk drive utilization or memory utilization, exceeds the specified threshold, the Exchange transport server stops accepting new connections and messages, and concentrates on delivering existing messages. This prevents the system resources from being completely overwhelmed and enables the Exchange server to deliver the existing messages. When the utilization of the monitored system resources returns to normal levels, the Exchange transport server accepts new connections and messages.
For each monitored system resource on a Hub Transport server or Edge Transport server, the three levels (Normal, Medium and High) of resource utilization are applied.
For example, by default, the message queue database is stored at <drive letter>:\Program Files\Microsoft\ExchangeServer\TransportRoles\data\Queue. By default, the high level of hard disk drive space utilization is calculated by using the following formula: 100*(hard disk drive size - 4 GB) / hard disk drive size. As the available free hard disk drive space decreases, the hard disk drive utilization increases. So, we require at least 4GB free space on the hard disk drive containing message queue database. Otherwise, the hard disk drive space utilization will reach the high level and Exchange stops accepting any new connections and messages.
People who are not aware of this new back pressure feature can be surprised when they find that the mail flow stops their servers.
For more information about and better understanding the back pressure feature, please view the Microsoft TechNet article at http://technet.microsoft.com/en-us/library/bb201658.aspx
- Installing a Self-Signed Certificate as a Trusted Root CA in Windows Vista
If your exchange server is using a self-signed certificate, using either Outlook or OWA to send or receive e-mail, you must install the certificate into the Trusted Root Certification Authorities store in order for RPC over Http to work. This article will explain this situation and how to install the self-signed certificate in Windows Vista.
1. Connect to your OWA site by going to https://host.domainname.com/exchange
You should see the screen above due to the fact that your self-signed cert is not trusted.
2. Choose "Continue to this website (not recommended)".
You should then be presented with your OWA logon page.
3. Click on "Certificate Error" beside the address bar and select view certificates.
If you do not see the Install Certificate option close IE7 and then right click on IE7 and choose run as administrator and load the page again.
4. Once you have the install certificate button available, select "Install Certificate".
5. This will launch the Certificate Import Wizard. Make sure to choose the option "Place all certificates in the following store" and select browse.
6. Select Trusted Root Certification Authorities and click Ok.
7. Click Finish on Completing the Certificate Import Wizard
8. Click yes on the security warning to install the certificate
9. If you want to verify the Certificate has been installed you can load the certificates snap in and you should see it under Certificates -Current User-Trusted Root Certification Authorities-Certificates.
Note:
(1) You can also copy it to the local computer's certificate store so it applies for all users that use the machine.
(2) You can create a group policy object and import this certificate into "Computer Settings\Windows Settings\Security Settings\Public Key Policies\Trusted Root Certification Authorities". Link the GPO at the domain level to have it apply to all computers in the organization.
A temporary user profile is issued each time an error condition prevents the user's profile from loading. Temporary profiles are deleted at the end of each session, and changes made by the user to their desktop settings and files are lost when the user logs off. On a Vista client computer, you may encounter profile issues if you log on with a user in the Guests group. This article will discuss this problem.
When you log on to a computer installed with Vista, you may encounter the following behavior:
• User profile being deleted on log off
• Desktop icons, files and other profile related items being not saved
• Getting a temporary profile each time you logon to either the standalone computer or domain
For instance, Right click on Computer and Select Properties, Select Advanced system settings under Control Panel > System, Under User Profiles select Settings, The Status for the profile will be Temporary
The prime reason of why this would happen is because the user is part of the local Guests or "Domain Guests" group. This affects administrators as well.
What we should do? Remove the user in question from the local Guests or "Domain guests" group and that should do it.
For local users:
1. Click Start
2. Right click Computer and Select Manage
3. Select Local Users and Groups > Groups
4. Double click Guests
5. Check if the user that is having the issue is a member of the Guests group
6. If so, remove the user from the Guests group
7. Log off the workstation and log back on
8. Verify the profile is now local
If the issue is happening on multiple machines for the same user in a domain, check the Domain Guests group:
1. Open “Active Directory Users and Computers” (dsa.msc)
2. Select the Users container
3. Double click “Domain Guests”
4. Select the Members tab
5. Check if the user that is having the issue is a member of the Domain Guests group
6. Repeated steps 2-5 with the "Guests" group
If the problem still exists and the user is not a member of the Guests or Domain Guests group, verify the user is not a member of a group which is a member of the Guests or Domain Guests groups. Furthermore, if the user is not member or not nested to be a member of Guests or Domain Guests, mostly, the original profile is corrupted, and please engage administrator to check.
Windows Server 2003 SP2 is a combination of security updates, functionality updates, and new features. SP2 contains the latest collection of updates to help improve the security, reliability, and performance of the following operating systems. As well as Windows Server 2003 SP1, it makes some significant changes to security including start up account for services, DCOM security and etc. Since Windows Server SP2 has stronger defaults and privilege reduction on services, it may result in some issues after installing Windows 2003 SP2.
Here we introduce a typical security related issue after installing SP2:
Windows 2003 SP2 uses Network Service account for the RPC service. Prior to SP2 and SP1, OS was using Local System account for the same. After installing SP2 for Windows Server 2003 services will not start that use the Network Service or Local Service account.
Have you ever encountered the following problem?
Why?
Remote Procedure Call (RPC) service has been changed from Local System account to Network Service account for better security. “Impersonate a client after authentication” right is required to include Administrators and the SERVICE group if the RPC Service runs as the Network Service account.
What can we do if meeting with the issue?
a. Open the Group Policy configuration window (gpedit.msc or open it in Active Directory Users and Computers).
b. Locate the policy entry: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Impersonate a client after authentication.
c. Ensure that the “Administrators” group and the “SERVICE” group is granted this privilege.
d. If the problem remains, correct the Access Control List for HKEY_CLASSES_ROOT\CLSID (and all child keys and values) to ensure NT Authority\Network Service can read. This can be accomplished by adding Authenticated Users or Users group and providing Read permissions.
Note: If the Add User or Group button is disabled and if the computer is a domain controller, use the Domain Controller Security Policy administrative tool to make the policy changes. This policy tool will override the local security policy settings. If this computer is a member server and the Add User or Group button is disabled, identify all Group Policy settings that apply to this computer, and then make the policy changes to the appropriate Group Policy settings.
e. In the Enter the object names to select box, type Administrators , and then click OK.
f. Repeat step d through e for the SERVICE group account.
g. Click OK to close the Impersonate a client after authentication Properties dialog box.
h. On the File menu, click Exit.
i. Restart the computer.
If you can add the Administrators group and SERVICE group accounts to the Impersonate a client after authentication policy setting, restart the computer.
These days, we are monitoring this issue:when one was developing a utility that monitors log files as they are updated.On 2003, opening the log file folder in explorer, you can see the timestamp and files size change before your eyes each time the log is updated.On 2008, "Last Modified" field on log files is not updated unless another program attempts to open the file or the utility is stopped, even if F5 is pressed to refresh the view.Explorer gets is information from NTFS, by using a cmd prompt and "dir" we found that the NTFS metadata for the files is not updated until the handle to a file is closed.Refreshing the information of a FOLDER is just going to go to the (memory resident) metadata cached by NTFS, but querying the file explicitly will force disk I/O to get the properties - this was a design change introduced in Vista to reduce unnecessary disk I/O to improve performanceThere are some exceptions to this rule:- in some, but not all, cases a simple "dir filename" is enough to refresh the metadata- "special" folders may be treated differently, such as user profiles where we do not expect a large number of files and want to be able to rely on the file data presented- kernel filter drivers may change the behaviour as by design they "add, remove or change functionality of other drivers"As the workaround is for any process to open and close a handle to the log files, a tool was written to do exactly that, plus get the file information, using the following APIs:CreateFileGetFileInformationByHandleCloseHandleReference:http://social.technet.microsoft.com/Forums/en-US/winservergen/Thread/2B8BACA2-9C1B-4D80-80ED-87A3D6B1336F
When installing Windows 7 Service Pack 1 (SP1), you could possibly encounter errors 0x800f0a13, 0x80070003 or 0x800f0826.
The CBS logs is like below:
2011-02-23 08:32:18, Info CBS SPI: System falls between the SRCleanMin and SRPreserveMin bounds. All VSS snapshots will be deleted 2011-02-23 08:32:18, Error CBS SPI: (PerformSPInstallation:709)Failed SPC Lite UI hr=0x800f0a132011-02-23 08:32:18, Error CBS SPI: (wmain:1105)Failed to perform SP installation hr=0x800f0a13
Or
2010-11-07 13:09:52, Info CBS DriverUpdateUninstallUpdates failed [HRESULT = 0x80070003 - ERROR_PATH_NOT_FOUND]2010-11-07 13:09:52, Error CBS Doqe: Failed uninstalling driver updates [HRESULT = 0x80070003 - ERROR_PATH_NOT_FOUND]2010-11-07 13:09:52, Info CBS Perf: Doqe: Uninstall ended.2010-11-07 13:09:52, Info CBS Failed uninstalling driver updates [HRESULT = 0x80070003 - ERROR_PATH_NOT_FOUND]2010-11-07 13:09:52, Error CBS Shtd: Failed while processing non-critical driver operations queue. [HRESULT = 0x80070003 - ERROR_PATH_NOT_FOUND]2010-11-07 13:09:52, Info CBS Shtd: Rolling back KTM, because drivers failed.
This is similar to the issue that we posted 4 monthes ago:
http://blogs.technet.com/b/asiasupp/archive/2010/11/23/win7-sp1-rc-install-failed-error-path-not-found-if-missing-certain-built-in-rtm-driver.aspx
In most of cases, this issue is because the 3rd party driver clean software ( like DriverCleanerDotNet or Driver Sweeper utility from Phyxion ) was installed, and it made some changes to the system image.
Please follow the below steps to resolve it:
1. Run CheckSUR(KB947821).
http://support.microsoft.com/kb/947821
2. Follow the steps from Phyxion on properly restoring the drivers: http://forum.phyxion.net/viewtopic.php?id=17
3. Mount your Windows installation media to a folder
Extract and replace the %SystemRoot%\System32\DriverStore\FileRepository with the following folders:atiilhag.inf_amd64_*atiriol6.inf_amd64_*nv_lh.inf_amd64_*
Extract and replace the %SystemRoot%\winsxs with the following folders (x64):amd64_atiilhag.inf.resources_*amd64_atiilhag.inf_*amd64_atiriol6.inf_*amd64_nv_lh.inf.resources_*amd64_nv_lh.inf_*
Extract and replace %SystemRoot%\winsxs\Manifests with the following files:amd64_atiilhag.inf-languagepack_*.manifestamd64_atiilhag.inf.resources_*.manifestamd64_atiilhag.inf_*.manifestamd64_atiriol6.inf_*.manifestamd64_nv_lh.inf-languagepack_*.manifestamd64_nv_lh.inf.resources_*.manifestamd64_nv_lh.inf_*.manifest
Note: these are the 64-bit version of the files. For the 32-bit version look for the x86 files. You also need to replace the permisions on above mentioned files and folders to be able to replace them.
4. Perform an inplace upgrade of Windows
Recently some customers reported then got event 315 with error 2114 on every system startup. The printers and the system both work fine. The only problem is the event with error when the system starts up each time.
The detailed log is similar as following:
Log Name: Microsoft-Windows-PrintService/AdminSource: Microsoft-Windows-PrintServiceDate: 6/10/2011 4:47:13 PMEvent ID: 315Task Category: Sharing a printerLevel: ErrorKeywords: Classic Spooler Event,PrinterUser: SYSTEMComputer: BobbyC-PCDescription:The print spooler failed to share printer HP Photosmart C7200 series BT with shared resource name HP Photosmart C7200 series. Error 2114. The printer cannot be used by others on the network.Event Xml:< Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-PrintService" Guid="{747EF6FD-E535-4D16-B510-42C90F6873A1}" /> <EventID>315</EventID> <Version>0</Version> <Level>2</Level> <Task>30</Task> <Opcode>12</Opcode> <Keywords>0x8000000000000820</Keywords> <TimeCreated SystemTime="2011-06-10T20:47:13.118441500Z" /> <EventRecordID>12</EventRecordID> <Correlation /> <Execution ProcessID="1612" ThreadID="1568" /> <Channel>Microsoft-Windows-PrintService/Admin</Channel> <Computer>BobbyC-PC</Computer> <Security UserID="S-1-5-18" /> </System> <UserData> <ShareFailed xmlns:auto-ns3="http://schemas.microsoft.com/win/2004/08/events" xmlns="http://manifests.microsoft.com/win/2005/08/windows/printing/spooler/core/events"> <Param1>2114</Param1> <Param2>HP Photosmart C7200 series BT</Param2> <Param3>HP Photosmart C7200 series</Param3> </ShareFailed> </UserData>< /Event>
Root cause:
The spooler just uses the Server Service for sharing the printers. If the server service has not fully initialized when the spooler initializes and wants to share the printers, the error will be logged.
Resolution:
Check the server service and make sure there are no dependent services that have been changed from default settings.
In addition, make sure the printer driver is up to date.
I know that Lexmark has used DCOM in the past for monitor software and had issues. If you have a bunch of Lexmark devices, I'd check for DCOM errors (no clue if these are in the System event logs any more) and also verify if the Lexmark devices are using monitor software.
Some people reported got an error message when he using his computer: Display driver stopped responding and has recovered.
Sometimes, when this error message comes out, the computer will get hang for some minutes and then BSOD or reboots.Resolution:
It appears to be a graphic card driver issue, anyway. Vista and Win7 use a feature called TDR. TDR baically gives the GPU 2 seconds to process what it is doing and display it on your monitor. If it fails to do so in 2 seconds you get the cool flash on the screen and the dreaded error message. In some cases, the situation get relief by giving TDR more time by setting registry value1. Open REGEDIT2. Using Windows 7, go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\GraphicsDrivers3. Once there you will most likely have to create a new DWORD (32bit users) or QWORD (64bit users). Name it TdrDelay.4. Once created, change the value to 8. This will allow the GPU 8 seconds to respond instead of 2 seconds.More registry key explanations are here:http://www.microsoft.com/whdc/device/display/wddm_timeout.mspx Some customers fix the issue through they own ways, Below are the ways they use:1. Go to BIOS and set the CPU from 200hz to 180hz.2. Upgrade nforce motherboard driver.3. Upgrade NVIDIA driver to latest beta build.4. Change graphics card and maybe power supply.
http://social.technet.microsoft.com/Forums/en/w7itproinstall/thread/0cd5ec8b-df03-4560-952b-8c7d10e67241
http://social.technet.microsoft.com/Forums/en-US/w7itproinstall/thread/96c0c0f2-9772-424e-9632-fc7315905eb5
http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/display-driver-stopped-responding-and-has/4e8ed22d-fe52-4321-b83c-3ecd6650f91d
Last week, a large amount of customers complained they were getting the following pop up message almost in every single website using IE: xd_proxy[1].css Then a notepad opens up with the following information: .app_content_51546247891 a.uiLinkSubtle { display: none; }.app_content_51546247891 a.UIImageBlock_ICON_Image { display: none; } #bootloader_Zvucx { height: 42px; }
Last week, a large amount of customers complained they were getting the following pop up message almost in every single website using IE:
xd_proxy[1].css
Then a notepad opens up with the following information:
.app_content_51546247891 a.uiLinkSubtle { display: none; }.app_content_51546247891 a.UIImageBlock_ICON_Image { display: none; }
#bootloader_Zvucx { height: 42px; }
After further investigation, it was proved to be a facebook script issue. This error was also ovbsered in Firefox, Safari and Chrome, not just IE.
You can refer to http://bugs.developers.facebook.net/show_bug.cgi?id=14971
It seems to affect every single website that uses social plugins for Facebook.
Deleting cache and cookie of the web browser. Steps for IE:
1. From Internet Explorer menu bar, select Tools\Internet Options.2. From the General Tab select "Delete" found in the Browsing History section.3. Click "Delete Files" , click yes to confirm.4. Click "Delete Cookies", click yes to confirm.5. Click "Delete Passwords", click yes to confirm.6. Click Close7. Click OK.
Here are several issues with Remote Server Administration Tools and Windows 7 SP1.
(1) You can not install RSAT on Windows 7 SP1 (http://support.microsoft.com/kb/2517239/en-us).
After installing windows7 service pack 1, remote server administration update tool cannot install on the machine.
The error massage is “this update is not applicable to your computer”.here is the repro steps if you are interested to test1. On a Windows 7 machine, install SP1.2. Try to install Remote Server Administration Tools (RSAT).3. The error message “this update is not applicable to your computer” will appear.Workaround:
Uninstall SP1, install RSAT and then apply SP1 again.
RSAT tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en)
http://social.technet.microsoft.com/Forums/en/w7itproappcompat/thread/ef1b47e4-85f0-4124-b065-f80461c9e250
http://social.technet.microsoft.com/Forums/en/w7itproSP/thread/0d763f12-30f8-4d13-8534-315d5c34dd0d
http://social.technet.microsoft.com/Forums/en-US/w7itproSP/thread/12d1e8a5-7e43-4ba6-82aa-20b6884128e5
http://social.technet.microsoft.com/Forums/bg-BG/w7itproSP/thread/9d448ef8-ff9a-4917-8476-fd81073b88f7
(2) 0x800f081f when you install Win7 SP1.
When you attempt to install the standalone package for Service Pack 1 for Windows 7/2008 R2, you might get the following error:
0x800f081f <--This maps to CBS_E_SOURCE_MISSING
You'll be prompted to run the CheckSUR utility and running that utility will not resolve the issue.
This may be due to a pre-release version of the RSAT tools being installed on the system. To alleviate this failure, do the following:
1. Uninstall the pre-release RSAT tools
2. Reboot the system
3. Install the release version of the RSAT tools (http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en)
4. Reinstall SP1.
Edit:
The Remote Server Administration Toolkit update to support Windows 7 Service Pack 1 has released. Come and get it:
www.microsoft.com/.../details.aspx
This is a user profile issue.
Some clients log on with temporary profile with error “User Profile Service failed the logon. User profile cannot be loaded”. Event id 1509 can be found in the application event log. The detail of the event id 1509 is something like below:
EventID 1509:Windows cannot copy file \\server\stuprofiles$\mandatory\usstudent.V2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1240I065\rerB_DjUStFFe16SFEk84lWs2Osh6fwMPJxC1rA8Qwo3EktjoDVd_D0iWDKfepWLE.u7QlPbk.LXlOspXArg7uJna_L8I4Pwi6RfmQLZSAeLvyy0aLgws4xxKwEDnFCvly9zCn9yGMH5Tmf1_yA2fnT[1].M- to location C:\Users\usstudent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1240I065\rerB_DjUStFFe16SFEk84lWs2Osh6fwMPJxC1rA8Qwo3EktjoDVd_D0iWDKfepWLE.u7QlPbk.LXlOspXArg7uJna_L8I4Pwi6RfmQLZSAeLvyy0aLgws4xxKwEDnFCvly9zCn9yGMH5Tmf1_yA2fnT[1].M-. This error may be caused by network problems or insufficient security rights.DETAIL - The filename or extension is too long.
This can happen if the destination path of the users profile is on a server with a long server and sharename, e.g. \\servername\thisistheprofileshare As the file is stored locally on "c:\users\username" the filename for copying to the destination will increase when this prefix is changed to "\\servername\thisistheprofileshare\" leading to a pathname longaer than the supported 260 chars.
We found several resolutions, choose one of them will fix this issue:
1. You can use the " Empty Temporary Internet Files folder when browser is closed " option in Internet Explorer to delete all cached Internet files when a user quits Internet Explorer. This option does not delete cookie information. Cookie information (which is usually small) is copied when the profile is saved. To use this option, follow these steps: In Internet Explorer, click Internet Options on the View (or Tools) menu. Click the Advanced tab. Under Security, click the "Delete saved pages when browser closed" or "Empty Temporary Internet Files folder when browser is closed" check box to select it. Click OK. 2. Create a script to delete the file under temporary files . Here is the script belowstrFolder = "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5"Set objFSO = CreateObject("Scripting.FileSystemObject")Set objFolders = objFSO.GetFolder(strFolder) FRecurse objFolders DRecurse objFoldersSub FRecurse(ByRef objFolders) Set objSubFolders = objFolders.SubFolders Set objFiles = objFolders.Files For each File in objFiles If LCase(File.Name) = "index.dat" Then Else File.Delete End If Next For each Folder in objSubFolders FRecurse Folder Next Set objSubFolders = Nothing Set objFiles = NothingEnd Sub Sub DRecurse(ByRef objFolders) Set objSubFolders = objFolders.SubFolders Set objFiles = objFolders.Files For each Folder in objSubFolders Folder.Delete Next Set objSubFolders = Nothing Set objFiles = NothingEnd SubYou can also integrate this with task scheduler to run it regularly and ensure you web client cache is flushed regularly.3. Enable GPO "Deleted cached copies of roaming profiles"
3/7/2011,edit:
Starting January, 2011, the customers reported some of users with roaming profiles having trouble logging onto their XP machines. When a user tries to log in they get an error message stating:
"Windows cannot copy file C:\Documents and Settings\username\Cookies\filename.txt to location \\servername\profiles$\username\Cookies\filename.txt. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied"
Windows then logs the user in with a temp local profile and the user's settings from the roaming profile does not get loaded.
Analysis:=========Looks like this problem caused by Macfee according to the post https://community.mcafee.com/thread/31975 Solution:=========First, please check if you have the latest 5.2.1 version of the McAfee software. As this issue is being resolved for a lot of Customers using the new version.If you are still facing the issue, please follow the below step.Disable the cookie scanning from the registry : HK_Local_machine\software\Mcafee\SystemCore\VSCore\On Acess Scanner\Mchield\Configuration . The Dword is “ScanCookies” , the default value is “ 1” , change it to “0”
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c3049278-98de-4490-81b0-069cb9b511eahttp://social.technet.microsoft.com/Forums/en-US/winservergen/thread/1573a61c-935f-4ca8-bd64-802817c1a233
When we connect Outlook 2007 to Exchange Server, we may receive a variety of errors due to there being no default gateway set on the machine. Please refer to the following article for how to work around this issue.
Error messages when you try to connect Outlook 2007 to Exchange Server: "The action cannot be completed" or "Your Microsoft Exchange Server is unavailable" or "Cannot start Microsoft Office Outlook"
http://support.microsoft.com/kb/913843/en-us
NOTE: Based on our analysis, this issue always occurs when a user tries to connect at home via RPC over HTTP. Since home PC's ISP may not have default gateway set.
Recently we found several threads that customers reported windows server backup failed with error “the version does not support this version of the file format”.
You try to backup the files and folders on a windows server 2008 R2 system, the backup target is a share folder created in a storage drive on NAS device running Linux system. After starting the backup and taking several minutes, error message will appear “the backup of volume xxx could not be completed, Error: the version does not support this version of the file format.” The backup operation stopped before completing.
Before clarify the root cause of this problem, we should first let you know a background of windows server backup
Background: The windows backup will have problems with sparse file only in case of "File Level (Selected file/folders in a volume)" backup. For "Block Level (full volume)" backup the sparse file is not a problem and the backup/recovery would succeed. This is because for Block Level Backup the .vhd file is never mounted whereas for File Level Backup the .vhd is mounted which does not support mounting of sparse file.
Thus, we can easily get the root cause
The failure happens while the .VHD file created by Windows Backup is mounted during backup.
The .VHD file is created as a sparse file and this is not supported by the native VHD driver and hence mounting of the .VHD failed.
After some investigation, we found that the "strict allocate = yes" option of Samba will force it to not have UNIX style behavior of creating sparse file. Solution is adding "strict allocate = yes" to the smb.conf and restarting the Samba.
You can get more information about smb.conf configuration on the following link
http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
Windows XP and Windows Server 2003 provide many enhancements in the area of data protection— especially Encrypting File System (EFS). This article provides some common issues and file recovery practices to prevent encrypted files being inaccessible.
We often encounter problems when accessing encrypted files. For example, not able to access the data and getting permissions denied. To prevent EFS related issues, it is necessary to be aware of some common problems before you make any changes to an EFS environment.
Here we first list some common issues when trying to access an encrypted file:
a. Cannot access files after disjoining or joining a domain
When joining a computer to a domain that has EFS encrypted files, move keys from local account profile to new domain account profile for EFS access.
b. Cannot decrypt EFS files after resetting a password
Change the user’s password back to what it was before the reset.
c. Cannot access remote EFS encrypted files from Windows 9x or Windows NT 4.0 clients
By design the server blocks Pre-windows 2000 machines from opening a remote encrypted file.
d. Access Denied error attempting to access EFS encrypted files
Locate the private key for the appropriate certificate and import it onto this computer using the Certificates snap-in. We recommend that you back up the recovery certificate (*.CER) and the private key files (*.PFX) to a safe location.
In addition, before we implement EFS, it is necessary to designate other users or recovery agents in case there are problems with the original user who encrypt the file. The following users can access the encrypted file.
1. The original user who encrypts the file
2. Users being added to give cryptographic access to that file.
Cryptographic access means the users are able to decrypt and encrypt the file, as well as add and remove other users. To add users to a file gives them cryptographic access to that file:
e. Right click on the folder or file, click Properties
f. Click Advanced. Click to check “Encrypt contents to secure data”
g. Click on the Details button brings up the Encryption Details dialog.
h. Add users to transparently access the file
3. Recovery Agents.
The Recovery Agent is optional on Windows XP Professional and Windows Server 2003 in order to provide organizations with greater flexibility in implementing data recovery strategies. The domain Administrator is the default recovery agent. To assign a Data Recovery Agent:
i. Logon to a computer with the account that you are going to be using for the EFS recovery agent.
j. Run MMC.exe and load Certificates for the current User.
k. Right click on the Personal Store. Click All Tasks, click Request New Certificate…
l. Chose the Recovery agent Certificate
m. Once you have the Recovery agent Cert. Export the Cert (without the private key to a .Cer file)
n. Copy the Cert to a DC
o. Open Active Directory Users and Computers. Edit your Default Domain Policy
p. Under Computer Configuration\Windows Settings Security Settings\Public Key Policies
q. Right Click on Encrypting File System and click on Add a recovery agent
r. Choose Folders. Browse to the .CER file and finish the wizard.
s. This will add the Recovery agent to all machines once Group Policy processing is done
The next time a new file is encrypted it will add the recovery agent to that file.
To recover an encrypted file or folder if you are a designated recovery agent:
a. Use Backup or another backup tool to restore a user's backup version of the encrypted file or folder to the computer where your file recovery certificate and recovery key are located.
b. Open Windows Explorer.
c. Right-click the file or folder and then click Properties.
d. On the General tab, click Advanced.
e. Clear the Encrypt contents to secure data check box.
f. Make a backup version of the decrypted file or folder and return the backup version to the user.
Sometimes, we may want to grant an add-in (custom add-in) or a program (Access, Excel) the permission to access Outlook's data and send email via Outlook. By default, Outlook will prompt a security warning to let the user confirm it is not a virus or any malicious code. We can perform the following steps to use Outlook E-mail Security Administrative Package so that Outlook trusts add-ins or other programs. (For example, the code which access Outlook's data or send email via Outlook is in sendmail.dll)
1. in ESM, Locate Folders -> Public Folders
2. Right Click Public Folders -> Click New -> Public Folder
3. Use the name "Outlook Security Settings" and Click OK
4. Right Click "Outlook Security Settings" and Click Properties -> On Permissions tab, Click Client Permissions -> Make sure "Default" and "Anonymous" has "Reviewer" role at least and your account has owner role and Click OK
5. Download ADMPACK.EXE from http://www.microsoft.com/downloads/details.aspx?FamilyID=15673dc4-2406-4946-aa02-8a8b0e0165b0&DisplayLang=en
6. Run it and it will extract 4 files for you (comdlg32.ocx, hashctl.dll, OutlookSecurity.oft, readme.doc)
7. Copy comdlg32.ocx and hashctl.dll to C:\Windows\System32\
8. Click start -> Run… -> Type "regsvr32 hashctl.dll" (without quotation marks) and Click OK
9. Click start -> Run… -> Type "regsvr32 comdlg32.ocx" (without quotation marks) and Click OK
10. Start Outlook and log on to your Exchange mailbox
11. Double Click OutlookSecurity.oft to launch it
12. Choose "Outlook Security Settings" (under Public Folders) and Click OK
13. Click Tools -> Forms -> Publish Form
14. Select "Outlook Folders" in "Look In:" drop down box
15. Click Browse and Locate Public Folders -> Outlook Security Settings and Click OK
16. Type "Outlook Security Form" in both "Display name:" and "Form name:" box and Click Publish
17. Close the form and Click NO when it prompt for save changes
18. In Outlook, Click File -> New -> Choose Form…
19. Select "Outlook Folders" in "Look In:" drop down box
20. Click Browse and Locate Public Folders -> Outlook Security Settings and Click OK
21. Select "Outlook Security Form" and Click Open
22. On Trusted Code tab, Click Add…
23. Locate the "sendmail.dll" file (you can install the add-in or program on your machine in advance) and Click Open
24. Click Close and Click Yes when it prompt for save changes
Now, in your Exchange environment, the "sendmail.dll" file can access Outlook's data and send emails without the security warning. More information can be found in the readme.doc file included in ADMPACK.EXE.
A lot of Outlook issues are caused by various add-ins. So, disabling all add-ins is a useful step and should be the first step for Outlook troubleshooting.
Please note every add-in will be a subkey under the following subkeys.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins
HKEY_LOCAL_MACHINE\Software\Microsoft\Exchange\Client\Extensions
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Client\Extensions
So, to disable all add-ins thoroughly, we can follow the steps below.
1. Click start -> Run… -> Type "regedit" (without quotation mark) and Click OK
2. Locate the following subkey
3. Backup and Delete all subkeys under above subkey
4. Repeat step 1-3 for the remain 3 subkeys
Now, all add-ins are disabled. If the issue disappears, it means the root cause is a conflict between Outlook and some add-in. We can restore the registry back and delete them one by one to find out which one cause the issue.
From forum report, There seems to be large number of enterprise users encounters this issue.
You have a Windows 2008 DC. You create a Wired network policy using Windows 7 GPMC, and the “validate server certificate” option is unchecked. After the GPO is applied, the Windows XP, Vista and Server 2008 start having authentication failure. If you open the policy from a Windows Vista GPMC, and you will find the “validate server certificate” option is checked.
To solve this problem temporarily, you should follow one of the workarounds below:
Step to repro:
Edit: We have released a hotfix to resolve this issue. Please apply the following hotfix if you encounter the same issue:
http://support.microsoft.com/kb/2493933/en-us
Recently, we find an wallpaper setting issue on windows 7 and windows server 2008 R2.You want to set a picture on the computer as a background and it doesn't work. And you can only change it to a solid color.The following KB article was also tried, but the wallpaper never applied:The "Desktop Wallpaper" Group Policy setting is not applied in Windows 7 or in Windows Server 2008 R2http://support.microsoft.com/kb/977944 After some research, data collection and troubleshooting, we get a solution:Please follow the steps below to resolve it:1. Delete or rename the file %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg Ø Open an Explorer window.Ø Cick the left mouse button in the Address/Breadcrumbs box. It will change to a path.Ø Copy the path %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Themes and paste it in, replacing what's there. Hit enter.Ø Explorer will go to the location of the file TranscodedWallpaper.jpg.Ø Delete or rename the file TranscodedWallpaper.jpg..2. Apply the wallpaper again.In this way, wallpaper can successfully applied.Some reference from technet forum:http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/5b9e513a-d504-451d-a121-b4f94893d96dhttp://social.answers.microsoft.com/Forums/en-US/w7desktop/thread/8d350714-8b71-4d29-b8fe-0f67707ce36ehttp://social.answers.microsoft.com/Forums/en-US/w7desktop/thread/01494bc9-d184-4b64-9a93-4f0c7dd70d13http://social.technet.microsoft.com/Forums/en/w7itproui/thread/3cd96e23-a057-4bd1-97bd-ae0aada90325
Edit: We have released a Knowledge Base article for this issue, see details in http://support.microsoft.com/kb/2504610/en-us
When I review the forum threads, I found an interesting issue about offline files and pinned items.
Users may not be able to pin items to their taskbar or Start menu, or pinned items may disappear the next time the user logs in if desktop is redirected to a network file server and offline files are disabled.
But if offline files are enabled and re-login, the pinned items will re-appear on the task bar.
This occurs becuase Explorer needs permission to read from user shell folders when adding items to the taskbar. The SMB read permissions are more restrictive than NTFS read permissions, so Explorer is not able to access the folders and cannot load the pinned items.
To resolve this issue, set the share permissions to Read and Change or Full Control. The folder can be restricted to read only using file system (NTFS) permissions on the file server, but the share permissions must be at least Read and Change.
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/53a6a7f1-8fb6-47e8-bf8d-c1b03e8d4575/
http://social.technet.microsoft.com/Forums/en/w7itpronetworking/thread/3c60c3f6-6682-4ab4-9369-b3ecac62fcf2