Like the 100′s of times before, you install Windows 2008 R2 on to a server , try activating it ,and get the error :-
0x8007232B – DNS name does not exist
then you remember to set the proxy settings.. you open internet explorer and change the proxy settings , you can now browse the internet, and try activation again
but this time it still fails… that’s not supposed to happen, as you can access the web. (also phone activation completely failed at this point too.)
This time it fails with code 0x8004FE2F
You find other blogs on the internet, which suggest that its your proxy settings that have not been set, and they are right but what they don’t tell you is specifically its Internet Explorer (64 bit) you need to set the proxy for. I had inadvertently set the IE (32 bit) settings previously.
Happy installations.
As part of a recent engagement I was asked to implement a solution to automatically export & archive System and Security logs from servers to a central location, the requirements were:
- Nightly time stamped archive of Security and System event logs to a central location
- Clear the local log once the archive has been successfully taken
I put together the following PowerShell script to achieve the above:
$locallocation = "c:logs"
$remotelocation = "\fileserverEventLogs"
$localmachine = $env:computername
$evtlgs = Get-WMIObject -Class Win32_NTEventLogFile -Computer $localmachine
foreach ($log in $evtlgs)
{
if ($log.LogFileName -eq "System" -or $log.LogFileName -eq "Security")
{
$timestamp = get-date -f yyyyMMddHHmmss
$path = $log.LogFileName + $timestamp
$store = $locallocation+$path+".evt"
$backup = ($log.backupeventlog($store)).ReturnValue
if($backup -eq 0)
{
$log.ClearEventLog() | out-null
}
move-item $locallocation* $remotelocation$localmachine
}
}
The above script is executed by a Scheduled Task (which on another note are brilliant on Server 2008), the lines you’re interested in are the top 2 lines which configure a local location to write the log out to and the remote location to move the log to once it has been written. I ran this script using a service account which has permission to write to the local and remote locations.
If you wanted a different selection of logs to be archived you would adjust the
if ($log.LogFileName -eq "System" -or $log.LogFileName -eq "Security")
line to suit your requirements.
In our requirement the logs had to be archived daily, this was simply achieved by configuring task scheduler to run once per day at the desired time, no code changes are required.
The requirement for only clearing the local log if the export was successful is met by checking the exit code form the backup, if this wasn’t 0 then the log wont be cleared.
We came across an issue today where the following two alerts were exceeding there thresholds “”The AD General Response is above the configured threshold” and “AD Op Master response is above the configured threshold”. The DC in question was a x64 windows 2008 machine and interestingly enough we had x86 DC in the same site which did not exhibiy any of the issues.

So we had a look at what version of oomads (AD Management Helper Objects) on the x64 DC only to find the x86 oomads installed , so we simply removed the x86 version and installed the x64 version of oomads and the alerts just disappeared
Daniel Davies
When trying to create a new distribution group through EMC you may receive the following error message at the end of the wizard:
Error:
Couldn’t find object "UserAccount". Please make sure that it was spelled correctly or specify a different object. Reason: The recipient UserAccount isn’t the expected type.
Exchange Management Shell command attempted:
new-DistributionGroup -Name ‘test’ -Type ‘Distribution’ –OrganizationalUnit ‘OU’ -SamAccountName ‘test’ -Alias ‘test’
The reason for this is that when creating a Distribution Group it tries to add the mailbox of the user creating it as the manager of the Distribution Group and usually the Admin account that creates the Distribution Groups will not be Mailbox enabled.
To get around this you can use the New-DistributionGroup cmdlet with the ManagedBy Parameter:
new-DistributionGroup -Name ‘test‘ -Type ‘Distribution’ –OrganizationalUnit ‘YourDomain/Distribution Groups’ -SamAccountName ‘test’ -Alias ‘test’ –ManagedBy ‘MailboxEnabledAccount’
We came across an issue recently where we were experiencing slow saving speeds in Microsoft office 2007 & 2010 to a Windows 2003 Sp2 File Server.
We experienced a saving dialogue box nearly every time we hit save from our windows 7 desktops.
Resolution
To resolve this issue we had to enable “QOS Packet Scheduler” on the windows 2003 File Server . After around 10 minutes of enabling this all our saving issues disappeared and transfer speeds increased
Daniel Davies
I recently needed to find out which memory slots where occupied on multiple machines. I found a command that allowed me to find this information without opening up a single computer case.
From a Command Prompt, run the following:
wmic MEMORYCHIP get banklabel, capacity, caption, devicelocator, partnumber
Hope you find this useful,
When trying to deploy a Windows 7 image from WDS I was confronted by the above error. The error occurred whilst trying to deploy different Windows 7 images to different computers and laptops.
After routing through log files and the internet I was starting to get a little frustrated. At this point I thought that I would try using the install.wim that comes on the Windows 7 CD to see what happens. Whilst browsing the sources folder on the CD I noticed the boot.wim file. Now, although I have never needed to add multiple boot.wim files for the assorted OS’ I already deploy off this WDS Server I thought I would add the boot.wim (right-click Boot Image in WDS and select ‘Add Boot Image’. I labelled the new boot.wim file to ‘Windows 7 Deploy’ on import and then chose this option when PXE booting the Laptop.
Hey presto, it now works without any errors.
Hopefully this will save someone the headache I received getting to this point.
Good luck
Neil
I recently hit a problem with CWA being published behind TMG, CWA was accessible internally from a terminal server but would throw the above error when login was attempted via TMG’s reverse proxy.
The solution (for me – there is a fair bit written about this involving SPNs which were not the issue in this case), was to enable anonymous authentication on the AuthMainCommandHandler.ashx file (within the /cwa directory) within IIS & all is well again, it is reported that this issue only occurs on Server 2008 & is an issue with the site creation wizard.
My colleague Simon also hit this issue publishing CWA behind UAG, so worth checking.
Any RMS protected content can only be consumed or created within the trust boundaries of the domain. It is sometimes desirable to be able to share protected content with other external parties (Partners etc) so what do you do then? Well there are a number of options available, of which the main three used are:
TUD – or Trusted User Domain is primarily used when a company with an RMS infrastructure wants to share protected content with another organization with their own RMS infrastructure. In order to do this a traditional Active Directory trust must first be in place, we can then export the SLC public key of the RMS cluster from the domain wanting to consume content and import it on the RMS cluster in the domain wanting to share content. This of course can be replicated both ways so that both sides can open RMS protected content from the other.
TPD – or Trusted Publishing Domain is usually used in one of two scenarios, one where an AD RMS cluster is being decommissioned and replaced. An example might be where forests are being merged and one cluster is taking over the functions of the others. The other scenario might be when a cluster has to issue licenses for content protected by clusters in another forest (can be used for cross forest RMS protected content exchange) To implement this trust you must export the private key of the cluster you are wanting to consolidate and import it into the TPD section of the remaining AD RMS cluster, this is so use licenses can still be acquired for content protected by the decommissioned cluster.
AD FS support for AD RMS – This is an extremely good feature for collaboration with multiple forests where partners do not have their own AD RMS infrastructure or even don’t have directories based on AD. To implement this solution AD FS must be configured and a federation trust must be in place. You then in AD FS usually create a new claims aware application entry for AD RMS certification URL, you can then define which claims to accept (for AD RMS this is UPN then email) you then do the same for the licensing URL. You must also make sure to add the server role for AD RMS Identity Federation Support and enable federated identity support in the AD RMS console. There are some registry key changes that have to be made on the trusted domain machines (the side without AD RMS) so that the home realm discover works correctly but this can be done via GPO’s*. You will then be able to send and receive RMS protected content from this entity even though they do not have AD RMS implemented!
- *Registry Key – HKLM/Software/Microsoft/
- Create registry key: MSDRM
- Under this create another registry key: Federation
- Under this add a string value named: FederationHomeRealm
- with a value of: urn:federation:YourDomain.com
So as you can see there are many options for expanding your RMS protection outside the boundaries of your domain or forest. Hope you find this useful!
Just a quick PowerShell script to show you tapes that are offsite ready in your tape library. If you save the below into notepad and save it as a PS1 file then run from DPM management shell this should work with no errors
$AllLibraries = get-dpmlibrary -dpmservername servername
$AllTapes = Get-Tape -DPMLibrary $AllLibraries
$outfile = “c:DPMScriptsOffsite-Ready-Tapes.txt”
“DPM Offsite Ready Tapes” | out-file $outfile
$AllTapes |sort-object location | Where-Object {$_.isoffsiteready} | format-table location, barcode ,isoffsiteready | out-file -append C:dpmscriptsOffsite-Ready-Tapes.txt
This PowerShell will output the information needed to a text file in the following location “C:dpmscriptsOffsite-Ready-Tapes.txt “ which will look like below
DPM Offsite Ready Tapes
Location Barcode IsOffsiteReady
——– ——- ————–
Slot 1 AIS783L3 True
Slot 2 YB2417L3 True
Daniel Davies