Posts Tagged ‘Microsoft’

How to fix problems with automatic updates not installing hotfixes and service packs

Microsoft UpdatesSometimes the automatic updates service is interupted while updating the machine, this can result in updates with corrupted data that prevents the service from installing the updates correctly and failing the service. This means the machine will never get past the updates that are giving an error and continue to try and install over and over. This happens on just about any Windows machine that uses Automatic Updates, including Windows XP, Windows Vista, Windows Server 2003 and Windows Server 2008.

  • The error prevents the workstation or server in installing updates, roll up packs, hotfixes and service packs, both manually and automatically.
  • The error can also be that the Cryptographic service will not start correctly.
  • The event error message contains information like not able to verify integrity of update.inf and similair.
  • The error is in the verification of the update in Microsoft, this authentication is done with certificates by the Cryptographic service. 

The reason I am describing this error, is that it seems pretty normal, it can happen from servers being shutdown due to power failure, crashes, etc. It took me some while to find any good information on how to correct this error, or more correctly I found alot of information but little that helped.

Read the rest of this entry »

How to configure ISA 2006 with FBA for OWA and NTLM for Outlook Anywhere and Autodiscover in Exchange 2007

Configuration of Exchange 2007 with Outlook Web Access (OWA), Outlook Anywhere (OA), ActiveSync and Autodiscover can add grey hair to any system administrator or IT consultant. Then also trying to get different authentication schemes and ISA 2006 to play nice is not making it any easier.

Most Administrators have a wish to configure their environments used externally as securely as possible, including using SSL certificates with HTTPS instead of no encryption with HTTP, and using NTLM authentication instead of Basic authentication. But security is not everything, a userfriendly interface like Forms Based Authentication (FBA) is a must to avoid user iritation and support calls.

However getting FBA and NTLM to work together in ISA with Exchange 2007 can be quite scary, so lets go deeper and find out what we need to be aware of to get it working.

Read the rest of this entry »

How to place FSMO and Global Catalog roles in Active Directory

During installation of Active Directory on a Windows Server 2000/2003/2008 all FSMO roles will automatically be installed on the first server. But Best Practice dictates to move some of theese Flexible Single Master of Operation (FSMO) roles to seperate servers.

If you only have one domain controller (not recommended), there is nothing to do since all roles must be on this server, but if you have multiple servers you should move some of theese roles on to more servers. It is also important to be aware of what servers are Global Catalog servers, especially if you have more than one domain and even if only one domain, they will be prefered by applications like Exchange server.

Read the rest of this entry »

Windows Server 2008 DNS root hints are bugged – how to identify and fix

I recently had a problem at a customer, where Windows Server 2008 DNS, at times would not resolve requests for certain top level domains (Among others .CN, .BR, .DK and .CO.UK). The customer would experience the problem every 12-48 hours and fix it by restarting the DNS server service – not acceptable.

The problem is reproduceable and is limited to all Windows 2008 servers of all editions, including Small Business Server (SBS), where the DNS server uses root hints for internet resolution. Read the rest of this entry »

Microsoft Security Bulletin for October 2009

Next week will be busy, Microsoft is releasing several security updates.

“You hereby receive this month’s Advance Notification. Next week we are posting 13 security bulletins, of which 8 are critical. Rebooting is known to be necessary for 6 of this month’s bulletins.”

The full details of the updates can be viewed at http://www.microsoft.com/technet/security/bulletin/ms09-oct.mspx (corrected link to october – not september)

To subscribe to update information or see other updates go to http://www.microsoft.com/technet/security/current.aspx

Knowing what will be updated, before all the servers start downloading and installing can be quite helpfull to predict problems due to updates.