Category Archives: Windows Server Technologies

Error 1719. Windows Installer Service could not be accessed – error message when installing application

We had an issue with a Windows 2008R2 64Bit Server recently where we could not install Windows Updates or any other applications, we got the following error message in any relevant logs -“Windows Installer Service could not be accessed” error message when installing applications.

Looking at the Event Viewer Application logs showed the following error messages;

Event ID : 11719 – Error 1719

Event ID : 1023

This all pointed to the Windows Installer Service

I had a look around for other advice from people with the same issue and found some interesting steps to try.

I carried out a sfc /scannow

I de-registered and re-registered MSIEXEC;

%windir%\system32\msiexec.exe /unregister

and

%windir%\syswow64\msiexec.exe /unregister

I even changed

HKLM\System\CurrentControlSet\Services\MSIServer

to

C:\WINDOWS\SysWOW64\msiexec.exe /V

But still could not install.

I then thought I would try some more Registry tweaks and here is the disclaimer;

I take no responsibility for any damage caused by following any instructions in this blog post!

I exported the

HKLM\System\CurrentControlSet\Services\MSIServer

Reg key.

I also exported the same Reg Key from another (fully functional) Windows 2008 R2 64Bit Server, copied the reg file over and imported (double-clicked) it!

What do you know – Bob’s your uncle – it started working!

The main difference between the reg files was in the “RequiredPrivileges” key, I am not sure if this is the actual solution but I now have a working server again.

Hope this helps someone!

 

System Center DPM 2012 Problem – DPM AccessManager Service

Following on from my previous blog post;

http://www.kevin-burke.co.uk/windows-server-technologies/upgrading-system-center-dpm-2010-system-center-dpm-2012/

During the process of making all my replicas consistent something went wrong.

I don’t know as of yet what caused the issue but will investigate further later.

Basically the DPM Administrator Console suddenly shutdown and would not start back up, claiming the DPM Service was not running.

I checked my services and it was actually running however the DPM AccessManager service was stopped.

I checked the Windows System Logs in Event Viewer and found multiple instances of the following error;

Event ID:      7034

Description: The DPM AccessManager Service service terminated unexpectedly.  It has done this 7 time(s).

I searched around but could find no-one with a similar problem or more importantly a solution, I did stumble across a post on the Microsoft Website;

http://technet.microsoft.com/en-us/library/bb808877.aspx

Which mentioned the DpmSync command;

“DpmSync is a command-line tool that enables you to synchronize the DPM database with the state of the disks in the storage pool and with the installed protection agents. The DpmSync tool restores the DPM database, synchronizes the DPM database with the replicas in the storage pool, restores the Report database, and reallocates missing replicas. “

Using the DPM Management Shell, I ran the command;

dpmsync -sync

dpmsync

dpmsync

I then re-tried the DPM Administrator Console and all was good in the world again.

As I said I do not know what cause this problem but this procedure repaired the problem and I have had no issues since.

 

Upgrading System Center DPM 2010 to System Center DPM 2012

Here are the steps I took in upgrading System Center DPM 2010 to System Center DPM 2012.

I have tried to keep it as simple as possible with nice pictures to make the process easy to follow.

Continue Reading

Amazon Kindle Fire Running Windows 7 via Citrix VDI-in-a-Box

As a Proof of Concept, I wanted to deliver a Virtual Desktop Infrastructure (VDI) to a tablet based device, Kindle Fire was the ideal candidate.

I can only provide positive comments for the Kindle Fire, it does exactly what you would expect from an Amazon device. As long as you accept the limitations of the device; no Bluetooth, no GPS, no camera, no Android Marketplace, and accept that the device is incredible low priced you can only agree that this is an excellent example of what a tablet device should be.

Techradar.com reviewed the Kindle Fire here.

I have used the Citrix VDI-in-a-Box product on an old server we had available.

The server is Windows 2008R2 with the Hyper-V Role installed.

As far as the Citrix VDI-in-a-Box product is concerned, it was perfect for my needs. I had a Windows 7 Professional (VDI-in-a-Box 5.0 does not support dynamic memory so no need for Enterprise) template deployed in half a day containing all the relevant software, Office, Photoshop, Anti-Virus etc. I also included the Microsoft App-V client in the image to enable the deployment of Virtual Apps.

I then configured the Kindle Fire, installed the Citrix Receiver, connected to the VDI-in-a-Box portal address and that was basically “Job Done”

Kindle Fire - Google

Kindle Fire - Google

Kindle Fire - Win7 Start Menu

Kindle Fire - Win7 Start Menu

Kindle Fire - Close Up

Kindle Fire - Close Up

Kindle Fire
Kindle Fire

We have also tested the Citrix Receiver client on Mac OSX, Windows, Iphone and thin client, all with outstanding results.

I must admit this implementation is very exciting. The implications of a reasonably priced tablet device utilising a VDI can only make the case for BYOD stronger.

Also because of the cost involved this solution lends itself very easily to an educational environment.

Quickly Create Batch Files in Windows Server 2008R2 Core

I needed to quickly create batch files in Windows Server 2008R2 Core in order to carry out admin tasks on the server.

For instance to create a batch file to launch the Iscsi control panel type;

“echo start iscsicpl.exe >iscsi.bat”

The “echo” command echoes whatever follows it to the screen usually, however because we have the pipe “>” command it will be sent to the file “iscsi.bat”

this means that in future you can then simply type “iscsi” and you will have the iscsi contol panel launched.

This is particularly handy for programs such as the Broadcom Advanced Control Suite which is located in “c:\program files\broadcom\bacs\bacs.exe”

This takes me back to the good old DOS prompt days!

Hope this helps some of you!

 

Home Folder Shows As “Documents” Instead of Folder Name

We have a rather complex setup for sharing out user documents on our domain, this has thrown up a problem whereby the users Home Folder shows as “Documents” instead of folder name.

We have a heady mix of;

  • Mandatory User Profiles
  • Drive Mapped to User Home Directory
  • Folder Redirection for Documents

In Active Directory Users and Computers (ADUC) we have the profile path pointing to a mandatory profile on;

\\SERVER\SHARE\PROFILES\USERGROUP

(we have multiple mandatory profiles for different user groups)

Also we have the Home Folder set to connect an F: drive to;

\\SERVER\SHARE\SURNAME_INITIAL\USERNAME

(we split our users by Surname Initial to make it easier to manage)

ADUC User Properties

ADUC User Properties

Then through Group Policy we redirect the Documents folder to the Users Home Directory as defined in ADUC.

Group Policy Manager

Group Policy Manager

All was fine until we migrated all our users over to Windows 7.

This was when the problem of users Home Folder shows as “Documents” instead of folder name came about.

In Everyday use this is not a massive issue but it was slightly annoying. Especially if you need to find a users file quickly.

User Share

User Share

I searched around and found a few pointers;

  • Make desktop.ini file read only
  • Re-Direct the documents folder to a sub-folder
  • Programatically edit the desktop.ini file for all users

None of these fit with my situation, there was however a mention here on Edugeek of using File Server Resource Manager.

Here are the steps I followed;

In “File Server Resource Manager”

In “File Screening Management”

Under “File Screens”

Create a new File Screen for the physical drive on the file server where the user shares reside – in our case K:\

I created a new “File Group” in this case to block only desktop.ini files.

File Server Resource Manager

File Server Resource Manager

This then meant that no users can create new desktop.ini files.

However the old files were still there so to delete these files I turned to Powershell.

I prefer to use Windows Powershell ISE.

I used the get-childitem cmdlet to firstly list all the desktop.ini files.

get-childitem \\SERVER\SHARE\SURNAME_INITIAL\USERNAME -filter desktop.ini -force

The -filter option will display only the desktop.ini files

The -force option will display hidden files (I did wonder why I got no results initially!)

This should list all occurences of desktop.ini files.

I then piped the results into the remove-item cmdlet

get-childitem \\SERVER\SHARE\SURNAME_INITIAL\USERNAME -filter desktop.ini -force | foreach ($_) {remove-item $_.fullname -force -whatif}

Here the -force option will delete hidden and system files.

The -whatif option is very handy and just runs a “test” of the script and gives you an idea of what will happen.

Finally remove the -whatif and delete all desktop.ini files.

get-childitem \\SERVER\SHARE\SURNAME_INITIAL\USERNAME -filter desktop.ini -force | foreach ($_) {remove-item $_.fullname -force}

I then tested the setup by logging on as a user and the problem was resolved.

All is good in the hood!

 

 

 

All OUs in this domain should be protected from accidental deletion

Best Practice Analyzer on one of our Domain Controllers was reporting; “All OUs in this domain should be protected from accidental deletion.”

Using Active Directory Administrative Center right click and OU and select properties, on the Object Tab is a checkbox “Protect from accidental deletion”

Protect From Accidental Deletion

Protect From Accidental Deletion

You could also use Active Directory Users and Computers you can right click and OU and select properties, on the Object Tab is a checkbox “Protect object from accidental deletion”

However if like me your AD is complex with lots of OU’s you may want to do this a little bit quicker.

Enter Powershell!

Using “Active Directory Module for Windows PowerShell”

First check which OUs aren’t protected:

Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | ft

Then to protect them:
Get-ADOrganizationalUnit -filter * -Properties ProtectedFromAccidentalDeletion | where {$_.ProtectedFromAccidentalDeletion -eq $false} | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

Then rerun the first command to verify the change has been made, you should get no results.

You could then double check using Active Directory Administrative Center  or ADUC.

Disjoint Namespace – Netbios Domain Differs from DNS Domain Name

I administer a Windows 2008 R2 Active Directory Domain.

All was good, all worked OK.

Came to install Exchange 2010 and found the missing “Document” functionality (but I don’t like to talk about this!).

Made a decision to implement UAG 2010 with SSO for OWA along side File Access and access to Remote Apps (RDS).

Followed recommended guides for setting up UAG with SSO but was always prompted for Username and Password when accessing OWA.

Continue Reading