Category: Windows

Posted on

Disable the Windows Firewall on an SBS domain when it is locked with group policy.

I needed to turn a firewall off as someone was installing an application that used web services and they were having issues. I thought NP and hoped onto the server on a domain admin account and disabled the firewalls the way I would on any other machine using command line:

netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state on

You need to run the command line / powershell as administrator for this to work.

I checked the firewall and found the firewall was off for everything but the domain networks and it was greyed out so I couldn’t turn it off. Interesting. So I figured I’d need to change some policy somewhere.

To fix this you need to change your policy settings by going to the group policy manager by finding the “Windows SBS Client Policy” (I did this on the domain controller server / SBS server)

Right click and select edit. Once open find:
Computer Configuration -> Policies -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> Protect All Network connections
By default this is set to enabled. Setting to disabled will turn it off, setting to not configured allows administrators to enable or disable the firewall on the PC



Last thing, it can take up to an hour and a half for policy changes to be applied to workstations\additional servers. You might want to force this to happen right away.
Use the following command line, on the workstation\server you want to disable the firewall on:
gpupdate /force

And like magic the firewall will be off. Just be careful though as you will turn the firewall off on every machine connected to the domain if you aren’t careful.

Posted on

SharePoint Update Causes Event log Errors

On installing a new server and all the updates the following was found throughout he Application event logs.

The mount operation for the gatherer application has failed because the schema version of the search administration database is less than the minimum backwards compatibility schema version supported for this gatherer application. The database might not have been upgraded.

It appears that one of the updated required some manual intervention. The link below details what you need to do.

http://blogs.technet.com/b/sbs/archive/2011/07/06/potential-issues-after-installing-sharepoint-foundation-2010-sp1.aspx

On doing this I started getting errors in the System Event log:
The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B15C0E47-C391-45B9-95C8-EB596C853F3A}
and APPID
{35B4B29E-0A6B-4ED7-B0A1-117BF912F497}
to the user BWEB\spsearch SID (S-1-5-21-26759078-436902130-1702569824-1161) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

This turns out to be related to permission for the “Storage Reports Service”.

Change Component Service Owner and Permission

In the DCOM Config dialog box, you noticed that the settings are grayed out. In order to enable those settings, perform the following registry modification.
1.Open Registry Editor by typing “regedit.exe” in Start > Run.
2.Navigate and select the key “[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{35B4B29E-0A6B-4ED7-B0A1-117BF912F497}]”
3.Right click and select Permissions.
4.In the popup windows, click Advanced.
5.In the Advanced Security Settings windows, select Owner tab and change the owner to Administrators. Click OK to close the window.
6.In the Permissions screen, select Administrators and check Full Control. Click OK to close the screen.
7.Close the registry editor.

In order to change the permission settings, perform the following steps.
1.Open Component Service by clicking Start > Administrative Tools > Component Services.
2.Navigate and expand the node Component Services > Computers > My Computer > DCOM Config.
3.Right Click the sub node “35B4B29E-0A6B-4ED7-B0A1-117BF912F497” or “Storage Reports Service” and select “Properties”.
4.On the Properties dialog box, select Security tab.
5.In the Launch and Activation Permissions section in Security tab, select Customize option and click Edit.
6.In the popup window, add the farm admin user account and check Local Launch and Local Activation permissions. The screen should look like this.

All should be well again.

Posted on

WCF Data Services – Debugging

I have been building some data services that are used to connect too Oracle data sources. Everything worked fine within VS 2010 but on pushing my service to IIS locally and remotely I was getting error 500’s. I managed to solve the issues locally without to much trouble but on the remote server I really couldn’t for the life of me see what was going on. By default there was really very little in the way of debugging information.

ISSUE 1:

My First issue was error 500’s with no real logging. To find out what is happening here I used tracing. If you add the following to your web.config you will get some nice trace information:

<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="traceListener"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData= "c:\log\Traces.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>

MS info on this can be found here:

http://msdn.microsoft.com/en-us/library/ms733025.aspx

Then use the trace tool to look at the results:

http://msdn.microsoft.com/en-us/library/ms732023.aspx

ISSUE 2:

I was running Windows Server 2008 64bit but the data source from Oracle for odata only appears to be available in 32bit and that is what I installed. I was getting an error 500. To fix this you need to set your App Pool to support 32bit executables. To enable this in IIS right click your app pool and under “Advanced Settings” set Enable 32-Big Applications to True. This fixed my error 500.

ISSUE 3:

I was calling my WCF Data Service and getting a NotSupportedException with an InnerException of “An error occured while processing this request” there was no other information provided. I had no idea why this was happening, I needed to know more! After a lot of searching the net I found this setting:

public static void InitializeService(DataServiceConfiguration config)
{
config.UseVerboseErrors = true;
}

Building and deploying with this enabled gave me a nice error with the inner exception exposed.

ISSUE 4;

ORA-12154: TNS:could not resolve the connect identifier specified

This doesn’t seem like much, and there are HEAPS of articles where it pops up but nothing I could find told me how to fix it. Until I came across this:
ORA-12154: TNS:could not resolve the connect identifier specified

It basically says copy your data connection configurations to your client folder. When I installed the VS Compoents and the Odata/Asp.net client it created a new home directory and the configurations files were not getting picked up from the server home. I copied these and everything started to work!
NOTE: I needed to restart Oracle and IIS for these new settings to take effect.

Posted on

Pop3 mail connector email size limit on SBS 2008 and Exchange 2007

I have been doing some networky type guf lately and on moving all our mail onto a local exchange server I discovered a wonderful little feature where you can connect to pop accounts to grab email and feed it into Exchange accounts. This is great because a few of the users in the office have historical email accounts and this makes checking them pretty much transparent to them.

The only issue is that after a few days I found I was getting errors relating to email size. See the following:

Event 210, which is just a oversized email error pretty much.

It didn’t take too long to find out how to fix this. It is simply related to the email size defaults on SBS2008. The default email size for SBS2008 is 10MB. Use the following command in the exchange shell you can see what your max sizes are:

get-receiveconnector | select identity,maxmessagesize

The screenshot below shows my current results:

The next step is to increase these limits, I have obviously already done so here. The following command will do just that:

set-receiveconnector "<identy>" -maxmessagesize 20MB
Obviously you can make them whatever size you want. I increased them all, but for the pop account issue you onlye really need to increase the “Windows SBS Fax Sharepoint Receive <server name>” one.

Posted on

Web Performance Tests – VS 2010 Crashing – Webtest Results Viewer

I’ve been doing a bit of work on Automated testing at work lately. As part of this I have been writing some custom web test plugins for creating data on the fly. Some pretty cool stuff can be done with these things.

Only issue is that I was getting some really annoying crashes. I couldn’t figure out what it was since it would crash VS with no errors. Turns out there is a bug in the webtest results viewer integrated into devenv.exe, this can crash when the very useful and seemingly innocent WebTest instance method AddCommentToResult() is used.

On the positive side it appears that this is fixed in VS 2010 SP1 – Link below
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=75568aa6-8107-475d-948a-ef22627e57a5&displaylang=en

More to come on Automated testing soon…..