Wednesday, January 30, 2013

WSUS Not Working

I had an issue at a customer today where a new WSUS server was not patching clients.  I went through the WSUS configuration, all was correct.

Problem Symptoms

The symptoms of this problem are as follows:

Windows 7/2008 clients recieved the following message when attempting to receive updates from the WSUS server.

Windows could not check for updates automatically. (Important)

 
For these workstations, they report in WSUS with Last Status Report as Not yet reported.
 
 
On member servers and workstations experiancing the update issue, the following was observed in the WindowsUpdate.log file found under %WINDIR%\WindowsUpdate.log

WARNING: Search callback failed, result = 0x80072EFD
WARNING: Failed to find updates with error code 80072EFD

Here is the full Log:
2013-01-30 15:21:29:317  772 a54 Agent *************
2013-01-30 15:21:29:317  772 a54 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-01-30 15:21:29:317  772 a54 Agent *********
2013-01-30 15:21:29:317  772 a54 Agent   * Online = Yes; Ignore download priority = No
2013-01-30 15:21:29:317  772 a54 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"
2013-01-30 15:21:29:317  772 a54 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
2013-01-30 15:21:29:317  772 a54 Agent   * Search Scope = {Machine}
2013-01-30 15:21:29:491  772 a54 Setup Checking for agent SelfUpdate
2013-01-30 15:21:29:539  772 a54 Setup Client version: Core: 7.6.7600.256  Aux: 7.6.7600.256
2013-01-30 15:21:31:552  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:31:557  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:31:557  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:49:646  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:49:646  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:53:899  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:53:899  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: Send failed with hr = 80072efd.
2013-01-30 15:21:58:153  772 a54 Misc WARNING: SendRequest failed with hr = 80072efd. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestUsingProxy failed for <http://ang-pth-upd1/selfupdate/wuident.cab>. error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072efd
2013-01-30 15:21:58:153  772 a54 Misc WARNING: DownloadFileInternal failed for http://ang-pth-upd1/selfupdate/wuident.cab: error 0x80072efd
2013-01-30 15:21:58:153  772 a54 Setup WARNING: SelfUpdate check failed to download package information, error = 0x80072EFD
2013-01-30 15:21:58:153  772 a54 Setup FATAL: SelfUpdate check failed, err = 0x80072EFD
2013-01-30 15:21:58:153  772 a54 Agent   * WARNING: Skipping scan, self-update check returned 0x80072EFD
2013-01-30 15:21:58:213  772 a54 Agent   * WARNING: Exit code = 0x80072EFD
2013-01-30 15:21:58:213  772 a54 Agent *********
2013-01-30 15:21:58:213  772 a54 Agent **  END  **  Agent: Finding updates [CallerId = AutomaticUpdates]
2013-01-30 15:21:58:213  772 a54 Agent *************
2013-01-30 15:21:58:213  772 a54 Agent WARNING: WU client failed Searching for update with error 0x80072efd
2013-01-30 15:21:58:213  772 a0c AU >>##  RESUMED  ## AU: Search for updates [CallId = {44F20E45-61DE-4968-9DE7-32BD9B0ACFB0}]
2013-01-30 15:21:58:213  772 a0c AU   # WARNING: Search callback failed, result = 0x80072EFD
2013-01-30 15:21:58:213  772 a0c AU   # WARNING: Failed to find updates with error code 80072EFD
2013-01-30 15:21:58:213  772 a0c AU #########
2013-01-30 15:21:58:213  772 a0c AU ##  END  ##  AU: Search for updates [CallId = {44F20E45-61DE-4968-9DE7-32BD9B0ACFB0}]
2013-01-30 15:21:58:213  772 a0c AU #############

Resolution

The resolution to these problems in my case was upgrading my WSUS 3.0 server to Service Pack 2 by applying KB2720211.  This can be found under the following URL:

http://support.microsoft.com/kb/2720211

I then wanted all computers in my domain to attempt to detect new updates using the wuauclt.exe /discovernow, to ensure the WSUS console populated correctly and all machines started downloading new updates.  To do this I populated a list of all computers in the domain using the DSQUERY tool.

DSQUERY COMPUTER “DC=mydomain,DC=com” -o rdn -limit 1000 > c:\machines.txt

I then used Excel to construct the following psexec statement in mass wrapping the "psexec \\" and " wuauclt.exe /detectnow" strings around the computer name.

psexec \\COMPUTER1 wuauclt.exe /detectnow
psexec \\COMPUTER2 wuauclt.exe /detectnow
psexec \\COMPUTER3 wuauclt.exe /detectnow

I copyed this content from Excel to a batch script.

I then downloaded psexec from the following sysinternals website on TechNet:

http://technet.microsoft.com/en-au/sysinternals/bb897553.aspx

Ran the batch script and forced every computer on my domain to discover for updates instead of having to wait for them to do it automatically.

Friday, January 18, 2013

Group Policy Software Installation Not Working

Today a customer had a few Windows 7 workstations which were  not receiving software which is pushed through group policy.  RSOP.msc and gpresult had confirmed that the group policy instructing the software installation was successfully applied to the workstation.  Despite group policy applying, the assigned application would not install.

I then found out that the following events had occurred:
  1. The application had installed through Group Policy in the past.
  2. An Administrator uninstalled the application through Add/Remove Programs in Control Panel
  3. The administrator ran gpupdate /force assuming the application would re-install automatically.
This is normal behavior  if an Administrator manually removes an assigned application, it will not automatically redeploy upon computer reboot.  This is because the Software Installation Engine which runs on the Workstation does not know the assigned application has been removed, hence it does not attempt to reinstall.

How do you force the application to be re-installed?

All applications which are assigned through Group Policy get added to the computers registry under:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\AppMgmt

The applications will appear under this policy as a bunch of GUID's.


If you select one of the GUID's it it will have a string value called GPO Name which will display the name of the Group Policy Object.

Delete the GUID of the application which is not deploying.

Run a GPUpdate /Force

Reboot the workstation.

The application will now install

Tuesday, January 15, 2013

Exchange 2003 and Windows Server 2012 Domain Controller

A customer asked me today if they can upgrade to their domain controllers to Windows Server 2012 whilst running Exchange Server 2003.

Exchange 2003 does not support Windows Server 2012 Domain Controllers.

This not only includes the 2012 Forest Funtional Level (FFL) and 2012 Domain Functional Level (DFL) but the Windows Server 2012 DC's.  If you have a Windows Server 2012 Domain Controller running 2003 FFL/DFL, this is still not supported.

There is no support planned for Windows Server 2012 Domain Controllers with Exchange 2003.

Windows 8 Won't Shutdown

One of my friends purchased a Windows 8 computer and complained to me that no matter what they do the machine will not shutdown through use of the Start Portal, Task Manager or even using the shutdown command from command prompt such as:

shutdown.exe -s -f

After some research it turns out that the issue was caused by the Windows 8 new dynamic ticking feature.  This feature is aimed at helping you increase your devices battery life by varying the speed of your device's processor based on its workload.  For some reason this feature on this computer prevented shutdown all together.

The fix was to use BCDEdit to disable the BCDEdit feature using the following command from an elevated command prompt.

bcdedit /set disabledynamictick yes

During my research I also saw complaints about the dynamic ticking feature causing Windows 8 to crash and freeze with older processors and older mainboards.  For more information about these problems other people have had please refer to following blog post:

http://www.oscarcao.com/blog/2012/08/21/fix-for-windows-8-hanging-and-freezing

Thursday, January 10, 2013

Dell Wireless Driver

I had a bit of a drama finding a driver for the following hardware ID today on a customers laptop.

PCI\VEN_168C&DEV_002B&SUBSYS_02051028&REV_01
PCI\VEN_168C&DEV_002B&SUBSYS_02051028
PCI\VEN_168C&DEV_002B&CC_028000
PCI\VEN_168C&DEV_002B&CC_0280
It turned out to be a Dell Wireless 1702 802.11b/g/n adapter which can be found under R301705.exe.  Download this driver from the following website:

http://www.dell.com/support/drivers/au/en/aubsd1/DriverDetails?driverId=R301705

Hope this post has been helpful.

Wednesday, January 9, 2013

Citrix Gateway 3.0 - The server certifiate specified is unusable

Today I attempted to replace a certificate on a Citrix Gateway.  When replacing the certificate in the Secure Gateway Configuration Wizard I received the following error message:

"The server certificate specified is unusable"


Citrix has the following knowledge base article on this problem however it did not resolve my issue.  This knowledge base article can be found under the following address.


I created the certificate on a Windows 2008 server using MMC console using a procedure similar to the following:


I exported the certificate with private key and imported it onto my Citrix Gateway server running Windows 2003 server.

After some further investigation it turns out that Citrix Gateway does not support certificates which were exported from one server then imported.  The Certificate signing request MUST be created on the Citrix Gateway server otherwise Citrix will complain about the certificate.  After recreating the certificate on the Citrix Gateway server I did not have any issues.

I was using Citrix Gateway version 3.0.0

Hope this post has been helpful.

Whats this new In-Place buzz word?

Some of my customers have been asking me lately about some of the new In-Place features of Exchange 2013.  In-Place is a new buzz word which has been adopted by the Exchange product team when naming some of the features of Exchange 2013.

For example we have:

In-Place Archive (formally Personal Archive in Exchange 2010)
In-Place Hold (formally Legal Hold in Exchange 2010)
In-Place Discovery (formally Multi-Mailbox Search in Exchange 2010)

While these features were in Exchange 2010, they have been improved and revamped in Exchange 2013 with new interfaces and closer interaction with other products such as SharePoint 2013 and Lync 2013.

For more information on In-Place Archive please visit:

http://technet.microsoft.com/en-us/library/dd979800.aspx

For more information on In-Place Hold please visit:

http://technet.microsoft.com/en-us/library/ff637980.aspx

For more information on In-Place Discovery please visit:

http://technet.microsoft.com/en-us/library/dd298021.aspx

Tuesday, January 8, 2013

A quick look at Exchange 2013 Managed Availability

Microsoft Exchange 2013 has a new monitoring and alerting engine built into the product called Managed Availability.  Managed Availability detects, alerts and recovers problems as they occur within the product.

In previous versions of Exchange such as 2007/2010, Microsoft recommended Administrators used System Center Operations Manager (SCOM) to monitor an Exchange environment.  In Exchange 2013, the product now has its own monitoring engine which companies can leverage to provide an insite into their email infrastructure.

Note: SCOM Intergration with Exchange 2013 will still be supported

The Managed Availability platform was designed to provide a monitoring solution for a single server deployment of Exchange through to the largest deployments of Exchange in the world.  Microsoft leveraged its experiance with the Office 365 and Exchange Online over the past 6 years to determine which alerts from the SCOM management pack are useful and which alerts are not.  From the 1100 alerts in the management pack, 150 were seen as useful.

For common re-occuring issues which Microsoft experianced in the Office 365 environment, an automated recovery process was put in place to automatically resolve issues to ensure administrative intervention was not required. These automated recovery processes are not available in Exchange Server 2010.  In Exchange 2013, Microsoft has brought the recovery workflow engine based on its learnings from Office 365 to an on-premises environment so companies can benefit in automatic recovery of Exchange related issues.  In my opinion this is a significant selling point between Microsoft Exchange 2013.

To ensure you have a firm understanding on the Exchange 2013 Managed Availability engine, I will run through the core components below.

Probes

Probes essentially probe the environment to identify portential problems with the environment.  They are similar to the test cmdlets in past releases of Exchange in the way they measure the perception of services by executing end-to-end user transactions against core services.

Monitors

Data collected by probes is fed into Monitors.  Monitors look at the results of probes and come to a conclution based on a number of additional checks programmed into each monitor.  The conclution of a monitor is either the service is healthy or unhealthy.

The correlation between Probes an Monitors is Many to One where Many Probes can be fed into a single monitor.

Responders

Responders only execute in the event a monitor is marked in an unhealthy state.  Depending on the monitor which entered an unhealthy state, there are severa responders available to respond to the monitor:
  • Restart Responder  Terminates and restarts service
  • Reset AppPool Responder  Cycles IIS application pool
  • Failover Responder  Takes an Exchange 2013 Mailbox server out of service
  • Bugcheck Responder  Initiates a bugcheck of the server
  • Offline Responder  Takes a protocol on a machine out of service (in the event a load balanced clustered environment is available, this the faulty service will not disrupt services)
  • Escalate Responder  escalates an issue
  • Specialized Component Responders  
For more information about Exchange 2013 Managed Availability please see the following blogpost put together by Ross Smith IV which can be found on the following website:

http://blogs.technet.com/b/exchange/archive/2012/09/21/lessons-from-the-datacenter-managed-availability.aspx

Tuesday, January 1, 2013

Schemus Mail Configuration hanging on Loading

I was configuring the Schemus Mail Configuration tool to synchronise recipient information from an Active Directory forest to Symantec Cloud but ran into an issue with the Synchronisation tool.

I entered the configuration for an Active Directory domain controller into the tool along with a username and password as follows:


When clicking next the wizard would get stuck on Loading and not progress any further.


After clicking cancel and closing the wizard then selecting View --> Logs I noticed multiple entries of "Cannot access the LDAP server. Malformed reply from SOCKS server"

 
Can't access the LDAP server. Malformed reply from SOCKS server
com.metanate.schemus.data.source.SourceException: Malformed reply from SOCKS server
 at com.metanate.schemus.data.source.LdapSource.setContext(Unknown Source)
 at com.metanate.schemus.data.source.LdapSource.ensureOpen(Unknown Source)
 at com.metanate.schemus.data.source.LdapSource.getSearchBases(Unknown Source)
 at com.metanate.schemus.config.gui.wizard.swing.source.SearchSettingsPanel$2.construct(Unknown Source)
 at com.metanate.schemus.config.gui.wizard.swing.SwingWorker$2.run(Unknown Source)
 at java.lang.Thread.run(Unknown Source)
Caused by: javax.naming.CommunicationException: 10.100.8.91:389 [Root exception is java.net.SocketException: Malformed reply from SOCKS server]
 at com.sun.jndi.ldap.Connection.(Unknown Source)
 at com.sun.jndi.ldap.LdapClient.(Unknown Source)
 at com.sun.jndi.ldap.LdapClient.getInstance(Unknown Source)
 at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
 at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
 at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
 at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
 at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
 at javax.naming.InitialContext.init(Unknown Source)
 at javax.naming.ldap.InitialLdapContext.(Unknown Source)
 ... 6 more
Caused by: java.net.SocketException: Malformed reply from SOCKS server
 at java.net.SocksSocketImpl.readSocksReply(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.(Unknown Source)
 at java.net.Socket.(Unknown Source)
 at com.sun.jndi.ldap.Connection.createSocket(Unknown Source)
 
SOCKS is a proxy technology.  After checking Internet Options it turns out that a proxy server was configured on the server.


Removing the proxy server from Internet Options resolved the problem.