Friday 29 March 2013

Speed up Windows XP tricks

I found an old blog of mine I hadn't published, so I've decided to correct a few things and post it now. About 3 years late. Better late than never, right?

Yes, it's an old OS now, though it serves it's purpose as a web browsing machine with Chrome installed. My old works Dell Latitude D820 XP laptop I hadn't touched in years and was painfully slow when I booted it up. I realised why it hadn't been touched. I replaced the hard drive some time ago and at first it was quick, but soon started running slow. I'd also stripped it down, removed the old dry thermal past, applied new paste and that helped a little. That was probably two years ago.


I booted it back up having forgot just how slow it was, after using it for a few minutes I decided to try do something about it, here are the tools I used to turn the tortoise into a blazing fast hare!

Defraggler - my defrag tool of choice now days.
CCleaner - Does what it needs too.

Both of the above can be obtained here

Now what sort of IT type would I be if that's all I had done to improve the laptop's performance?

Go in to the System properties > Advanced > Performance options and choose Adjust for best performance.

Open My Computer, click your drives and choose properties and uncheck the Indexing option and Click Ok.

Open Services.msc and stop the Themes service and then disable it, do the same for the Indexing Service, Windows Search. Stop and Disable any services you don't need, if you're not sure about them research it first. If you're not using wireless do the same for the Wireless Zero Configuration, but remember you've disabled it and will need to enable it if you want to use Wireless again.

Delete anything in Start > All Programs > Startup   that you don't need.

You can also use the MSCONFIG utility to disable other Startup items that are system side rather than user specific.


Down to the nitty gritty registry changes, copy the below and paste into a text file and rename it from .txt to .reg then right click it and choose merge. But please do backup your registry first, "Just in case".


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Memory Management]
"DisablePagingExecutive"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management]
"IoPageLockLimit"=dword:00040000


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem]
"NtfsDisable8dot3NameCreation"=dword:00000001
"NtfsDisableLastAccessUpdate"=dword:00000001


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\0000]
"EnableUDMA66"=dword:00000001


NOTE: A few things to note about the registry changes above, the UDMA66 setting will only help a specific set of drives called ATA, not the newer SATA drives.


Hopefully you'll now have a much faster system you can re-purpose or hand down to the kids!

iPhone IMAP email modified date sorting issue

A customer recently changed over from using a POP3 mailbox to IMAP, so everything would sync nocely across his devices, everything was hunky dory for a few weeks and then suddenly out if the blue he was missing a load of emails from his iPhone yet they existed on his Mac Mail. Now remember this is IMAP, not POP3 so it should all be synchronized, right. Wrong!

As it turns out most the iPhone will show you the emails in the order they were last modified. Yes, last modified. Not received, but modified. There's a relatively quick fix for that! Select a chunk of the oldest emails and mark them as unread then mark them as read, move up the list of emails a bit and do the same for a chunk of newer emails and so on until you've done them all. Doing this, in this order will give the older emails an older modified time of the newer emails, making them display correctly on the iPhone.

In my testing I found that Android has many more options than iOS and that a work around on my Galaxy S3 was to show all emails for that account. Unfortunately there is no workaround on iOS, at least that I know of..

Thursday 28 March 2013

Windows Server Office 365 Integration Service fails

I had some more fun this week with an Windows Server Essentials 2012 box. After having a bunch of updates recently and tweaking how we get alerts from servers we got alerted to the Windows Server Office 365 Integration Service failing all the time, but it seemed to cause no issues as long as it was started. A colleague has set it to start upon any failure so it was always running within a minute of crashing.

I'd had enough of these alerts and set about looking to resolve the issue. It turns out a new service Microsoft introduced in the first Rollup Update called Windows Server Password Synchronization Service was DISABLED by default and since RU1 the Windows Server Office 365 Integration Service seems to need the Password Synchronization Service to be enabled and started to carry on running without crashing.

Nice once Microsoft. Thank you for making what should be a simple product more aggravating than it should be.


Further reading on the subject here and here


Obligatory Application Event log messages:

==================================================

Log Name:      Application
Source:        Application Error
Date:          28/03/2013 15:24:43
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVERNAME.local
Description:
Faulting application name: SharedServiceHost.exe, version: 6.2.9805.0, time stamp: 0x504a9e6d
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16451, time stamp: 0x50988aa6
Exception code: 0xe0434352
Fault offset: 0x000000000003811c
Faulting process id: 0x3380
Faulting application start time: 0x01ce2bc850758d14
Faulting application path: C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 9d1ef8ea-97bb-11e2-9462-00155d58c900
Faulting package full name:
Faulting package-relative application ID:
Event Xml:

 
   
    1000
    2
    100
    0x80000000000000
   
    133640
    Application
    SERVERNAME.local
   
 
 
    SharedServiceHost.exe
    6.2.9805.0
    504a9e6d
    KERNELBASE.dll
    6.2.9200.16451
    50988aa6
    e0434352
    000000000003811c
    3380
    01ce2bc850758d14
    C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
    C:\Windows\system32\KERNELBASE.dll
    9d1ef8ea-97bb-11e2-9462-00155d58c900
   
   
   
   
 


==================================================

Log Name:      Application
Source:        .NET Runtime
Date:          28/03/2013 15:24:43
Event ID:      1026
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVERNAME.local
Description:
Application: SharedServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ObjectModelBaseExtended`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Action)
   at Microsoft.WindowsServerSolutions.O365Integration.UpdateO365IntegrationDataTask.CleanUpPasswordSyncData(Microsoft.WindowsServerSolutions.O365Integration.O365User[])
   at Microsoft.WindowsServerSolutions.O365Integration.UpdateO365IntegrationDataTask.Run()
   at Microsoft.WindowsServerSolutions.O365Integration.BackgroundTask.TimerCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()

Event Xml:

 
   
    1026
    2
    0
    0x80000000000000
   
    133639
    Application
    SERVERNAME.local
   
 
 
    Application: SharedServiceHost.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.InvalidOperationException
Stack:
   at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ObjectModelBaseExtended`1[[System.__Canon, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]].Invoke(System.Action)
   at Microsoft.WindowsServerSolutions.O365Integration.UpdateO365IntegrationDataTask.CleanUpPasswordSyncData(Microsoft.WindowsServerSolutions.O365Integration.O365User[])
   at Microsoft.WindowsServerSolutions.O365Integration.UpdateO365IntegrationDataTask.Run()
   at Microsoft.WindowsServerSolutions.O365Integration.BackgroundTask.TimerCallback(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.TimerQueueTimer.CallCallback()
   at System.Threading.TimerQueueTimer.Fire()
   at System.Threading.TimerQueue.FireNextTimers()

 


==================================================

Smartphone security issues

It's been a crazy few months with all these lock screen bypasses, starting with the iPhone, then Galaxy Note 2, Galaxy S3 and now the iPhone giving you access to the iPhone photo's in the latest version of iOS 6.1.3 which was a fix for the previous lock screen bypass. How did that even pass QA? 

I tried the lock screen bypass on my Galaxy S3 and it's a tough one to pull off! It took me around half and hour of trying to get it to work, I then spent another half hour or more trying to do the same but with the swipe to unlock enabled before entering the pin (as this is on by default) and had no luck. Correct me if I'm wrong, but I'd like to know if having the swipe to unlock defeats the lock screen work around.

With all these security issues, I'd urge you to enable some form of mobile tracking or alternate lock screen app if available. I'm able to track my Galaxy S3 with Samsung Dive and with Cerberus, I installed Cerberus as it gives you a few more controls than Samsung Dive does.

Most importantly, remember these device are mini computers. All your social networks, contacts, photos and videos are stored on these small little devices, where before they were on your computer or laptop that would mostly be kept in your house and less likely to be stolen or lost. I know lock screens can be a pain, but please do enable it if you haven't already and always stay up to date with the latest software updates. It prevents the opportunist from prying into your private life.

Saturday 23 March 2013

Essentials server connect computer wizard fails

When connecting a PC to an Essentials 2012 server using the Connect wizard the other day we ran into the good old message "Another installation is in progress" - we checked for any msiexec.exe processes running and there were none. The next not so obvious place to look was the registry. I had a feeling that it could be the PendingFileRename keys I've run into a few times before, usually with Symantec Endpoint installations.

Navigate to the below keys and delete the PendingFileRename keys you find.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SessionManager\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet001\Control\SessionManager\PendingFileRenameOperations


Always backup your registry before doing anything with it, even if you know what you're doing!

Tuesday 19 March 2013

Locking down FTP users in FreeBSD

I'll give you a quick run down of what you'll need to do, in order to have a chrooted FTP server, with links to useful documentation, so you don't have to go trawling the web for help on these tasks. For editing files I prefer the "ee" program, it's REALLY easy to learn and you don't need to know any of the silly commands / shortcuts you need to know better than your own name with the vi editor.


  • Install the OS, using your favorite method.
  • Apply FreeBSD updates, either in binary form or the old long drawn out method of recompiling from source, this depends on your requirements and if you have a custom kernel.
  • Create a group, call it ftpusers to make it clear what it's going to be used for.
  • Add users to said group when you create them, maybe give them an alternate home like /usr/ftpusers to separate them from the normal users.
  • Add the group name you created above to /etc/ftpchroot, don't forget to add an @ before the group name e.g @ftpusers  otherwise it won't work.
  • Enable FTP Daemon by adding the following line to /etc/rc.conf:


ftpd_enable="YES"

and type this at the command line to start the ftp daemon

/etc/inetd/ftpd start

or in /etc/inetd.conf remove the comment from the ftpd line and type

kill -HUP inetd

 at the command line after editing the inetd.conf file to start ftpd.

or reboot, your choice.

And that's pretty much it! Now test it with multiple accounts to make sure it's all good and as expected before deploying or letting your internet friends abuse it.

If you want to allow SSH access to certain people but not others use the nologin shell for those that don't need SSH access, beware there may be flaws in using this method or the shell code which could be exploited if you open SSH to the world, the same applies to an "open" FTP daemon.

Sunday 17 March 2013

Windows 8 Remote Desktop Connections crashing

I've had this "bug" on my work PC since Windows 8 RTM, whereby logging into a Remote Desktop Server would crash that Remote Desktop session, and only that session after a the login completed. And ONLY on Remote Desktop servers. Normal PC, SBS and standard server RDC's were fine.

I'd had enough now and wanted a solution so started thinking about what exactly is going on, let's break it down a bit - with bullet points ! I love bullet points...

  • It would only happen once the login completed.
  • I had all Windows updates installed.
  • No real pointers to what the problem may be.

Not a lot to go on, huh?

The next logical step was to change the RDC and by that I mean the various options it come with.
Well it turns out I hit the nail on the head, first time!

I simply unchecked the Printers option under Local Resources, saved the RDP file and connected to the RD server which was 2008 R2, as that worked I tried on a number of other 2008 R2 RD servers and it appeared I'd found the cause of what had been troubling me for some time, I tried a 2008 RD server and it too worked without a problem. Huzzah!

My tips would be try alternative printer drivers, remove any printers you don't need / want any more or try a different driver version. I had to use the Dell 3115CN drivers for our Dell 3110CN printer, they're basically the same unit, just that one has scanning & faxing capabilities while the other doesn't.

If unchecking the printer option doesn't cure your mstsc crashing, try some of the other Local Resource settings.


EDIT:
This still seems to be an issue in Windows 10, today it was a Ricoh / Afico ISC 2020 with PCL6 Universal drivers.


The error message when mstsc.exe crash was "Remote Desktop connection has stopped working" - simple but obvious, eh?

and the Application event viewer logs:

Faulting application name: mstsc.exe, version: 6.2.9200.16465, time stamp: 0x50b422f2
Faulting module name: ntdll.dll, version: 6.2.9200.16420, time stamp: 0x505ab405
Exception code: 0xc0000005
Fault offset: 0x0000000000002a93
Faulting process id: 0x1180
Faulting application start time: 0x01ce20aa5000249d
Faulting application path: C:\Windows\system32\mstsc.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 992f8e23-8c9d-11e2-be92-00119520678b
Faulting package full name:
Faulting package-relative application ID:

Friday 15 March 2013

What's the SSD (Solid State Disk) failure rate?

Well it would seem quite high! But, how many of these failures can be fixed?

Recently our MD had a "failure" of sorts after his laptop had run out of battery power.
This will apparently cause the disk to go into a state of self preservation to protect the data, but only if it has suddenly lost power - a laptop would have put itself into a sleep or hibernate mode not just suddenly conked out. Now this state of self preservation means you can't access any of the data at all. Any computer will no longer see the disk, even in the BIOS because of this state.

I get that Crucial have done this to try protect the data due to the nature of the way SSD's work, however they shouldn't just let it "lock up" without letting you know what's going on! They should report that they've gone into this state so you know the drive isn't just dead, giving you some hope and some direction to getting it resovled. Luckily we're IT folk and figured it out, but the vast majority of non-IT folk would most likely panic, take it to a bunch of monkey's who don't know what they're doing (or do and rip them off for the sake of it) and say the drive is fubar'd and charge for another.

I think this is just a really poor play by the manufacturers and they should do something about this. Will they listen? Probably not.

Anyway, enough moaning and here is the article from Crucial on how to fix it !

http://forum.crucial.com/t5/Solid-State-Drives-SSD-Knowledge/Why-did-my-SSD-quot-disappear-quot-from-my-system/ta-p/65215