Category Archives: Registry Hacks

Remote Desktop Issue: “An authentication error occurred” “This could be due to CredSSP encryption oracle remediation”

You may get this error when trying to connect to a Terminal Server from Windows 10 or Windows 7.

1475272411_CredSSPissue.png.edcaf3deca9f340128ef49dc5c3849f5.png

The workaround is to add the following Registry key on the affected client PC.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002
This is NOT a fix. Doing this will bypass the fix for the security vulnerability. But it will get your users going while Microsoft readies a fix.

References:

Meltdown and Spectre

 

Happy New Year … Not!

With the New Year comes a new class of malicious attack that can impact IT systems. This time, the attack is hardware based, affecting mostly Intel based systems, and to some extent, AMD systems as well.

Here is a list of resources that highlight what it is all about and how to mitigate against this new threat. In the words of Microsoft, “Don’t panic.”

Increase the maximum PST file size for Outlook

I have been working through a bunch of Microsoft Exchange migrations recently. One of the issues that we have seen has to do with the size of the exported PST file. By default, the maximum size of PST files has been limited to 20GB for Outlook 2003 and 2007, and 50GB for Outlook 2010 and 2013.

This limit can be increased or decreased via two registry settings.

  • WarnLargeFileSize – This value sets warning threshold in MB for the maximum size of a PST file. The maximum is 4090445042 (That is about 4PB!)
  • MaxLargeFileSize – This value determines the maximum size in MB that can be written to a PST file. This should be set to about 5% higher than the warning size above. This maximum is 4294967295.

Here are some common values that could be used:

  •  30GB maximum (29GB warning) = 30720 (29696)
  • 75GB (73GB) = 76800 (74752)
  • 100GB (95GB) = 102400 (97280)
  • 150GB (145GB) = 153600 (148480)
  • 200GB (190GB) = 204800 (194560)
  • 500GB (480GB) = 512000 (460800)
  • Are you sure you want such a large PST file after this?

The registry settings are found or created here, depending on the Outlook version.

  • Outlook 2003 HKCU\Software\Microsoft\Office\11.0\Outlook\PST
  • Outlook 2007 HKCU\Software\Microsoft\Office\12.0\Outlook\PST
  • Outlook 2010 HKCU\Software\Microsoft\Office\14.0\Outlook\PST
  • Outlook 2013 HKCU\Software\Microsoft\Office\15.0\Outlook\PST

Archive Outlook items by received or sent date, not by last modified date

While looking through some maintenance tasks, I came across a knowledge base article that solved a long standing issue. In Outlook 2010 and Outlook 2013, it is possible to archive items by their date received or sent instead of by the last modified date.

Microsoft KB2553550 (http://support.microsoft.com/kb/2553550) details the steps.

Outlook 2010

To create the ArchiveIgnoreLastModifiedTime registry value, follow these steps:

  1. Start Regedit.
  2. Locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
  3. On the Edit menu, point to New, click DWORD Value, type ArchiveIgnoreLastModifiedTime, and then press ENTER.
  4. Right-click ArchiveIgnoreLastModifiedTime, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit Registry Editor.

Outlook 2013

To create the ArchiveIgnoreLastModifiedTime registry value, follow these steps:

  1. Start Regedit.
  2. Locate and then click the following registry subkey:
    HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Preferences
  3. On the Edit menu, point to New, click DWORD Value, type ArchiveIgnoreLastModifiedTime, and then press ENTER.
  4. Right-click ArchiveIgnoreLastModifiedTime, and then click Modify.
  5. In the Value data box, type 1, and then click OK.
  6. Exit Registry Editor.

You must restart Outlook after you add the ArchiveIgnoreLastModifiedTime registry key.

Invalid Network Drive when installing programs

I recently had an issue with a thrid party vendor where they asked me to uninstall Adobe Acrobat, then reinstall it again from their CD. The installation kept failing. When we unpacked the install files and ran the program manually, we got an Invalid M: Drive, which was a mapped network drive. With SBS, folder redirection was enforced, so the My Documents folder had been redirected to the M: drive. Some applications do not like this and will fail with an error. Often, this is caused by an incorrect setting in the User Shell Folders registry key.

Fortunately, there is a Fit It solution for this. Microsoft article KB886549 provides a Fit It resolution that will restore the User Shell Folders back to default settings. This article is found here – http://support.microsoft.com/kb/886549

Note: You will need to reapply the folder redirections again after this Fix It is run.

Bypass domain join during client deployment in a Windows Server 2012 Essentials network

An interesting blog was published titled, “How to skip domain joining during client deployment in a Windows Server 2012 Essentials network” – http://social.technet.microsoft.com/Forums/en-US/winserveressentials/thread/aa40963c-7235-40f7-85f5-8f8d030a7c13

To do this, you need to edit a registry key on the client computer.

  1. On your client computer, open an elevated command prompt.
  2. Type the following:
    reg add “HKLM\SOFTWARE\Microsoft\Windows Server\ClientDeployment” /v SkipDomainJoin /t REG_DWORD /d 1

There may be situations where you wish to connect a PC to the Windows Server 2012 Essentials server, but leave the PC off the domain. It may be that this is a personal PC or laptop, but the user requires the Client Backup functionality without adding the laptop to the corporate domain. Another possibility may be the existence of a larger +25 CAL domain, where the Essentials server is to be a client backup server only. At this moment, Windows Storage Server 2008R2 Essentials can be used for this purpose. However, no Windows Server 2012 edition of this server has been announced.

Error: Cannot connect the computer to the server because either another software installation is in progress, or, the computer has a restart pending.

I have been seeing quite a number of systems coming up with this error message when attempting to install the Client Connector Software for SBS 2011 Essentials.

“Error: Cannot connect the computer to the server because either another software installation is in progress, or, the computer has a restart pending. Either complete the installation process, or, restart the computer and try to connect again.”

The first thing to do is obvious – Reboot the computer. But then again, there would not be anything to blog if it were that easy. Obviously, that has been attempted and the error remains. Apparently, this is often caused by programs not cleaning up their installation settings.

The fix is fairly simple, if you can remember where the registry setting is.

Open up Regedit and navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager. Rename the key named PendingFileRenameOperation to something else.

That should resolve the issue.

Fix File Associations following Malware cleanup

This scenario has been coming up fairly often recently. A PC becomes infected by a Fake-AV software. MalwareBytes (www.malwarebytes.org) cleans up the infection. Suddenly, EXE files cannot run. Not even Regedit.

 There are a couple off good resources which help fix up the registry and restore the EXE file association back to normal. Download and unzip the reg files. Right Click on the Reg file and select Merge.

Thanks and acknowledgements to Doug Knox and Ramesh Srinivasan. They have more file association fixes listed below.

Extend Home Server “Vail” beta installation

The public beta for Windows Home Server codenamed “Vail” expires today. As a result, current installations will reboot hourly because the server would have moved into expiry mode.

Microsoft have provided a workaround to extend the expiry in the interim, until the next beta is released. This workaround is based around Windows 2008 R2 SP1 Release Candidate.

To extend the expiry, you can do the following:

  1. Install WS08 R2 SP1 RC on the server from http://www.microsoft.com/downloads/en/details.aspx?familyId=c3202ce6-4056-4059-8a1b-3a9b77cdfdda&hash=2SduI20oa3rGcMvoU%2bPV1TVHUik%2f3CNeLRmMuOcJXzz13kgszkD2VWTIpb%2bAS0in9K12Sc14FpC3sdT4PNXCUw%3d%3d
  2. Logon on https://connect.microsoft.com/WindowsHomeServer with your connect credentials
  3. Click on Product keys (in the left hand side column)
  4. Click on Request a new product key
  5. Click on Get Key
  6. In Windows Home Server, open a command prompt
  7. Type “slmgr.vbs -ipk ABCDE-FGHIJ-KLMNO-PQRST-UVWXY” (where ABCDE.. is your new key as requested above)
  8. Type “slmgr.vbs –ato
  9. Reboot the server, and your beta timeframe has been extended.  You can check this by opening up a command prompt and typing winver

You can view the Microsoft information on this topic here – http://social.microsoft.com/Forums/en/whsvailbeta/thread/9d459f48-2e9e-4279-ade1-6d4d5e907e4c

The Windows Home Server Blog page is here – http://windowsteamblog.com/windows/b/windowshomeserver/

Auto Login to PC after restart

Sometimes, there are background processes and application that need the user to be logged on to the PC before they will run. On a domain PC, this is normally not possible. However, you can modify the registry to enable this. NOTE: the password will be clearly seen.
 
 
In regedit, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
 
Add or modify the key, AutoAdminLogon (String) to 0
Enter in the user credentials in the three keys – DefaultDomainName, DefaultUserName, DefaultPassword.