More RWW woes with XP SP2 and SP3

Following on from my blog regarding RWW on SBS2008 ( and the need to have XP SP3 or RDC 6.1 for XP SP2.
After applying the following, I had a client who still could not connect to RWW. An error message appeared.
“The wizard cannot configure Remote Desktop Connection settings. Make sure that the client version of Remote Desktop Protocol (RDP) 6.0 or later is installed on this computer”
But it was installed!!??? Check out
Go to the Internet Explorer Add-Ons, and enable the Microsoft Terminal Services Client Control ActiveX control or the Microsoft RDP client Control ActiveX control.
If this is already enabled, or after this is enabled, you will also need to re-register the ActiveX control.
Run the following commandregsvr32 %systemroot%\system32\mstscax.dll

Microsoft Office Outlook cannot provide form scripting support

I installed Trend Micro Worry Free Business Security Advanced on a server and implemented the antispam features. Trend drops detected spam messages into a folder called Spam Folder in each user’s Outlook mailbox on the Exchange server.
When accessing this folder on a Terminal Server, the following error message appears.
“Microsoft Office Outlook cannot provide form scripting support. This feature is not available. For more information, contact your support administrator.”
The fix to this problem is detailed in KB302003 –
1. Copy Outlvbs.dll from a normal client PC (not a Terminal Server). The file needs to be placed in the Program Files\Microsoft Office\Office12 folder. For Ooulook 2003, put this file in the Office11 folder.
2. Enable VB Script support by running the following command on the Terminal Server – msiexec /i {Product GUID} ADDLOCAL=OutlookVBScript /qb
The Product GUID can be found in the HKLM\SOFTWARE\Microsoft\Office\12.0\Common\InstalledPackages. Look for the Microsoft Office package key that is installed.

Accessing Folder Shares in OWA

Here’s a cool little gem I just found in Exchange 2007 in SBS2008.
You can access the server (or other servers) shared folders from OWA by enabling Remote File Servers in Exchange 2007.
1. Open up Exchange Management Console, Client Access, and Properties for Outlook Web Access.
2. In the Remote File Servers tab, Click on Allow, and add the file server name.
That’s it!
In Outlook Web Access, click on the Documents tab. Click on Open Location, then type in the file share location in the form of \\servername\sharename.
*** UPDATE August 2010. Unfortunately, Microsoft disables this feature in Exchange 2007 SP3, and also in Exchange 2010.

How to Make Terminal Servers in Application Sharing Mode Appear in Remote Web Workplace

Here is a bit of a gem. Now we can turn off port 3389 and get users to use RWW from port 443 in SBS2008 instead.
Thanks to the Technet guys!

Administrators will see all servers and workstations that are shown in the SBS Console’s Computer tab. However, standard users will only see workstations that they have been granted access to. This means that Terminal Servers in the domain will NOT be shown to standard users. To allow non-administrators to see Terminal Servers present in the network, follow these steps:

  1. Log on to SBS 2008 as an Administrator
  2. Open Registry Editor by typing “regedit” in the Start menu. In the Registry Editor, navigate to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SmallBusinessServer
  3. Create a sub-key “RemoteUserPortal” under the key “SmallBusinessServer“, if it does not already exist
  4. Under the “RemoteUserPortal” key, create a new a Multi-String Value with the name”TsServerNames” (without the quotes; note the capitalization)
  5. Edit the “TsServerNames” value, add your TS servers name into the value data (one server per line), and then click OK to save them
  6. After completing the steps above, the servers you added into the registry will show to all RWW users in their computer selection list.



Note: Once this change is completed, ALL users will be able to view the TS Server from RWW.

Root Certificates and Windows Mobile

Had a wierd week just past. My HTC Touch Dual 850 phone suddely stopped working. The symptom began with Active Sync not working. I discovered that everytime I hit sync on the phone, Active Sync would terminate. Rebooting didn’t fix the problem. I cleared the phone settings and started again. Still no luck. I found further symptoms. When I opened IE on the phone, I could browse to various web pages. When I tried to open a https page, IE would also terminate. Further testing revealed that this worked fine when working with Vodafone, or when plugged into the PC. However, I could not do this on the Telstra network. After getting to level 3 support, I was asked to try removing the proxy setting. This worked.
I now got a new error message stating that my nice new thrid party certificate was not valid. OWA and outlook Anywhere worked fine, just not Active Sync on Windows Mobile 6. Finally…. after 5 days of messing about, which included a reimage of the phone ROM image, I solved the problem.
Earlier, I recommended that we can use RapidSSL from as a trusted certificate on SS2008. When contacting SSL Direct with this problem, they said that their RapidSSL certificate was not certified to work with mobiles. This was very unusual, since it had been working fine up to this point. The RapidSSL certificate uses a certificate issued by Equifax Secure Global eBusiness CA-1. Whenever I installed the certificate on WM, the certificate would be installed as an intermediate certificate. There is no utility to install this as a root certificate. However, I found a Equifax Secure Global eBusiness CA-1 root certificate on SSL Direct, which installed itself as a root certificate, and apparently, this passes the intermediate requests on like a proxy. Installing this certificate fixed the problem, although I do not recall having to do this when it was working earlier. Something to note down for the future. In the meantime, be careful.
***Comment from Previous Blog site.
Tony Fahlstedt – 16 Dec., 2008 – Delete
Hi Boon,

I experienced pretty much the same thing with a Sony Ericsson p1i cell phone, that phone does have the same equitrac cert built in as HTC phones have, however not the correct version of it, so I downloaded this root cert and installed it, after that activesync worked no hassles.

Have not tried it with a HTC though, but I think it will work.


Ntbackup Restore for Windows Server 2008 and Vista

For those who are missing “good old ntbackup”, there is a version for use with Windows 2008 and Vista that will allow restores from backups made using ntbackup in Windows XP and Windows Server 2003.
The utility requires that the Removable Storage Management Feature is enabled and can be downloaded here –

Configuring the iPhone for Exchange Sync

The iPhone is really easy to set up. I don’t particularly like the onscreen keyboard input or the lack of cut and paste (edit: fixed in OS v3.0), but it is really easy to set up a connection to Exchange.
All you need is:
email address – This is the email address of the user
domain – Leave this blank in most cases
username – the username for logging into the domain
password – the user’s password
Click next, and the iPhone will attempt to connect to the server automatically. In most SBS cases, this will fail, and the phone will request a servername.
servername – the FQDN for the domain where Exchange OWA is located. In many SBS2003 installations, this is typically On SBS2008, this will normally be
When you are done, the screen should look something like this.

Missing SYSVOL and NETLOGON during migration

I have had a crazy week so far. One of the issues that has bugged me this week was missing SYSVOL and NETLOGON shares and missing domain data after a new domain controller was added to the domain during migrations.

I first ran into this problem 3 years ago, when I was performing one of my first Swing migrations. I had shut down a server too soon, and as a result, the replica sets were incorrecty synchronized. In that case, I didn’t know what hit me. After I swung the DC back to the target new server, the entire AD crashed. There was no recovery, and I had to restore the server to it’s original state. When I reworked the Swing Migration weeks later, this error did not occur. I made a note on my Swing Migration worksheet, and did not come across this issue again . . . until Monday.

In the first case, I was trying to salvage the AD for a SBS2000 server which had lost the RAID and was barely functional. Just enough to get started. I quickly fixed up a Win2003 server and joined it to domain with the purpose of giving some backup to the AD in preparation for a Swing Migration.

Everything went according to plan, and the AD appeared to have transfered across. I did one last check according to my notes, which I have compiled over the past 4 years, and hit a snag which I had not seen for about 3 years. The SYSVOL and NETLOGON shares were not present on the new DC. Looking further, C:\WINDOWS\SYSVOL\sysvol\ was empty. It should have 2 very important folders – Policies and Scripts. Without this, the AD would crash if the main DC were no longer operational.

In this instance, time was short, and I had to let this one go. We had to rebuild a new domain and reset all the workstations and data.

Today, as I was preparing a new SBS2008 server for migration, I found the same situation. The SBS2008 installation had completed and this new server was fully operational. Being paranoid, I checked, and there was the problem again!

After some searching, I finally found an old Microsoft Knowledge Base article KB290762 ( – Using the BurFlags registry key to reinitialize File Replication Service replica sets.

I ran the Authoritative FRS restore procedure using the D4 flag on the old server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double click BurFlags.
  8. In the Edit DWORD Value dialog box, type D4 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Then I ran the nonauthoritative restore process using the D2 flag on the SBS2008 server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double-click BurFlags.
  8. In the Edit DWORD Value dialog box, type D2 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Bingo, the folders were recreated, and the shares appeared! An answer to a 3 year old question.

Disable DEP to install some pesky applications/drivers

I decided to wipe out my ACER laptop and rebuild it with Vista Business 64bit SP1. All went well and all the applications and back and running.

I suddenly realised that an integral part of my set up was to be able to use my Vodafone 3G mobile card. I downloaded the latest software off the Vodafone site. Then I plugged in the modem. Got a BSOD immediately. After the reboot, the modem appeared to be installed, but I could not get connected to the Vodafone network. I kept getting a RAS Error Code 633. Vodafone support was unable to help (Get your support guys up to date PLEASE! “It should work with Vista” is not a helpful response).

Anyway, after some searching, I discovered some discussion on Data Execution Prevention (DEP) in relation to installing the device. After uninstalling the Vodafone software and drivers, I disabled DEP with the following command.

bcdedit.exe /set {current} nx AlwaysOff

Then I installed the Vodafone software, rebooted, and plugged the modem in. No BSOD. Got the pleasant “Your device installed successfully” message.
Then I tested and was able to connect to the Vodafone network.

Rebooted once more, and then I re-enabled DEP.

bcdedit.exe /set {current} nx AlwaysOn

Tested the connection again. All OK 🙂

Word of WARNING: Do not disable DEP to install drivers unless you are sure the drivers are safe. Also, make sure you have a backup, unless you are prepared to lose data.

%d bloggers like this: