The issues were documented here – http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx
The main issue is that users could not log on to the domain and Kerberos errors (EventID 4) were logged. This could lead to issues, and frustration, especially in migration situations.
The hotfix can be obtained here – http://support.microsoft.com/kb/2989971
The latest August 2014 update rollup for Windows Server 2012 R2 has addressed this issue. The integration feature previous only worked when the Essentials server was the only domain controller in the domain, which led to some difficult workarounds in migration scenarios.
The rollup can be downloaded via Windows Update or directly here – http://support.microsoft.com/kb/2975719.
You can read the Microsoft announcement here – http://blogs.technet.com/b/sbs/archive/2014/08/13/announcing-the-availability-of-enabling-windows-server-2012-r2-essentials-integration-of-microsoft-online-services-in-environments-with-multiple-domain-controllers.aspx.
While looking through some maintenance tasks, I came across a knowledge base article that solved a long standing issue. In Outlook 2010 and Outlook 2013, it is possible to archive items by their date received or sent instead of by the last modified date.
Microsoft KB2553550 (http://support.microsoft.com/kb/2553550) details the steps.
Outlook 2010
To create the ArchiveIgnoreLastModifiedTime registry value, follow these steps:
Outlook 2013
To create the ArchiveIgnoreLastModifiedTime registry value, follow these steps:
You must restart Outlook after you add the ArchiveIgnoreLastModifiedTime registry key.
Support for Windows XP ended at the end of April 2014. However, there is still a large base of PCs that are still in use running Windows XP. This is not good nor safe computing practice, especially if the PC is operating in a business environment and is being used for critical business applications.
ZDNet published an article detailing a simple registry hack (http://www.zdnet.com/registry-hack-enables-continued-updates-for-windows-xp-7000029851/) that will enable Windows XP PCs to emulate a Windows Embedded POSReady 2009 device. These devices are based on Windows XP, and are specifically used in basic terminal applications. The danger is that not all updates will be suitable for mainstream WIndows XP, and some critical ones may be missed. However, if you MUST run Windows XP for a really old legacy application, then there is still a way to obtain some update protection. It is highly advisable that you seek out a way to decommission your Windows XP PCs and replace them as soon as possible.
To enable this hack, add the following Key to the registry – HKLM\SYSTEM\WAP\PosReady
Then create a DWORD called “Installed” with a value of 1.
Alternatively, create a .REG file with the following text and merge it into the registry.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\WPA\PosReady]
“Installed”=dword:00000001
I will warn again that this should be a “I have no reasonable alternative” move. There are always other options, and the best option is to migrate away from Windows XP.
I ran into this problem with 3 Virtual Machines. All of them were brand new installations, so it was not an issue with badly behaving applications.
The cause appeared to be the way Gen2 virtual machines worked with a particular recent update. Gen 1 virtual machines did not present this issue.
Thanks to Susan Bradley and GurliGebis on the technet forums here (http://social.technet.microsoft.com/Forums/windowsserver/en-US/e58c8b30-b91a-4d90-a1b5-8859ffc3b92c/kb2920189-fails-to-install-on-generation-2-vms?forum=winserverhyperv), we have a workaround.
A serious vulnerability has been discovered in the OpenSSL cryptographic software library which allows an attacker to steal information that would normally be protected by SSL/TLS encryption. This vulnerability allows anyone to compromise and steal data that is normally protected by this protocol, which can lead to further attacks and the compromise of IT systems that are breached.
There are many popular firewalls and systems that are exposed on the Internet that use this protocol, which makes this vulnerability a serious threat. Many common Linux based operating systems are vulnerable, and the vendors have released patches to fix this issue. It is recommended that firewalls, servers and appliances that use OpenSSL be patched immediately.
For more information on this threat and some answers to common questions, read this – http://heartbleed.com/
To test your system for this vulnerability, go to this site – http://filippo.io/Heartbleed/
Apple has released a critical update for all IOS devices from the iPhone 3GS up to the new iPhone 5S and iPad Air ranges. The patch fixes a severe security flaw in the operating system which could allow a Man-in-the-Middle (MITM) attack where a secure connection could be transparently redirected to a malicious website where password and other data could be stolen or compromised. You can read more about the patch and possible danger here.
NOTE: Although this appears to be a severe issue, it is similar to the many other dangers that are out in the IT connected world today. Make sure your devices and computers are patches. Oh, and by the way, THIS IS A GOOD TIME TO REPLACE THAT OLD WINDOWS XP COMPUTER. Windows XP Will no longer be maintained with security patches from April 2014.
 |
 |
It is not often that a news organization becomes a source for IT knowledge or troubleshooting, but news.com.au have a great article on how to fix the most common IOS7 issues that users are experiencing during and after upgrades. The article is here – http://www.news.com.au/technology/smartphones/troubleshooting-for-struggling-apple-ios-7-users/story-fn6vihic-1226723564685
It covers:
Your phone has been wiped of apps, contacts, pictures and videos
There are a number of interesting tips there which I did not know about before. The bottom line in this is:
MAKE SURE YOU HAVE A GOOD BACKUP, PREFERABLE IN TWO PLACES (iTUNES and iCLOUD) BEFORE YOU BEGIN THE UPDATE!
UPDATE: But wait! There’s more. http://www.news.com.au/technology/smartphones/really-simple-fixes-for-your-apple-ios-7-problems/story-fn6vihic-1226726240594
Every few months, this situation comes up somewhere amongst the plethora of Windows 7 workstations that are managed by my helpdesk. The standard fix is normally to remove the workstation from the domain, and rejoin it again.
I came across a blog post here – http://www.implbits.com/about/blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/default.aspx – which suggested that this problem was caused by a machine password being corrupted or lost.
A suggested fix for this was to use NETDOM.EXE to reset the machine password. You will need to install the Remote Server Administration Tools from http://go.microsoft.com/fwlink/?LinkID=153874. Once it has been installed, turn the following feature on (from the Turn Windows features on or off applet in the control panel. (you might find some other useful server administrative tools there too!)
From an administrative command prompt, type the following command.
NETDOM resetpwd /s:[domain controller] /ud:[domain admin] /pd:*
[domain controller] = a domain controller in the joined domain
[domain admin] = a domain administrator with administrative rights to the machine
You will be prompted to enter in the password for the domain admin account specified.
Once the command is completed, restart the computer to log in.
NOTE: I did notice that some other settings on the workstation appeared to be corrupted or reset after the reboot. One of these itemms was the Outlook profile, which had to be reset and resynchronized.
Microsoft have released the Update Rollup 2 for Windows Server 2012 Essentials. The update is available via Windows Update. More information on the issues that are resolved can be found here – http://support.microsoft.com/kb/2824160?wa=wsignin1.0
The client side package remains the same, and is automatically applied to client computers. More information on this package can be found here – http://support.microsoft.com/kb/2781268
Note that client computers may appear to be offline in the dashboard until the client side package is installed and should be rebooted after the update is applied.
