Thursday, March 19, 2015

Remote Desktop Licensing Error

Today I got a call from client that he can’t connect to his Remote Desktop Service  from his Windows 7 client.
He would get following error: The remote computer disconnected the session because of an error in the licensing protocol. Please try connecting to the remote computer again or contact your server administrator.
Since I was sure the licensing was in order I searched for another possible problems.
The cause of the problem was in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing.
So here is one of possible solutions if you are getting this error when trying to connect to Terminal Server (Be sure to backup your registry before you do this or export the MSLicensing keys, in case this isn’t the cause of your problems):
  1. Open registry editor (Start > Run > regedit)
  2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ and find MSLicensing folder
  3. Right click on it and select delete
  4. Start Remote Desktop Client (Start>Run>mstsc) as local administrator to rebuild the deleted keys

Tuesday, February 04, 2014

Getting an Exchange Database into a Clean Shutdown State using Eseutil

So you’ve just restored an Exchange database, and now you are trying to mount it. To your surprise, you are getting an error similar to the following:
Couldn’t mount the database that you specified. Specified database: DB2; Errorcode: An Active Manager operation failed. Error: The database action failed. Error: An error occurred while trying to select a database copy for possible activation. Error: The database ‘DB2′ was not mounted because errors occurred either while validating database copies for possible activation, or while attempting to activate another copy. Detailed error(s):
An Active Manager operation failed. Error: Operation failed with message: MapiExceptionCallFailed: Unable to mount database. (hr=0×80004005, ec=-550)
Before you can mount a database restored from a backup, it needs to be in a clean shutdown state. You can use the Eseutil tool to check whether a database is in a clean shutdown state – if it is not in a clean shutdown state you can perform a repair to get the database into consistency.

Soft Recovery using Eseutil

The first thing you want to do is verify that the database is in a dirty shutdown state. We can do this using the eseutil /mh command. For example:

The output from the above command shows us that the database is dirty shutdown:

We can also see from the output, under Log Required, the database is missing a transaction log. We can replay log files into the database (as long as they exist) to get the database into consistency. To do this, we use the following syntax with eseutil:
eseutil /r /l /d
For example, my log file prefix is E02, and my database and logs are stored in G:\E_\Program Files\Microsoft\Exchange Server\V14\Mailbox\DAGDB1 . Here is a screen shot of the command:

When this repair is complete, I can run the eseutil /mh command again to verify that the database is in a clean shut down state:

At this point, I’ll be able to mount the database. This will almost always work when you restore a database from a Windows Server Backup, but there may be times when this doesn’t work and you need to perform a hard repair.

Performing a Hard Repair

Performing a hard repair using eseutil /p will check the database for any damaged pages; if it finds any, it will delete them. Make sure that you can live without any data inside the database before doing a hard repair, because you may lose data. Also, make sure you have twice as much free space as the size of the database before doing a hard repair – this is required for the temporary database that will be created.
To perform a hard repair, use the eseutil /p command, as shown here:

Once this completes, you can use the eseutil /mh command to verify the database is clean shutdown.

Tuesday, July 16, 2013

Redirection Folder My document From GPO

The following instructions work for redirecting My Documents/Documents. I cannot guarantee it will work for other redirected folders but it follows the same pattern so there is no reason why it shouldn't.

When setting up the root folder for redirected folders:

Setting the NTFS permissions
Create the folder in the required location (ie. E:\Users)
Disable inheritance of permissions from the parent and remove all inherited permissions by clicking the appropriate button.
One entry will already be in the DACL: Local Administrators.
  1. Alter Local Administrators: Full Control: This folder, subfolders and files
  2. Add SYSTEM: Full Control: This folder, subfolder and files.
  3. Add CREATOR OWNER: Full Control: This folder, subfolders and files.
  4. Add Authenticated Users: List folder / read data, Create folders / append data: This folder only
  5. Add Domain Admins: Full Control: This folder, subfolders and files.
  6. Click OK.
These permissions grant users the ability to create their redirected folder in the root folder but not the ability to browse the contents of other people's folders. Best practice dictates that you should allow the redirected folder locations to create themselves as users log on.

Create the share and add share permissions
Share the root folder created earlier as \\SERVER\Users (or if you want to hide it, \\SERVER\Users$\
Adjust the share permissions as follows:
  1. Remove Everyone
  2. Grant Authenticated Users Full Control
  3. Grant Domain Admins Full Control (Not necessary but useful for completeness)
Configure the GPO
  1. Open Group Policy Manager
  2. Create a new GPO or edit your existing one.
  3. Expand User Configuration > Policies > Windows Settings > Folder Redirection
  4. Right-click My Documents/Documents and click Properties.
  5. Choose Basic - Redirect everyone's folder to the same location
  6. Under Target folder location choose Create a folder for each user under the root path
  7. Set the Root Path: to \\SERVER\Users
  8. As you type, you will see an example location listed to show you how the folders will be created as users log on.
  9. On the Settings tab, uncheck Grant the user exclusive rights to Documents
  10. Under Policy Removal, select your preferred option depending on your requirements.
  11. Link the GPO at the appropriate OU.
Despite assurances from Microsoft in another article, granting users exclusive rights to My Documents in the GPO will stop you from being able to access the contents of a users' folder. Probably not good for backup!