After Exchange 2007 SP1 server restart Exchange Services does not start up automatically even though they are set to start automatically.

Problem Description: After Exchange 2007 SP1 server restart Exchange Services does not start up automatically even though they are set to start automatically.

Most of the time services that does not start are “Microsoft Exchange System Attendant” and “Microsoft Exchange Information Store”

Error Messages:

In event log following error messages could be there:

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 5000
Date: 12/8/2008
Time: 11:43:07 AM
User: N/A
Computer:
Description:
Unable to initialize the Microsoft Exchange Information Store service. - Error 0x96e.

Event Type: Error
Event Source: MSExchangeIS
Event Category: General
Event ID: 1121
Date: 12/8/2008
Time: 11:43:07 AM
User: N/A
Computer:
Description:
Error 0x96e connecting to the Microsoft Active Directory.

Event Type: Warning
Event Source: MSExchange EdgeSync
Event Category: Topology
Event ID: 1026
Date: 12/8/2008
Time: 11:41:15 AM
User: N/A
Computer:
Description:
Topology load generated transient exception Could not find any available Domain Controller.. EdgeSync must be able to acquire current Exchange topology data from the Active Directory directory service to properly operate. The Edge Transport server will attempt to load the topology again.


Cause: Services in question has dependency on certain Windows Services and those services took time to start properly.

Solution:

There are multiple things we could try but the one that suited me was to pause start of Exchange Server service(s) on the time of boot up. Following is the registry key that could be used:

1. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters

2. On the right had side window right click, select New, DWORDValue
3. Name it BootPause
4. Assign BootPause value of 120 (Decimal)
5. Close registry editor

BootPause value 120 will delay the start of SA service by 120 seconds, should you need to raise or lower the value you can change the registry keys.

Please take back-up of the system before attempting any changes to the system. Wrong changes could cause your system to fail. Please follow Microsoft Guidelines on making registry changes.

Why Microsoft Windows Update options are grayed out?

Problem Description: When user clicks on Windows Update in Windows XP machine all the options in Windows Update are Grayed out.

Cause: This issue can be caused due to different reasons.
Scenario 1. The machine you have is/was a SUS controlled machine.
Scenario 2. Due to Group Policy these options are blocked
Scenario 3. User do not have enough Administrative privilages to make changes.

Resolution:

Scenario 1: The machine you have is/was a SUS controlled machine.
In such scenario First of all we need to determine if the machine is SUS configured. Following is the method to find it:
>Click 'Start' Menu
>>Click 'Run'
>>>Type 'Regedit' and click 'Ok'
>>>>In Registory Editor Navigate to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate
>>>>>In the right side of the pane look for WUServer and WUStatusServer entries. These entries usually carry the HTTP name of SUS Statistics server (http://SUSServerName)
>>>>>>If you find those variable then easy fix is to export WindowsUpdate registry hive and delete it. Now your machine will not be controlled by SUS any more and you should be able to configure options as you like. If absence of this registry hive User Configurations takes affect.

Scenario 2: Due to Group Policy these options are blocked
In a scenario where these options could be blocked due to Group Policies we can use the folliwing method:

>Click 'Start' Menu
>>Click 'Run'
>>>Type 'gpedit.msc' and click 'Ok'
>>>>Nevigate to 'ComputerConfiguration\Administrative Templates\Windows Components\Windows Update' and make sure that all the settings are set to 'Not Configured'
>>>>>Nevigate to 'User Configuration\Adminitrative Templates\Windows Components\Windows Update' and make sure that all the settings are set to 'Not Configured'

***SPECIAL NOTE****
Change in policy values and of the day is affecting the same registry hive we have discussed above.

Scenario 3: User do not have enough Administrative privilages to make changes.
In this scenario all we need to do is to make the user member of local Administrator group. This can be done 'Computer Manegement' consol or 'Users Accounts' consol from Control Panel.

How to disable Windows Media Player from displaying full screen video on the second monitor screen ?

Problem Description: From last few days I have realised that when I run any videos in windows media player especially live video feed though internet, on the second screen the same video will be coming in full screen mode and there is no way to stop it, unless you stop Media player from playing the video.

Cause: Its something to do with video drivers, cards and windows combination.

Resolution:
To find this resolution it took me quite some time and I personally found full screen video very annoying.

My machine has Nvidia Quadro FX 540 display adapter, when I was going to the display properties I was not get as many option from NVIDIA as I was expecting . I thought of checking drivers update and to my surprise there was update available on the manufecturer's website.

I have updated drivers and restarted windows. Now I have small NVIDIA icon in the right botto of the screen along the local time display.

Method one: Right click on NVIDIA icon, click Nvidia control panel, near to the bottom there is a section called Video & Television, this has a subsection called Modify Full -Screen video options, click on it and in the right side pane there are two options available, click on "Only Show it in my viewing application" and apply settings. That is all what was needed.

Method two: in case you cannot find Nvidia icon there is another way to get to it, go to Start > Control Panel > Diaplay > Settings > Advanced > NVidia > now you will have the same options what are discussed in the method one above.

Registry editor is disabled on windows machine (Regedit.exe)

Problem Description: User cannot run regedit.exe as command to open registry editor.

Cause: There are different reasons for it please look below for more info

Resolution:
There are different reasons why you could be seeing this issue:

1. Because someone changes the group policy.
To fix this issue run the following command from the RUN box:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

OR

use group policy editor: gpedit.msc from run box and then look for policy called "Disable registry editing tools " set it to not configured state and restart computer

2. This could also be caused due to different viruses/malware

to fix this there is a nice script from Symantec just use that
http://securityresponse.symantec.com/avcenter/venc/data/tool.to.reset.shellopencommand.registry.keys.html

even I could export my shell commands configuration in registry and send you as a TXT file but I think Symactec tool already does the trick for you.

Visual studio just -in -time debugger pop-up comes time to time

Problem description: Someone installed SQL Server 2005 and Visual Studio 2005, since these are installed they have started to get errors similar to the following:

...............................................................................................

Visual studio just -in -time debugger
...............................................................................................
An unhandled win32 exception occured in ieexplre.exe[528].

posiible debuggers:
New instance of visual studio 2005

.(combo button)set the currently selected debugger as the default.
.(combo button)manually choose the debugging engines

Do u want to debug using the selected debugger?

Yes No
...................................................................................................

Cause: Due to SQL 2005 seems like windows has decided to use Visual Studio debugger for the exceptions instead of sticking to Dr.Watson.

Resolution:
Just_in_time_debugger try to catch exceptions which are not being caught by the program or I could say missing some code. Some times these exceptions does not need to be caught (even though its not good practice for programmers) but because you have Just-In-Time debugger installed/configured it will not only catch it for internet explorer but for other applications as well. In short any application which will have exception which is not being caught you will get this error message. Click on when you see it. You do not need to debug IE.

There are few keys which controls Just-In-Time-Debugger try one of the following:

Please try one at a time only:

1. Go to command prompt using CMD command in run box.
on command prompt run the following Dr.Watson command command and restart computer

drwtsn32 -i

2. Use Regedit and navigate to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug\Debugger

Export Debugger hive and then delete it.

WARNING: this key might resolve this issue of debugger but It might not help you if you are trying to code something and looking for traping mishandled exceptions.

SSCVIHOST.exe - W32.Imaut.AY (Symantec/Norton) W32/Sohana-AO (Sophos) - How to remove it ?

Problem description:
As per few anti virus web sites this virus has symptom where Task manager will get disabled, there will be folders within folder with name "New Folder.exe" and there is unwanted disk movements on the machine.

Cause: This problem seems to be caused by a virus which uses SSCVIHOST.exe to spread itself.

Resolution: Try the following and let us know if this helps:

1. First of go to Safe mode of windows (f8 on the time of start of windows will show you options to choose safe mode), even though many things do not work in safe mode AV software are designed to work in safe mode. In safe mode AV software should be able to remove the viruses. This virus seems like using "SSCVIHOST.exe" binary.

2. Now once viruses are removed we need to find out what is disabled and what is not and also what is going on. If it would be me I will search for "SSCVIHOST.exe" in the registry all together and make sure where ever it is set to run we take that out and restore the original values.

(a) Check the properties of SHELL variable under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and make sure its set to "Explorer.exe"

(b) Make sure that there is nothing within Shared key located at
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares

if you like you can copy the following lines, paste into a TXT file, rename TXT extension to .reg and then merge it to your PC.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares]

(c) I have also heard that this binary adds itself to the yahoo messenger hives of registry:
Go to reg hive HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
On your tight hand side you will see "Yahoo! Pager" reg key its original value is [ "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet ] without braces.


(d) In case if you have Task manager disabled or reg tools disabled use the following:
You might can use the following to restore policies configured on your machine.

Copy the below lined to notepad, save it as policies.reg, and then double click on the file created to merge it

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoWindowsUpdate"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"HideLegacyLogonScripts"=dword:00000000

NOTE: Usually when SSCVIHOST.exe will be deleted virus will not spread any more, BUT since reg entries had reference to this binary they will show errors. That is why we want to clean the registry keys.

Outlook Error: Do you want to save the changed to email.dot

Problem Descriotion:
Now and then I see a pop-up message on my screen "Do you want to save the changes to email.dot?" Options available are 'Yes', 'No' and 'Cancel'

Cause: Clash between Microsoft Office and third part Add-on in installed

Fix: Disable the Add-in which might be clashing
To do this follow the instructions below:

Open outlook,
click Tools,
Click options,
Click Advanced Options
Click Add-in Manager
In Add-in manager window untick the add-in which is not a standard add-in and click ok > ok > ok

In some cases changes might take affect after restart of outlook

Outlook 2003 Error:Your Exchange Server administrator has blocked the version of Outlook that you are using. Contact your administrator for assistance

Outlook 2003 Error "Your Exchange Server administrator has blocked the version of Outlook that you are using. Contact your administrator for assistance" when you try to connect Microsoft Outlook 2003 to newly installed Exchange 2007 server.

I am writing this blog entry keeping in mind that you are comming accross this issue after you finished installing Exchange 2007. While installing exchange 2007 you have selected the option that you have machines with outlook 2003 or earlier.

Cause: When you install Exchange 2007 fresh by default there is no public folder created. Exhcnage 2007 needs public folder created to have Microsoft Outlook 2003 or earlier supported version to connect to Exchange 2007.

Solution: In a new install of Exchange 2007 there might not be any Public folder present, create a Public folder on exchange server and then try to connect outlook 2003. Some times you might have to restart Information Store service on exchange server but that is not always the case.

hPBHK348.exe and 61h3jA00.exe on PC

It’s been while since I worked on my desktop PC. Today while I was working on a network share issue after checking my event logs I have found out entries similar to the following:

Event Type: Error

Event Source: Schedule
Event Category: None
Event ID: 7901
Date: 2/03/2008
Time: 7:00:00 AM
User: N/A
Computer: SUPPORT-32C7206
Description:
The At8.job command failed to start due to the following error:
The system cannot find the file specified.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Naturally if it’s from Scheduler then I should check what I have got scheduled on my pc. I have found out that there were many scheduled jobs which were scheduled to run every hour. See the following which I got after typing AT command line:

Status ID Day Time Command Line
-------------------------------------------------------------------------------
Error 1 Each M T W Th F S Su 12:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 2 Each M T W Th F S Su 1:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 3 Each M T W Th F S Su 2:00 AM C:\WINDOWS\system32\hPBHK348.exe

Error 4 Each M T W Th F S Su 3:00 AM C:\WINDOWS\system32\hPBHK348.exe
…
….
……

Error 45 Each M T W Th F S Su 8:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 46 Each M T W Th F S Su 9:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 47 Each M T W Th F S Su 10:00 PM C:\WINDOWS\system32\61h3jA00.exe
Error 48 Each M T W Th F S Su 11:00 PM C:\WINDOWS\system32\61h3jA00.exe

When I checked quarantine log of my anti virus I have found out that it has taken care of the log files even though sites like http://spywarefiles.prevx.com/RRCAGC44185411/HPBHK348%2EEXE.html mentions that none anti viruses are known to find this infected file(s).

These are malware files, but it is unknown what exactly do they do. But now we know that one more location to search for is %systemroot%\system32 for these files.

To delete all scheduled jobs all I did was to use the following command line:
AT /DELETE /YES

Caution: Please remember that above mentioned command line will delete all scheduled jobs scheduled to run with the help of AT command.

My anti virus has got rid of these files because quarantine period was over else I would have tried to see was coded inside these EXE images.

=Tip of the day=
Make sure you check your event logs time to time . You never know what does on your PC while your family members use it.

IIS Error: Could not create a Disk Cache Sub-directory for the Application Pool

Today while working on an issue I have found out that all of my IIS requests have started to give HTTP 500 error messages, after looking at event logs I have found out error message similar to

The Template Persistent Cache initialization failed for Application Pool 'DefaultApplicationPool' because of the following error: Could not create a Disk Cache Sub-directory for the Application Pool. The data may have additional error codes.

After checking the following folders I have found out that IIS_WPG group was not present.

systemroot\Help\IISHelp\Common
systemroot\System32\Inetsrv\ASP Compiled Templates
systemroot\IIS Temporary Compressed Files

On COMMON folder IIS_WPG should have 'Read and Execute', 'List folder contents' and 'Read' permissions.

On rest of the two folder IIS_WPG group should have full permissions.

After adding the permissions just restarted IIS and dependable services and all worked well.

How to remove LINUX and GRUB/LILO from doul boot machines with Windows XP

****WARNING, before attempting mentioned below please take backup of your important files we take no responsibility of any issue caused by following the steps described below*******

1. Get hold of partition manager which will be able to let you delete partitions you want to delete. ***Still GRUB or LILO could be left on the system, at the end of thsi reply I will mention how to get rid of it*****

2. You can use Linux on CD distributions like Knoppix to boot from the CD and then remover/merge linux partitions to Windows.

3. If you have XP install cd then boot from the CD, log into recovery consol, it comes with a partitioning management utility called 'diskpart' run this utility, this utility will be able to recogise FAT32,FAT and NTFS partition, then it will show you 'UNKNOWN' partitions too, these are the ones which are usually being used by Linux (more than one). More info about this utility is on technet site.

4. Google to download Gnome (a partition editor), you should be able to find its ISO on internet, once you have it burn a CD from the ISO. Once you have bootable cd of Gnome, boot form the cd, this utility will let you manage your partitions too

5. You can also use Windows XP disk management to remove linux partitions and fix GRUB or LILO. Usually windows shows "Unknown partition". It should work for Redhat and Suse Installs.
******HOW TO REMOVE GRUB or LILO LOADER SCREEN******
As I menitoned above, boot from XP cd and go to recovery consol, then you can use FIXBOOT and FIXMBR tools to get rid of GRUB or LILO. There are few articles on these utilities available on technet.microsoft.com

Want to remove GRUB ?
http://en.opensuse.org/SDB:Uninstalling_the_Boot_Manager_GRUB_from_the_MBR

How about LILO ?
http://support.microsoft.com/kb/315224