Wednesday, October 26, 2011

Happy Diwali and a Prosperous New Year




On this auspicious occasion, I would like to wish each and everyone of you a very Happy Diwali and a Prosperous New Year. Enjoy the sweets and savories with loved ones and make merry of this special day, a day that has been held special for generations.

For those that would like to know more about this special occasion, here is a wikipedia article on Diwali

Friday, October 21, 2011

Remote Desktop Client Asks for Login Username and Password - How to Disable this

Generally with time, newer versions of software get released. These releases are necessary to fix issues in the previous version and also to add new features.

However, sometimes the new features are not necessarily easily adopted. This can be quite evident when you have to re-learn what you have got into a habit of. Tell me, how many of your users (including you?) cried when trying to find the print button once you moved to Office 2010?

Remote Desktop Client (RDP) is one of the most used tools for any IT Admin. It gives you an easy way to connect to a server/computer without physically having to be there. But as of version 6, whenever you try to login to any server, before the client even initiates the connection, it prompts for the username and password. Now this can be ok, but at times you would rather enter the credentials at the logon prompt that the server shows on its desktop... well at least there are times when I would like that :)

I found how to do this using a tweak done on the default.rdp file. I thought I would share this so that others could benefit from it as well.

1. Locate the Default.rdp (located in your My Documents folder) file and open it in Notepad.
2. Add a line with the following
enablecredsspsupport:i:0
3. Default.rdp should now look something like below
redirectposdevices:i:0
authentication level:i:0
enablecredsspsupport:i:0
prompt for credentials:i:0
negotiate security layer:i:1
3. Save the file and then exit from Notepad

Now when you start RDP, you will not be prompted for your credentials.

Hope this comes in handy for those that have been nagged by this feature.
[the full document describing this tweak can be found here

Thursday, October 20, 2011

Where are attachments opened inside Outlook Stored?

One of my users had received a document via email and for some reason instead of saving the document and then editing it, he opened it straight out of Outlook and started updating it. Having lost documents in the past due to not saving them continuously, he kept on saving his edits every 5 minutes. 2 hours later, when he finished updating the document, he closed it and went for lunch.

On his return, to his amazement, he could not locate the word document. After about 5 minutes, he realised that instead of saving the document to his computer first, he had started working straight from the email :(

Now how many of you have come across similar situations? Well, the mere fact that you are able to save updates to the document means that they ARE BEING SAVED SOMEWHERE. Just where is the mystery :)

Well the short answer is that they are stored in a secure temporary folder. The location depends on the version of Outlook you are running and can be easily found by looking at some registry values.

For Outlook 2010, look for the value name OutlookSecureTempFolder under

HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Security
or
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Security


For Outlook 2007, look for the value name OutlookSecureTempFolder under

HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\Security
or
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\12.0\Outlook\Security

Outlook 2003, look for the value name OutlookSecureTempFolder under
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\Security
or
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\11.0\Outlook\Security

The actual Microsoft document detailing the above can be found here

Hope this comes in handy

Sunday, October 9, 2011

Cannot sign in to Lync. Lync was unable to sign in. Please verify your logon credentials again


I came across this very weird error when trying to access my Lync Server using our Edge Servers.

To add some background, I was using a non SOE laptop, running Windows 7 64-bit. Below is a description of the problem

1. I started my Microsoft Lync 2010 Client.
2. I entered my sign-in address (my client was set to Automatic Configuration). I clicked on Sign In
3. My client found my server and prompted me for my credentials.
4. I entered my username/password and clicked on Sign In
5. After some time, I got the error shown above.

No matter, how many times I tried entering my password, the same error kept on coming up.

Finally, after some searching I found out that the error was due to a mismatch in NTLM settings between my Lync Server and my client computer. My Lync Server was expecting a 128bit encrypted secure session from the client but my client was not doing this (this is the default setting on a Windows 2008 R2 server). Here is the KB article for it from Microsoft.

I had two options
1. Configure my server so that there was no explicit requirement for the 128bit encryption
2. Change my client computer to have a minimum of at least 128bit encrypted session

I chose to do 2. since I did not want to lower my session encryption.

To do this, on my local computer I did the following.
1. Opened up the Local Group Policy Editor
2. Browsed to
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

and changed both above from No minimum to Require 128-bit encryption

If you want to lower the server security settings, on the Lync Server, open up the Local Security Policy Editor (or your GPO Editor and then Default Domain Policy), then go to

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) clients

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Network security: Minimum session security for NTLM SSP based (including secure RPC) servers

and make sure the above are set to No Minimum (you will have to untick the 128-bit requirement)

This saved me a days anguish and hope others find this helpful.

(Special thanks to Rohit Gulati's Blog )

Thursday, October 6, 2011

Steve Jobs: The Thomas Edison of the 21st Century



You all might have heard by now that Steve Jobs passed away today. It surely is a sad day, the day when the world lost one of its most influential and inventive beings. Steve was a visionary, pioneer and above all, a tremendous leader. His legacy lives on, enriching billions in their daily lives. Hats off to you Steve.

I managed to find a speech that Steve gave to Stanford students. It is really moving and breathtaking. I urge you all to share in the dream that this great man dreamed.

Steve Job's 2005 Stanford Commencement Address

Wednesday, October 5, 2011

The Certificate is Invalid for Exchange Server Usage

Recently I came across a problem while installing a new certificate on my Exchange 2010 server. Once I had installed the certificate via EMC (Exchange Management Console), I found out that I could not assign any services to it. In the status column for the certificate, there was an error displayed "The Certificate is Invalid For Exchange Server Usage".

I checked the certificate details to ensure everything was correct and superficially, everything looked fine. I checked the thread of trust, and it was correct as well. I then did some searching on the web and found this excellent article on the issue http://exchangeserverpro.com/exchange-server-2010-certificate-invalid-for-exchange-server-usage-error .

Unfortunately, my issue was not as easily solved as listed in the article above. So I decided to tackle the problem from its foundation.

1. I opened up the Certificate mmc.
2. Here I found the issue! For some unknown reason, my certificate's Intermediate CA and Root CA certificate were in the incorrect certificate store (they were in the Personal certificate store!).
3. I exported the Root CA and Intermediate CA certificates and then deleted them from the Personal Certificate Store.
4. I imported the Root CA into the Trusted Root Certificate Authority and the Intermediate CA certificate into the Intermediate Certificate Authorities certificate Store.

I then refreshed the EMC and viola, the message beside the Certificate now read The Certificate is valid for Exchange Server usage :)

Internet Explorer - Disable Addon

Addons extend the functionality of Internet browsers. This can be a good thing, but at times, they themselves can be the cause of problems.

Whenever troubleshooting issues with web based clients, once I have re-created the problem, I disable addons and check, to ensure the issue is not caused by them.

A simple way to do this with Internet Explorer is to start it from the run box with a switch that tells it to do exactly that.

Go to the Run box (Start\Run or if in Vista and above, click on the Windows Circle and then type in the search box at the bottom) and then type
iexplore.exe -extoff

This will start Internet Explorer with all addons disabled. If this rectifies the issue, then most likely your problem lies with one of the addons. Try enabling one at a time and see if the problem reappears. If it does, then the last addon that you enabled is the culprit. In which case, disable it and see if the problem gets resolved.

Happy troubleshooting :)