Error 0x8007007f: A problem is preventing Windows from accurately checking the license for this computer

After you install SP2 for Windows Server 2003 x64 you get the following error message when you try to login using local console or RDP:

A problem is preventing Windows from accurately checking the license for this computer: Error Code 0x8007007f

After performing some research on the internet, this appears to have been a very common problem. A simply reboot fo the server, after the initial post-SP2 install reboot, appears to have resolved all of the problems.

Continue reading “Error 0x8007007f: A problem is preventing Windows from accurately checking the license for this computer”

Sonicwall Registration: DSL MTU PPPoE

A fellow technician had a problem last week with a Sonciwall TZ200 not registering properly. For no apparent reason, when he swapped out the old firewall with a new Sonicwall TZ200, he was unable to properly register the product with the vendor. After opening a support ticket with the vendor, the solution was to change the MTU for the WAN interface from 1500 to 1452.

There are a couple of reasons for this, and let’s review… Continue reading “Sonicwall Registration: DSL MTU PPPoE”

Slow printing PDF to PCL Printers

Printing Slow with Adobe?

When same version and still slow …

Solution 1: Print the file using a PostScript printer driver
Solution 2: Print using Print as Image option in Advanced Print setup.
Solution 3: Change the Print Optimizations setting to “Disabled

Acrobat uses different printing routines based on the type of printer driver your system uses. When you use the PCL printer driver, the spool file sent to the printer is larger than it should be. When you print using the PostScript printer, you will not encounter this problem.

(Updated 07/06/2012: One of the main reasons for this performance issue can be due to printers with very little on board memory, selecting printers with larger on board memory can make a dramatic difference in your printing performance).

Tech Note: Port Conflict leading to RADIUS / IAS / Wireless issues

Apparently there is a chance that a security patch (MS 08-037) can lead to port conflict issues.

There was an issue at one of my clients this morning stemming from this.  The DNS Server was using a port that was needed for the IAS (RADIUS) Server.   The IAS service would not stay running.   As a result wireless clients could not authenticate.

Most of the details are here:  http://support.microsoft.com/kb/953230

There is a registry key that behaves differently for XP/2000/2003 than for Vista/2008.  It’s “MaxUserPort”.  (My assumption is that’s why this is an issue – someone set it to an appropriate value for a new OS but it applied to all of them and ends up breaking some.) For 2000/2003 it defines the maximum range of ports available for dynamic use.  On the affected server this registry key was to 65535 with the implication that the entire port range from 1024-65535 was available for dynamic usage.  IAS could not get its reserved ports as they were in use by DNS.  Deleting the registry key sets dynamic port range back to the default of 49152-65535 and resolved the issue.  I restarted both services multiple times without conflicts.

MaxUserPort

On Windows Server 2003 and Windows 2000 Server, the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort registry subkey is defined as the maximum port up to which ports may be allocated for wildcard binds. The value of the MaxUserPort registry entry defines the dynamic port range.

Installing x32 Print Drivers on a x64 Server

There is information on TechNet for how to do this: http://blogs.technet.com/sbs/archive/2009/02/13/how-to-add-32-bit-print-drivers-to-sbs-2008.aspx

 However I could not get this method to work.  So here are instructions which DO work

 Log into a 32 bit client system as a local administrator.  In this case I used XP.  Not sure how different this will be in Vista.

Remove any instances of the type of printer you are adding.  For example if you need to install HP LaserJet 4050 drivers on the server make sure you do not have any 4050 printers setup on the client.  Also open the Print Server Properties on the client and ensure the 4050 driver is not installed.

Create a mapped printer to the server you would like to install the drivers on.  You will be asked to install the drivers for the printer.  This installs them locally on the client.

Open the printer’s properties and select the sharing tab.  Then click on the additional drivers button at the bottom.

Then select the 2000/XP check box and click Ok.  You will then be prompted to select the location for the drivers.  Use the same path as you used to install them above.

This will copy the print drivers to the server.

If you need to install the same driver on more than one server you must repeat this entire process including removing the drivers from the client.  Based on documentation this should not be necessary but I was not able to update a second server without removing them.  When I tried to update the second server I received an error message “Windows could not locate suitable print drivers” when I tried to update the 2000/XP drivers from the sharing tab.

Windows System Crash Analysis (BSOD)

You are all probably aware of the MEMORY.DMP files in the windows directory. You may also be aware of the Windows\MiniDump directory. These files are created when there is a critical system error usually resulting in an automated reboot or BSOD.

The Memory.DMP file contains debugging information plus the contents of your system’s RAM. This file is overwritten each time a crash occurs. The MiniDump directory contains the same debugging information as MEMORY.DMP but does not include the RAM contents. The MiniDumps are not overwritten so they can be used as a historical reference for identifying crash events.

So the question is how do you use these file???? There is a tool from Microsoft designed to do just that! It is called WinDbg and is part of the Debugging Tools for Windows. (http://www.microsoft.com/whdc/devtools/debugging/)

Download and install this tool. There is an x86 and an x64 version. Once the program is installed open it and choose the file menu then Symbol File Path.

Enter the following: http://msdl.microsoft.com/download/symbols/

This will download the necessary symbols as needed. Symbols are a link between the binary application code and programming language which generated the code.

Once this is done you can choose File – Open Crash Dump. This will open both Memory.DMP and MiniDumps. Once opened the program will begin some analysis.

Click on the !analyze –v link to do a verbose analysis. This may give more information as to the reason for the crash. The faulting application code is listed in the default analysis.

Enjoy!

Troubleshooting and Resolving BlackBerry Activation Issues

blackberry activation

By Ahmed Datoo, VP marketing, Zenprise

Zenprise is partnering with BlackBerry Cool to address how to resolve some of the most common BlackBerry activation problems. Through a series of 10 articles, readers will learn how to identify key log file errors, tests and configurations critical to identifying the root cause of enterprise activation issues. Continue reading “Troubleshooting and Resolving BlackBerry Activation Issues”

Mixed 2003/2008 Domain Controllers: Account Compromised

While working with a Blackberry Enterprise Server install which recommends setting user AD account options to “this account supports Kerberos AES xxx encryption” this setting is not supported in a mixed 2003/2008 AD environment. Be sure to only select the “Kerberos DES encryption” per the BES setup instructions. AES encryption is not supported in Server 2003 DCs, and setting an account that way may result in errors authentication or changing passwords because your computer will try to use the most secure method, AES 256 which the account is marked as supporting, but depending on which DC it hits (2003 or 2008) it may or may not work. Which made isolating the issue a bit harder because it wouldn’t consistently work/not work.

 A couple of symptoms you’ll observe is:

  • Sys-tray pop-up that you account may be compromised
  • Sys-tray pop-up asking you to lock and unlock your computer, and after you complete it, it prompts you again
  • Event ID 14: While processing an AS request for target service, the account did not have a suitable key for generating a Kerberos ticket
  • Event ID 40960: The Security System detected an authentication error for the server…the failure code from the authentication protocol was “(0x80080341)”.
  • Event ID 6: Automatic certificate enrollment for USER failed (0,80072095) A directory service error has occurred.

Of course this issue is not isolated to Blackberry installations but typical out of the box configurations do not have AES selected, so this issue only arises when you’re in a mixed environment and change the setting… and in this case, BES was the case for change.

Blackberry Send-As / Exchange Permission Cache

The Send As permission is stored in Microsoft Active Directory and read by the Microsoft Exchange Server when the user attempts to send an email from the BlackBerry smartphone. Once the permission has been read by the Microsoft Exchange Server, the Microsoft Exchange Server will now cache the Send As permission (either Allow or Deny) for 2 hours, which if a Deny Send As permission for the user is in the Microsoft Exchange permission cache, it will still prevent the user from sending email from their BlackBerry smartphone.

If it has been confirmed that the Send As permission is applied to the user’s account in Active Directory Users and Computers and they still cannot send email from their BlackBerry smartphone, then the Microsoft Exchange permission cache must be cleared before they can send email again.

Restart the Microsoft Exchange System Attendant and Microsoft Exchange Information Store. Restarting these services purges the Microsoft Exchange permission cache and Microsoft Exchange will read the current Send As permission from Microsoft Active Directory when the next the user sends an email.

Important Note : Restarting the Microsoft Exchange System Attendant and Microsoft Exchange Information Store is not recommended by Research In Motion.

Powered by WordPress.com.

Up ↑