Category Server 2008

How to reset an AD RMS Client

A while back I had to un-deploy an old AD RMS deployment and then deploy a new AD RMS cluster. After deploying the new RMS some of the clients on the network did not have Permission (RMS) under the Options tab within Outlook. I narrowed it down to those clients that used RMS when the old RMS implementation was still in place. There is a way to reset these clients so that they can start over and connect to the new RMS server.

This can...

Read More

How to install Active Directory Rights Management Services

One of the best features of Active Directory in Windows server 2008 is a security tool called Active Directory Rights Management Services (AD RMS). AD RMS allows organizations to secure content such as word documents, excel spread sheets, email’s and even can be integrated in SharePoint. A user would need to be authenticated before they could access the data from any of those content sources. I know this topic has been covered before but I wanted to post the steps from my deployment of AD RMS.

A Windows Server 2008 domain is required before you begin.

On the server you will deploy AD RMS on:

  • Open Server manager
  • Expand Roles
  • Right click and select Add New Roles
  • Click Next
  • Select AD Rights management Services and click next


The following roles will need to be added as well.

  • Click Add Required Role Services.


  • Click Next

You can explore more about AD RMS on the next window by clicking any of the links. When done click next.


Here you have an option to add Identify Federation Support. You can add this now if you will use it or come back in and add it later.

  • Click next when ready.


Now create the new AD RMS Cluster. If you already had AD RMS you would be adding to an existing cluster.

  • Click next to continue.


Now you need to select where to store the AD RMS databases. This can be on an internal windows database or a SQL instance. I typically put mine on a SQL instance. This gives me better control over performance and better ability to backup.

NOTE: you have to click Validate before you are able to click next.


Now you need to specify a domain account that will be AD RMS.


I created ...

Read More

Publish a users Desktop as a RemoteAPP on RD Web Access

Have you ever needed to give a user access to their desktop on a Remote Desktop Services Server?  In my situation I had a user that was accessing an application via Remote Desktop Web Services. This user would also use Excel and pull reports from the applications database. These Excel reports would save locally on the server not the end users desktop.

I needed a quick and easy way for the user to access these reports in the event he needed to pull them back up. I also needed a way to accomplish this without confusing the user about being on his local desktop or the servers desktop. One of the requirements was also that the user was not allowed to log onto the server directly so having him access the desktop that way was not possible.

What I did was created a simple batch file that puts the user right into his desktop and then I published this batch file to the user via the RD Web Access interface. The end result is that he would get a Windows Explore window with all of his Excel files listed when he clicked on the app.

Here are the steps I took to set this up:

I created a batch file called USERNAMEDESKTOP.bat The file contained this syntax:

explorer.exe C:\Users\USERNAME\Desktop

I placed this in a central location in this case I created a folder called: example C:\RemoteAPP Scripts. I made this folder in case we need to create more scripts like this in the future.

I then went into RemoteAPP Manager and published the app to the user.


I then went into the properties of this app and changed the icon from the standard command prompt icon to the desktop icon.

Here is the path to the Windows icons: C:\Windows\system32\imageres.dll


Now go to your RD Web Access site and login. You will see the new desktop icon (batch file) next to your other apps. Go ahead an launch this to test it out.


Windows explorer will open in the users desktop on the server. You will know this is a Remote App because it will look different on the Windows task-bar as seen here:


That’s it now the user can save and access their Excel reports at anytime with ease.

Read More

How to manually remove AD RMS

There may be a time when an AD RMS install goes bad or you have to remove it for whatever reason. In my case this was deployed by someone else and it needed to be removed because it was not deployed correctly. RMS was not working properly to the point where you could not get into the console.

Because it was not working I could not use the traditional way to de-commission it. I had to force a removal of RMS which should always be a last resort. Here are the steps to do this:

Go and download the AD RMS toolkit from here:

Install the AD RMS toolkit

  • Open an elevated command prompt
  • CD out to %systemdrive%:\Program Files (x86)\RMS SP2 Administration Toolkit\ADScpRegister\
  • ADScpRegister.exe unregisterscp


  • Uninstall the RMS role from the server through the Server Manager.



  • Remove RMS sites from IIS if they are there after you have removed the role. NOTE they are typically removed automatically but I have seen this not happen before.


  • Reboot the server
  • Remove RMS databases that are left over. NOTE you will need to do this manually.


Now RMS should be completely removed from our environment and you can re-deploy if need be.

Other RMS removal links:

How-To: Remove Crashed or Dead AD RMS Nodes from the cluster:

Read More

Configure Windows to Automatically connect to VPN

I recently had a need to setup a server that would automatically connect to VPN on Windows startup. On this remote site I did not have a router with VPN tunnel capability. You will need to perform 3 tasks.

1. Create the VPN connection

2. Write a batch file to connect to VPN

3. Create a scheduled task in Windows task scheduler that will kick off the batch file at Windows start up

Here are the steps in detail:

1. Create your VPN connection

I am not going to go through all the steps of creating a VPN connection in Windows. I assume that you would not be reading this post if you did not already know how to create a basic VPN connection. However there is a setting in the VPN connection that you will want to set. This setting is:

  • On the VPN connection Options tab set the Redialing options. Select Redial if the line is dropped. This will attempt to reconnect the VPN connection if it detects that it has lost the connection. This is helpful if the internet connection drops and comes back.


2. Create a VPN auto connect batch file.

It should consist of

cd C:\Windows\System32\


Replace “DOMAINNAME\USERNAME” “PASSWORD” with your own. Save this batch file on your %systemdrive%. When you are done you should have a AUTOVPN.bat file.

3. Setup the VPN auto connect task in Windows Task Scheduler

  • Open Windows Task Scheduler and create a scheduled task named “AUTOVPN” and give it a description. Select run whether user is logged on or not. Select Run with highest privileges then click on the Triggers tab.


  • On the Triggers tab and create a trigger for the task and select to Begin the task At startup from the dropdown.
  • Under Advanced settings chose to repeat the task on an interval that you are comfortable with. I chose every 15 minutes. Also set the duration to indefinitely.


  • Click on the Actions tab and click the New button to set an action...
Read More

Restore Exchange 2007 using Windows Backup

When I first started working with Exchange I could not find any information that lays out step by step or in an easy to follow format on how to backup and restore mailboxes in Exchange 2007 that have been backed up by Windows backup that comes with Server 2008. I went through the hassle of figuring out these steps. I want to share these 5 steps through this blog post. In this post we are working on Small Business Server 2008 so everything is on the same server.


  • Launch Windows Backup. Click on Recover and restore your Exchange data to an alternate location. Be sure to document the location you restore to. This is going to restore your Exchange .edb and all the log files. The steps in the wizard are below in the form of screen shots.









  • Open Exchange Management Console. Go to Toolbox then Database Recovery Management. Now create a Recovery Storage Group. Leave the defaults.





  • Now navigate to the alternate location that you restored your Exchange backup to. Copy the .edb database and all the log files to the Recovery Storage Group directory. This will typically be named something like: RSG20101227144101 and will be located in: %systemdrive%\Microsoft\Exchange Server\Mailbox\First Storage Group. and rename the files. VERY IMPORTANT: Change the first letter of...
Read More

Setup & configure a certificate authority on Windows Server 2008

So you host a bunch of internal SharePoint sites, Websites and other internal web applications. You want to secure them with SSL but you cannot afford a certificate from a third party certificate authority right now.  I am going to walk you through installing a new CA, request a certificate, approve a certificate and then install a certificate.

CA Install:


Go to start and click on “Server Manager”

Select ”Roles”


Click on “Add Roles”


Select “Certificate Services” and click next


I typically choose “Certification Authority” and “Certification Authority Web Enrollment” and click next

NOTE: I choose the web enrollment so I can request certificates and download them from the web browser.


I chose “Stand Alone” on the next screen

NOTE: You can choose “Enterprise” to integrate this CA with active directory. I chose not to in my setup.


This is the first Certificate Authority so choose “Root CA” then click next



Choose “Create new Private Key” then click next


Leave the default unless your needs require you to choose another type of security. Click next


Give your CA a name and click next


Set the validity period (This is the number of years for which your CA’s certificates are valid before it expires) I chose 10 years. Click next when you are done setting this


This next screen shows you where the certificate database...

Read More

How to setup VPN Access on Server 2008

In this post I will cover how to setup and configure a Windows 2008 server as a VPN server. There are several different steps and configurations that need to be done. There are 4 parts to this setup that I will walk through.

Part #1 Installing NPAS and RRAS:

Open Server Manager and open roles



Click on add roles and add the Network Policy and Access Services role (NPAS)

Click next on the informational screen

On the role services screen choose Routing and Remote Access Services (RRAS) and click next


On the next screen click install

When it is done it will give you a screen telling you if it installed successfully or failed

If it was successful click close and choose to restart when it prompts you

Part #2 Configure RRAS:

Open Server Manager

Expand the Roles tree

Expand NPAS and right click on RRAS choose configure

OPTION #1 = If you have two network cards choose “Remote access (dial-up or VPN)”


OPTION #2 = If you have one network card choose “Custom configuration”


NOTE: It is recommend to use two network cards

OPTION #1 = Click next and select the VPN box


OPTION #2 = Click next and check the VPN box


On the next screen when prompted click start service and then click finish


Part #3 Configure VPN user group:

Go into your Active Directory and create a group for VPN access...

Read More

App crashes on Vista/Server 08

So I have had certain software crash under Vista or 2008 Server while other applications on the same machine work just fine. Here is one of the errors I see:

Problem signature:
Problem Event Name: BEX
Application Name: EXECUTABLE.exe
Application Version:
Application Timestamp: 4896b682
Fault Module Name: StackHash_3884
Fault Module Version:
Fault Module Timestamp: 00000000
Exception Offset: 002ca978
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.0.6001.
Locale ID: 1033
Additional Information 1: 3884
Additional Information 2: b68e6d6fa0c9967afbd16b6d0b9e4ef4
Additional Information 3: 6276
Additional Information 4: a9fd8ecff73ec5510247cf946efdd405

This could be caused by copy protection. Here is how I resolved it:

  • Click on start and select run
  • In run type sysdm.cpl. This will bring up system properties.
  • In system properties click on the Advanced tab.
  • Click on settings under Performance.
  • A new window pops up select the Data Execution Prevention tab.
  • Turn on DEP for all programs and services except those I select should be checked.
  • Click on Add and browse to the path of whatever version of software you are using and select the executable.


You will be brought back to the Data Execution Prevention tab and you will see your executable selected click ok.

Go ahead and try lau...

Read More