Saturday, December 20, 2008

Can not reach company website from internal network

Our internal and external domain are the same, for this discussion let's assume that domain is "". We switched webhost and we started to have issues with not being able to reach our company website "" from the internal network. If your internal and external domains are the same, then your internal computers will look for "" to be inside your network, even if your DNS forwarders are working fine. If you are having same issue then you have to know that there are couple of things you have to do in your internal DNS so that your internal computers can resolve your website,

In your Internal Network on your DNS server create a new Forward Lookup Zone. Go through the new Zone creation wizard. When asked for name, name this Zone www
After the zone is created, created a Host (A) Record in this forward lookup zone that points to the IP address of the host that is hosting your website. You can leave the name blank, your host record would look something like this.


same as parent folder Host (A) (this is the IP address of the external host)

Please note, that if you know the FQDN (fully qualified domain name) of the host that is hosting your external website then you don't have to create the new zone, you can just create an Alias (Cname) record in the Forward lookup zone of your domain pointing to the FQDN of that host.



SSL Certificate Expiration error on Web Interface Server after renewing

Yesterday I renewed our SSL Certificate on Citrix Web Interface Server. I went through the drill of creating the CSR and then sending it to Entrust. After renewing the certificate in IIS, the user's were still getting the error that the Certificate was expired.

We have Citrix Secure Gateway installed on the WI server, turns out after you renew the certificate in the IIS, you have to run the CSG configuration wizard to replace the current certificate. When you run the CSG wizard there will be a step where you will be shown your old certificate and your new one, you just pick the new one and complete the wizard and that should take care of the above issue.

Friday, December 19, 2008

Renewing Certificate on Web Interface Site with CSG

I am running Citrix Secure Gateway on my Web Interface Server. When my SSL certificate expired on the site I renewed with the CA. After I installed the new certificate on IIS, I started having couple of issues.
First, the default site would not start. It was in a Stopped state and when i tried to start it, I receved the error:

" The process cannot access the file because it is being used"

This was because the default site had it's SSL port set to 443, and if you have CSG installed, by default it will use Port 443 for SSL, so change the SSL port in the Default site to 444. This resolved the issue for me and the default started with no error message.

Thursday, August 7, 2008

Quickbooks and Terminal Server 2003

If you call Intuit tech support and ask them about Quickbooks on Terminal server the answer most likely you will get is that "Quickbooks is not supported on Terminal Server" . Only Quickbooks Enterprise is supported on Terminal Server.

However, I was not going to NO for an answer so I started doing some research and found that there are tweaks that one can use to make Quickbooks to run in a Terminal Server environment.

Users must be given some special priveleges for this to work, here are the steps that I used that worked for me.

  • perform a normal installation of QuickBooks (in install mode!)
  • reboot
  • enter install mode again (change user /install), start QuickBooks and activate it by entering the registration code (this is a crucial step, and must be performed immediately following the reboot
  • go back to execute mode (change user /execute)
  • copy the %systemroot%\Intuit folder into each users %userprofile%\Windows folder
  • create a Quickbooks Users group
  • add your users to this group
  • give the group Full Control to HKEY_LOCAL_MACHINE\Software\Intuit\QuickBooksRegistration
  • give the group Full Control to HKEY_CLASSES_ROOT\.QPG
  • give the group Full Control to HKEY_CLASSES_ROOT\obja.obja
  • give the group Full Control to HKEY_CLASSES_ROOT\Quickbooks.application - QB Premier 2004 only?
  • give the group Modify rights to the %Program Files%\Intuit folder
  • give the group Modify rights to the %Program Files%\Common Files\Intuit folder

Printing Issues:

Printing is always a challenge in Terminal Server Environment and with Quickbooks there are couple additional caveats.

If your printer is working in all other applications except for Quickbooks chances are that the printer has a long printer name. Quickbooks does not support printer names longer than 64 characters,
So you must shorten the name of the printer on your end and then reconnect to the terminal server.

Thursday, July 31, 2008

Adobe 8.0 Installation Error 1406

Yesterday I ran into an issue with installing Adobe 8.0 on a user's computer which was running Windows XP SP2. The installation error was 1406, access is denied. It pointed to certain keys in the registry which the installation program could not write to.

After checking the permissions on the registry keys that the error pointed to, I found out that the I was not set as the owner on these keys.

After changing the permissions on the registry keys (changing ownership), the program installation continued without a hitch.

Please note that to get the details on how to change the registry key permissions please refer to the Adobe forum that talks about the error 1406.

Thursday, July 10, 2008

Restoring deleted emails from Outlook 2007

Recover deleted emails in Outlook 2007

Have you ever accidentally deleted an email that you needed and you didn’t know how to get it back? If you are using Microsoft Outlook 2007, there is a possibility that you can get that email back. Microsoft has a very easy way to see the emails that it can recover from the depths of your email.

Make sure you have Outlook 2007 open. On the main menu click “Tools” and click the “Recover Deleted Items” option.


The Recovery window will open and display all emails that can be recovered. Click on the email(s) that you want to recover and click the “Recover Selected Items” button (it’s the second button in the top menu).

Recover Window

All emails that you have selected will be put back in the original folder that you deleted them from. So if you deleted the item straight from your Inbox, the email will be put back in your Inbox.

Tuesday, January 29, 2008

Your out of office settings cannot be displayed, because the server is currently unavailable. Try again later

Your Out of Office settings cannot be displayed...what's wrong?

Ever seen this error message when you try to run the Out of Office assistant from within Outlook 2007? "Your Out of Office settings cannot be displayed, because the server is currently unavailable. Try again Later."

You will notice this with mailboxes homed on Exchange 2007 mailbox servers, using Microsoft Office Outlook 2007. When you try to set the Out of Office assistant using Outlook Web Access, it works just fine, as can be seen below:

But what can cause this problem?

Reason 1: Wrong Autodiscover Service settings
Reason 2: Wrong certificate
Reason 3: Wrong permission settings on the EWS virtual directory.
Reason 4: Logged on with another user account

Let's review all these reasons, and possible solutions.

Reason 1: Wrong Autodiscover Service settings

To review the settings retrieved by Outlook 2007, click on Ctrl and right-click the Outlook symbol in the System Tray, this will allow you to check the Autoconfiguration settings, as can be seen below:
If you see a wrong URL listed, like one that isn't reachable for the client, you can change the URL by using the Exchange Management Shell cmdlet Set-WebServicesVirtualDirectory.

Reason 2: Wrong certificate
You should make sure that the certificate is a valid one, and is listed as the certificate its common name, or is one of the SAN on the certificate.
Check the URL, and check the certificate as can be seen below:
If you want to create a new certificate including all the necessary domain names, have a look at this great tool to help you:

Reason 3: Wrong permission settings on the EWS virtual directory.
Out of Office assistant does not work if in IIS, the anonymous user has received permission on the EWS virtual directory! So remove the Anonymous user, and run IISRESET to restart IIS.

Reason 4: Logged on with another user account
If all other reasons are not causing the problems, you may want to check this one. If you open the mailbox of user X, while logged on as user Y, your Out of Office assistant will not work, even if you have provided the credentials of user X when starting Outlook 2007! You will need to log on as user X, or you will need to start Outlook 2007 and run it as user X :-)

Hopefully your problem with OOF is gone now :-)

Tuesday, January 1, 2008

How to move WSUS content to a different drive

If you are running out of diskspace where WSUS downloads it's content, you can move the content to a different drive / partition using the wsusutil.exe

WSUSutil.exe is a tool that you can use to manage your WSUS server from the command line. WSUSutil.exe is located in the %drive%\Program Files\Update Services\Tools folder on your WSUS server. You can run specific commands with WSUSutil.exe to perform specific functions.

When you run this command, WSUSutil.exe does the following:

• Copies the update files from the old location into the new location.

• Updates the WSUS database to refer to the new location of the update files.

The destination folder where update files are moved to must be on an NTFS partition. The content move tool will not try to copy update files if they already exist in the destination folder. WSUSutil.exe sets the same permissions on the destination folder that were set on the original folder.

wsusutil movecontent contentpath logfile -skipcopy

example: let's assume the original content was under c:\wsus\wsus content, to move this to the d: drive, you would first create a folder on the d:\ drive called wsus and then run the tool with following parameters

wsusutil movecontent d:\wsus c:\wsuslog -skipcopy