Category Archives: Microsoft

All Microsoft Products (Exchange, SQL, Windows, Server)

Linux, Microsoft, Miscellaneous

KMS Setup and Citrix XenDesktop

Leave a comment

I might split this off since KMS doesn’t need Citrix and Citrix doesn’t need KMS. But for my environment I needed both.

Background
I had installed a KMS server (Key Management Services server) for a recently-deployed Citrix XenDesktop environment. XenDesktop does NOT support MAK keys for the shared desktops (although it technically works), and instead lets me know to use KMS. KMS is really nice now that it’s working.

I actually ended up installing KMS on the WSUS server. Things I found out (my notes, take with a grain of salt since I haven’t gone back over it nor verified anything):

Prerequisites

  • Server 2008R2 Installed and configured on an AD Domain (member server or domain controller OK)
  • Server 2008R2 KMS Key (VLSC site at Microsoft)
  • Client KMS Keys (see below)
  • Hypervisor (for XenDesktop VDI) – Hyper-V, VMWare ESXi, XenServer are all supported. I use XenServer 6.1 although 6.2 just came out.

Common Client KMS Setup Keys
Full List found here (http://technet.microsoft.com/en-us/library/jj612867.aspx and http://technet.microsoft.com/en-us/library/jj219430.aspx)

Windows 7 Professional
FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 7 Enterprise
33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Windows 8 Professional
NG4HW-VH26C-733KW-K6F98-J8CK4
Windows 8.1 Professional
GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
Windows 8 Enterprise
32JNW-9KQ84-P47T8-D8GGY-CWCK7
Windows 8.1 Enterprise
MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Windows Server 2008 R2 Standard
YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Windows Server 2008 R2 Enterprise
489J6-VHDMP-X63PK-3K798-CPX3Y
Windows Server 2012 Standard
XC9B7-NBPP2-83J2H-RHMBY-92BT4
Windows Server 2012R2 Standard
D2N9P-3P6X9-2R39C-7RTCD-MDVJX
Windows Server 2012 Datacenter
48HP8-DN98B-MYWDG-T2DCC-8W83P
Windows Server 2012R2 Datacenter
W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
Office Professional Plus 2010
VYBBJ-TRJPB-QFQRF-QFT4D-H3GVB
Office Professional Plus 2013
YC7DK-G2NP3-2QQC3-J6H88-GVGXT

Install And Activate Your KMS Server
Add the product key (your KMS key from the VLSC) on your server and activate with Microsoft. If you utilize the GUI you will receive an alert saying “Are you sure you want this to become a KMS Server in your environment?” I used the command line instead:
slmgr /ipk YOURPRODUCTKEYHERE
slmgr /ato
If you receive any errors, you will not be able to proceed much further.

You can also use the Volume Activation Management Tool (VAMT).

KMS For Office Products
Download the Office 2010 KMS Host License Pack
http://www.microsoft.com/downloads/en/details.aspx?displaylang=en&FamilyID=97b7b710-6831-4ce5-9ff5-fdc21fe8d965
And install/run the executable
The wizard will ask for your KMS key for Office – enter that.
To install a new Office Key, simply type:
ospp /inpkey:YOURKMSKEY
ospp /act

Verify KMS Is Working
You must have 5 or more SERVER clients or 25 or more CLIENT clients trying to activate. Every 6 months. The KMS activation is good for 180 days before it needs to re-register with your KMS server.
Command line find out the number of activations
slmgr /dlv
Your pop up will display the following key information: The KMS channel your server belongs to (B channel for me), License status, Current KMS count, and number of requests received.
There is a KMS Emulator that can artificially inflate your numbers on the KMS server:
KMSClient.exe 1688 127.0.0.1 Windows
KMSClient.exe 1688 127.0.0.1 Office2010
KMSClient.exe 1688 127.0.0.1 Office2012

Citrix – Initial Setup

  1. Create a new virtual guest – I ended up using Windows 7 SP1 x64 Enterprise (Pro for proof of concept, Ent for production use)
  2. Install all updates and software required on the base image. I ended up with the OS, Antivirus, Java, Flash, and Reader installed by default.
  3. Join this guest to the domain if applicable.
  4. Install the Virtual Desktop Agent – I ended up “sharing” the XenDesktop Installer CD from the primary DDC XenDesktop system (\\xendesktopserver\sharename)
  5. Shut down the VM by using the Desktop Agent – in my case I had a virtual private disk as well, so this is very necessary with all changes
  6. Take a snapshot of the VM – name it “PREARM”
  7. Start the VM back up and rearm the Activation Key
    slmgr /rearm

  8. Shut down the VM by using the Desktop Agent
  9. Take a second snapshot of the VM – name it “ARMED”
  10. Use this second image (“ARMED”) as the base for your XenDesktop rollout

Updating the Master Image

  1. Roll back to the snapshot “PREARM”
  2. Startup the VM
  3. Make any changes/updates
  4. Shut down the VM by using the Desktop Agent
  5. Delete the current “PREARM” snapshot
  6. Take a snapshot of the VM – name it “PREARM”
  7. Start the VM back up and rearm the Activation Key
    slmgr /rearm

  8. Shut down the VM by using the Desktop Agent
  9. Delete the current “ARMED” snapshot
  10. Take a second snapshot of the VM – name it “ARMED”
  11. Use this second image (“ARMED”) as the base for your XenDesktop rollout

***EDIT***
I couldn’t get my office 2010 laptop to activate against the KMS host. I verified that the DNS entry was added:
nslookup -type=srv _vlmcs._tcp

Port 1688
Srv hostname MYSERVER.MYDOMAIN.TLD

The eventviewer showed “The client has sent an activation request to the key management service machine” along with “0xC0020017, 0X00000000, 127.0.0.1:1688”
That’s why! 127.0.0.1! Localhost my arse.

You can change this by setting the host:
Open a command prompt with admin privs
cd\program files\microsoft office\office14 (or 15)
cscript ospp.vbs /sethst:YOURSERVER_FQDN.domain.tld
Then activate
cscript ospp.vbs /act
Success!

To set this back to default:
cscript ospp.vbs /remhst

To change the key:
cscript ospp.vbs /inpkey:YOURKEYHERE

Remote key:
cscript ospp.vbs /inpkey:KEY COMPUTERNAME
cscript ospp.vbs /act COMPUTERNAME

http://technet.microsoft.com/en-us/library/ee624350.aspx

NON-Domain Systems KMS Activation
cscript \windows\system32\slmgr.vbs /skms FQDN_OF_KMS_SERVER:port
-or-
cscript \windows\system32\slmgr.vbs /skms IPADDRESS_OF_KMS:port

Microsoft

Dell OpenManage 7.x on 2950

1 Comment

Brand-new (used) PE2950 server redone with Windows 2008 R2 SP1. I wanted OpenManage on there – for obvious reasons – so I attempted to install version 7.1.xish but was hitting a small snag with the installer.

I was receiving the following error:

The installer has detected that the HTTPS listener is not configured for Windows Remote Management. You can either configure the HTTPS listener before installing Remote Enablement, or install Remote Enablement now by selecting the “Custom” installation screen and configure the HTTPS listener later. See the “Remote Enablement Requirements” section in the “Dell OpenManage Installation and Security User’s Guide” for information on configuring the HTTPS listener. Note: Remote Enablement is required to manage this system from a remote Server Administrator Web Server and is applicable only for those systems that support Server Instrumentation. Click here to configure HTTPS Listener for Windows Remote Management.

Generally the Dell installers will help you with the dependencies and all will be solved by the end. Unfortunately, clicking on the “configure HTTPS Listener for WRM” wasn’t exactly doing anything correctly – rescanning dependencies resulted in the exact same error.

Brief check found that it’s because of an SSL/Certificate issue. This system is on a domain, and there is a certificate authority authorized with AD – the CA is running on a 2003 R2 server (with hopes to upgrade once we get rid of all the pesky 2003/XP systems).

To fix:
Open MMC
Add the Certificates (Computer Account) and connect to the Local Computer
Drill down to Certificates, Personal
Right-click on Personal and select All Tasks, then Request New Certificate
Follow along on the wizard - this will create a computer authorized certificate for use in the Domain environment
Rescan the dependencies
Profit

Unfortunately I continued to receive another warning – something about “all is well, but I want to warn you anyway”. The installation worked anyway even with Typical selected.

Linux, Microsoft

Nas4Free Samba Home Directories Active Directory

3 Comments

Wow that title is a mouthful. So I installed Nas4free (9.1.0.1-636) on a server with ample storage and wanted to give my end users access to this storage. Why Nas4free? Because it’s freakin easy to administer, fast, and ZFS snapshots are pretty damn nice. And free.

So, nas4free on a server. I also had active directory with about 120 windows users. Hell if I’m going to setup 120 “local” users on nas4free AND have to manage 120 “local” users passwords when they forget. No way. So I could either use LDAP or Active Directory – in my case I chose AD.

Under Access, choose Active Directory (This actually joins the server to your domain, so I assume your network and other settings are already correct)
Domain Controller name: MYDC1
domain name (DNS): MYDOMAIN.LOCAL
Domain name (NetBIOS): MYDOMAIN
Administrator name: ADMINISTRATOR
Administration password: ******

Save. Then verify that it joined your domain by clicking on Diagnostics, then Information. Click on MS Domain.
You should see the line “Join to ‘MYDOMAIN’ is OK” and “checking the trust secret for domain MYDOMAIN via RPC calls succeeded” as well as a list of all of your domain user accounts imported.

But then I needed to change CIFS/SMB to allow my users:
Click on Services then CIFS/SMB
Authentication should already be set to Active Directory. I had issues with protocol, so I changed it to NT1. I also changed the workgroup to be the netBIOS name from above.

Then, on shares, I created a HOmeDirs with the following path
/mnt/zfs/zfsdataset/homedirs/%U
Made it browseable and with Guest Access enabled
Then enabled Shadow Copy
In AUX parameters I entered:
valid users = %U
force user = %U

Then, all you have to do manually is create each directory:
SSH to your nas4free
mkdir /mnt/zfs/zfsdataset/homedirs/USERNAME1 etc

I ended up chmod -R 777 /mnt/zfs/zfsdataset/homedirs

Microsoft

Pidgin Spellcheck Support

Leave a comment

Installing pidgin on a new system and it is failing at installing (downloading) the spellcheck installation files from the openoffice site. So here’s the “fake” way of doing the same stuff:

Install Pidgin
Download http://it.thelibrarie.com/utilities/en_US.zip
Create the directory structure C:\program files (x86)\pidgin\spellcheck\share\enchant\myspell
Unzip the en_US.zip file and grab all of the files – copy to the newly created myspell directory from the previous step
Open pidgin – you now have spellcheck support

Microsoft

Remove McAfee Agent

2 Comments

I had a system with McAfee installed – originally it was pulling updates and rules from an EPO server on site, but the EPO server had been retired and most other systems were migrated to other antivirus suites (Nod32). Unfortunately a laptop was having issues and McAfee had not been removed.

The enterprise antivirus suite had been removed successfully using add remove programs, but the Agent was giving the following error:

McAfee Agent cannot be removed while it is in managed mode.

Since the EPO server was long gone, I attempted to remove the agent manually:
Start > Run > CMD (as administrator)
c:\program files (x86)\mcafee\common framework\frminst.exe /remove=agent
Success!

Microsoft

Open Excel In New Window

2 Comments

I remember back when I could just double click on an excel file and it would open in a new window. Now, in order to save time/resources/etc, everything opens in the same window.

Employee was having problems with opening excel files from outlook with the “Excel cannot complete this task with available resources” error. Microsoft didn’t help much. Google neither.

Last time I had an error that was similar was back with 2003 office and the user had opened the same named file a hundred times (not all at once) and that hundredth time it refused to open. Temporary files were created each time the file was opened named something like “tempfile01.xls” and then “tempfile02.xls” etc but after the tempfile99 it wouldn’t overwrite the first one. Deleting temp files fixed that issue. It did not, however, fix it with office 2010.

Workaround I got was to edit the registry to make each excel file open in a new application window.

MAKE SURE EXCEL IS FULLY CLOSED!!!
regedit
HKCR\Excel.Sheet.12\shell\open\command
Edit the default and add “%1” at the end – there should be spaces between all arguments
Rename the “command” key to “command2”
Rename the “ddeexec” container to “ddeexec2”

HKCR\Excel.Sheet.8\shell\open\command
Edit the default and add “%1” at the end – there should be spaces between all arguments
Rename the “command” key to “command2”
Rename the “ddeexec” container to “ddeexec2”

Close regedit
Open Excel
Open Excel again. Profit.

Microsoft

Trust Relationship Failed

Leave a comment

If you’ve ever worked in IT, you’ll probably receive at least one “The trust relationship between this workstation and the primary domain failed” error. Basically this means the security hash between Active Directory and your workstation has been corrupted/lost/something and it needs to be re-created. The usual way to do this was to disjoin or unjoin from the domain, and then join the domain once again. For remote users this posed another problem as the remote user must have local admin privileges AND a connection to the business network (usually a VPN). With the advent of SSL VPNs that do not have a client that can load before Windows/Linux/Mac OS starts, the user MUST login prior to connecting and therefore will not receive many of the GPO installation benefits associated with being on a domain. Needless to say, it was a PITA.

So I found an article by Dan Peterson (thanks Dan) that lays out a “better fix” than the rejoin to a domain. And I agree; it is a better fix.

Install Netdom.exe on your computer. I use Windows 7, so here’s how I did it:

Install Remote Server Administration Tools (RSAT) http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
Programs and Features
Turn Windows Features On or Off
Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools
Check AD DS Tools and click OK

Then run Netdom to reset the key:
netdom.exe resetpwd /s:DOMAINSERVER /ud:DOMAINADMINACCOUNT /pd:*

So in my case it was:
netdom.exe resetpwd /s:dc1.domain.tld /ud:domain.tld\administrator /pd:*

It then asks for the password for your domain admin account. Enter it in. When finished, reboot the machine and away you go.