Category Archives: Windows Server

Remembering remote desktop passwords

It is really annoying that the remote desktop client sometimes remembers only your login name but not your password, because:

Your credentials did not work

Your system administrator does not allow the use of saved credentials to log on to the remote computer COMPUTER because its identity is not fully verified. Please enter new credentials.

rdp-credentials

To fix this start the Local Group Policy Editor (gpedit.msc), and navigate to this branch: Computer Configuration –> Administrative Templates –> System –> Credentials Delegation. Here open the Allow delegating saved credentials with NTLM-only server authentication option and set it to Enabled.

Click the Show… button in the Add servers to the list option and add the servers you want to apply this setting to. You must use the TERMSRV/computername format to specify a single computer, or you can use TERMSRV/* to refer to all servers.

 

Technorati-címkék: ,
Advertisements

Installing WSUS on Windows Server 2012

Installing Windows Server Update Services on Windows Server 2012 is not a complicated task in theory: because it is now a part of the OS, you even don’t have to download it, just click through the step-by-step installation wizard in Server Manager. If you don’t believe me, take a look at this step-by-step tutorial with screenshots.

For me it was not that easy. I’m obviously an install-failed-error magnet, but according to the tremendous amount of forum posts in the topic, I’m not alone. So here are my solutions.

A kind notice:
The solutions below worked for me, but use them on your own risk!

The server is a fresh WS 2012 install, promoted to a domain controller. I have not found any documentation that would state that this is a non-supported scenario.

NTFS permissions

According to the Prepare for Your WSUS Deployment TechNet article, the NT Authority\Network Service account must have Full Control permissions to the following folders, otherwise the WSUS Administration snap-in may fail:

  • %windir%\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
  • %windir%\Temp

The beauty is that – as you can read in the doc – the first folder might not exist if IIS is not installed. WSUS requires IIS, and fortunately the installer is smart enough to install the Web Role as well. What’s more, it installs only those IIS components that are required to WSUS, so if you follow the “minimal install” principle, you probably want to let the WSUS installer setup IIS as well. But how to set the folder permissions before starting the installer, if the installer creates the folder?

Role Services

In a sunny Friday afternoon you may reach this step in the install wizard:

WSUS install wizard: Select role services

If you want to click all three components, be prepared to the following error message:

The following features cannot be installed on the same server: Database, WID Database.

The following features cannot be installed on the same server: Database, WID Database.

A little background info:

  • The WID Database (which is checked by default) means that the setup installs the Windows Internal Database, which is a mini SQL Server engine. It has some limitations, but perfectly suitable for WSUS, especially in a single server scenario.
  • The Database (which is not checked by default) means, that the setup creates the WSUS database in an existing SQL Server instance, which can even reside on another computer. If you want to select this option, please read the WSUS database requirements section of the documentation.

The important is that the default two checks are perfect, you don’t need all three.

Restart without results

The installer may run fine for a while, until:

The request to add or remove features on the specified server failed.

The operation cannot be completed, because the server that you specified requires a restart.

The operation cannot be completed, because the server that you specified requires restart.

Of course you can restart your server, but that won’t solve anything. After restarting the server, you have to restart the WSUS installation which will end with the same results again and again.

The solution is to modify your group policy. Start the Group Policy Management Console and edit the Default Domain Controllers Policy. In the Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment branch, edit the Log on as a service setting, and add the following accounts: IIS_WPG, NETWORK, NETWORK SERVICE, SERVICE.

After saving the GPO, don’t forget the update the policy:

gpupdate /target:computer

Post-Installation tasks

After the installation wizard completes, you will see – if you really look for it – a Launch Post-Installation tasks link which you must click. This essentially continues the installation.

Until it fails:

Configuration failed. A log file was created at C:\Users\username\AppData\Local\Temp\tmpXXXX.tmp

wsus-post-installation

I encourage you to look into the log file, because it is detailed and very readable. For example:

Config file did not contain a value "ContentDirectory"
Microsoft.UpdateServices.Administration.CommandException: 
A required configuration value was not found in the system.

Yes, it is missing a setting which you probably entered in the graphical wizard! If you are a command line guru there is a tool for you called wsusutil.exe in the C:\Program Files\Update Services\Tools folder, however it fails with the same error.

Both the GUI and the command line tool are missing the value from the C:\Windows\System32\ServerManager\ComponentConfiguration\UpdateServices-Services.xml file. If you open this file, you will find this (I added line breaks for readability):

<?xml version="1.0" encoding="utf-16"?>
<INSTANCE CLASSNAME="ServerComponent_UpdateServices_Services">
<PROPERTY NAME="ContentDirectory" TYPE="string">
</PROPERTY>
<PROPERTY NAME="ContentLocal" TYPE="boolean">
<VALUE>true</VALUE>
</PROPERTY>
</INSTANCE>

If you have eyes for XML, you see immediately, that that ContentDirectory value is definitely missing. No problem, just add it:

<?xml version="1.0" encoding="utf-16"?>
<INSTANCE CLASSNAME="ServerComponent_UpdateServices_Services">
<PROPERTY NAME="ContentDirectory" TYPE="string">

<VALUE>C:\WSUS</VALUE>
</PROPERTY>
<PROPERTY NAME="ContentLocal" TYPE="boolean">
<VALUE>true</VALUE>
</PROPERTY>
</INSTANCE>

It you run Notepad as administrator, you will be able to save the changes. Click the Launch Post-Installation tasks link again, it will run longer.

Database

For me it ran longer, but failed later. It created another log file in the Temp folder, this time with the following error:

Fatal Error: SqlException (0x80131904): Invalid object name ‘SUSDB.dbo.tbSchemaVersion’.

This means something is wrong with the database. If you read the log you can see, that the database exists, the installer could connect to it, however the specified table is missing.

I checked the C:\Windows\WID\Data folder where I found the SUSDB.mdf and SUSDB_log.ldf files, so the database really existed, probably because it was created by a previous installation attempt. However its 2112 KB size was suspicious, because it closely matched to the size of the model.mdf. My guess was that the database was created, but it is still empty.

My idea was to delete the database and hopefully the installer will create it again. Deleting the files was surprisingly easy, but when I checked the error.log file in the Log folder after restarting the service, it because obvious that the database server is missing the files.

So the correct solution is to connect to the database server and drop the database. If you don’t want to install SQL Server Management Studio, you can go with the SQLCMD command line tool which is available as a very small standalone installer from here: Microsoft Command Line Utilities 11 for SQL Server

If you don’t read the System Requirements section the MSI installer will warn you that it requires the ODBC Driver 11 for SQL Server as well.

Downloading these two MSI files is not obvious from Internet Explorer at all. First it aggressively blocks the popup windows, and second:

Security Alert: Your current security settings do not allow this file to be downloaded.

wsus-ie-msi-download-error

If you don’t want to fight with the browser, you can download this 7MB content on another computer and move it to the server via Remote Desktop.

Now you have SQLCMD in this folder:

C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn

You will also need the connection string to WID:

np:\\.\pipe\MICROSOFT##WID\tsql\query

I prefer using SQLCMD with a command file, because that makes editing and re-executing SQL commands easy. So you can create a file called wsus.sql with this content:

select name from sys.sysdatabases
drop database susdb
select name from sys.sysdatabases

And run it from the command prompt:

sqlcmd -S np:\\.\pipe\MICROSOFT##WID\tsql\query -i c:\temp\wsus.sql

With this you’ve dropped the WSUS database, but thankfully the WSUS installer will create it again with the correct table structure. After completing the install wizard and the post-installation tasks you can start the WSUS Administration console and run the server configuration wizard.

The WSUS server is installed now, but you still have to configure the clients and setup SSL.

 

Technorati-címkék: ,,

How can your app get into Spotlight in the Windows Store

There is a Marketing your app section in MSDN, where you can find information about how your app will appear in the Windows Store. But you can find nothing about what your app needs to get into the Spotlight section on the first page of the Store.

Well, that’s intentional to prevent gaming the system and abusing the algorithm. Wouldn’t you just buy your own app ten more times just to get into Spotlight, would you? For this reason don’t expect Microsoft publish the algorithm…

Some tips that can help your app:

Make sure you provide Promotional images in the Description step of the publication wizard, because without this your app has no chance to get into Spotlight. You can upload PNG images in four sizes:

promotional-images

You don’t have to upload images in all sizes, but the more you upload the more chance you have. If you want to upload only a single image, let that be in 414×180 pixel size.

Second, make sure your app is polished. Even the simplest app has more chance to the get into Spotlight if you care about the details when you make it, than a more useful app that look like you spent no time on it. Don’t even hope with the default X icon:

apps-with-no-icon

Finally, follow the feedbacks. You can get feedbacks from your users not only through the Review page, but the Store also collects statistics about your app, which you can review on the Dashboard.

 

Technorati-címkék: ,

Publishing a WCF service on IIS 8

WCF services don’t run on IIS 8 with the default configuration, because the webserver doesn’t know, how to handle incoming requests targeting .svc files. You can teach it in two steps:

1. Add a new MIME type:

Extension: .svc
MIME type: application/octet-stream

iis8-svc-mime-type

 

2. Add a new Managed HTTP Handler:

Request path: *.svc
Type: System.ServiceModel.Activation.HttpHandler
Name: svc-Integrated

iis8-svc-handler

That’s it!

 

Technorati-címkék: ,,

Installing .NET Framework 3.5 in Windows 8 and in Windows Server 2012

I was installing SQL Server 2012 on Windows Server 2012, and everything seemed perfect. Although checking the prerequisites completed successfully, the installer displayed a warning popup in the middle of the setup about the required but missing .NET Framework 3.5. Because the dialog had only an OK button, I could only hope that .NET 4.5 which comes with the OS will be suitable for SQL Server. It wasn’t, and the installation failed. And it turned out, that installing .NET Framework 3.5 is not so easy in these new operating systems.

In Windows 8 and in Windows Server 2012, the .NET Framework 3.5 is a so-called Feature on Demand. This means, that the metadata for the feature is included in Windows 8 and in Windows Server 2012, but the binaries and other files associated with the feature are not included. And if you want to install the feature, you have to supply the files.

 

Windows 8

In Windows 8 open the Programs and Features dialog. For me the easiest way to access this dialog is via the Windows+X admin menu:

net35-windows8-1

Select .NET Framework 3.5 (includes .NET 2.0 and 3.0) then click OK. A little searching…

net35-windows8-2

…and a question, whether you really want to download the files from Windows Update:

net35-windows8-3

Maybe it’s just me, but I really miss the info about the size of the download, and the option to supply the files locally. So if you really want .NET 3.5, click Download files from Windows Update. A little downloading…

net35-windows8-4

… then if you are not so lucky (like me), this error screen:

net35-windows8-5

The Tell me how to solve this problem link is exceptionally useful, because it links to the KB2734782 Knowledge Base article (Error codes when you try to install the .NET Framework 3.5 in Windows 8 or in Windows Server 2012) which can really help. In my case the problem was that my computer is a domain member, and group policy centrally configures the Windows Update settings. As I couldn’t change the policy, I had no other option than installing the .NET Framework from command line. Luckily the installation files are on the Windows 8 installation media, and with this short command you can install it from there:

dism /online /enable-feature /featurename:NetFx3 /All /Source:D:\sources\sxs /LimitAccess

It completes in a few seconds, I guess it’s much faster, than from Windows Update:

net35-windows8-6

 

Windows Server 2012

The command line installation using dism works perfectly on Windows Server 2012 too, because the installation files are available also on the server installation media. Ironically, on the server, you can complete the installation on the GUI as well. Just start the Add Roles and Features Wizard and select the .NET Framework 3.5 Features option (click for larger image):

net35-ws2012-1

After the Next, just try to read the endless warning message:

net35-ws2012-2

The message tries to warn you to click the Specify an alternate source path link at the bottom:

net35-ws2012-3

Then enter the path of the source files, like D:\Sources\SxS:

net35-ws2012-4

That’s it. After you finish the wizard, SQL Server 2012 installs without any issue.