technical solutions and commentary

Clear tje Outlook Name Cache (nickname list)
Microsoft Outlook creates a nickname list that is for name checking and auto completion. When you use Outlook it automatically creates the nickname list. The nickname list can become corrupted and when it does Outlook may not identify recipients, may suggest the wrong recipients with automatic completion or it might just send the message to the wrong person!

To clear the nickname list:

There will be a NK2 file for every Outlook profile on the computer. They are typically named profilename.NK2. Rename or delete this nickname file for the desired profile. When Outlook is opened again it will create a new nickname list.

Here is an easy way to determine what Domain Controller authenticated a person at logon. This can come in handy when troubleshooting slow logons and troubleshooting logons for roaming laptop users.

That’s it! This should work for NT4/2000/2003/XP. I think it even works on Windows98/ME machines.

Many companies starting out using SharePoint have deployed SharePoint using a MSDE database. As people begin getting used using SharePoint, as opposed to regular file shares, the database can begin to grow quickly as documents are placed in SharePoint. In order to provide more than 2 GB storage permitted by MSDE, you need to move to a full-blown SQL Server based datastore. Here is a useful link for information on moving (upgrading) a a SharePoint database.

If you are already running a SQL Server based datastore for SharePoint, there may be a point that you want to move the database to a new server. For example, (1) if you are using a SQL Server for hosting multiple company databases, you may want to move the SPS database to a dedicated SQL Server for performance reasons. (2) You may be running out of drive space on the SQL Server housing you SPS database. (3) You may be hosting SQL on a single server and want to move to a clustered database solution for increased reliability of SharePoint. After a couple of hours of searching, I finally located the Microsoft KB Article on how to accomplish this task.

I believe I posted about this before, but it’s worth posting again. This is really a must have utility for any systems engineer or network administrator…

Windows Server 2003 Access-based Enumeration makes visible only those files or folders that the user has the rights to access. When Access-based Enumeration is enabled, Windows will not display files or folders that the user does not have the rights to access.

This download provides a GUI and a CLI that enables this feature. http://www.microsoft.com/downloads/details.aspx?FamilyID=04A563D9-78D9-4342-A485-B030AC442084&displaylang=en

On the Windows 2000/2003 Server
In order for a Mac client to authenticate with Active Directory, Services for Macintosh must be installed on the Windows Server. These components can be added by using Add/Remove Programs, choosing Add/Remove Windows Components, scrolling to ‘Other Network File and Print Services’, and then selecting ‘File Services for Macintosh’ (likely you will also want ‘Print Services for Macintosh’).

If you are trying to access a file share located on a Windows Server 2003 Domain Controller, the Default Domain Controllers security will prevent Mac clients from connecting. In order to allow the Mac client to connect, the Default Domain Controllers policy must be modified to “weaken” the network communications. If you can move the file share for the Mac clients off of a Domain Controller, to s Windows 2003 member server you should not have this issue, unless the member server has been configured to use a policy with the same setting as described below. This is because the security policy is set to always encrypt network connections. Word has it, that is was not an issue in Samba 3, but it is for OS 10.

If you choose to change this policy for the Domain Controllers, open the policy and go to:

Within the Policy Editor go to:

You need to run ‘gpupdate’ to reload the security policy.

On the Macintosh Client
If you are trying to authenticate to a Windows 2003 Server Active Directory, the Macintosh client will need to have the Microsoft User Authentication Module (UAM) installed. This is because the Windows Server 2003 Services for Mac only permits Microsoft Authentication by default. You can download the UAM athttp://www.microsoft.com/mac/otherproducts/otherproducts.aspx?pid=windows2000sfm

If you are running a Mac OS version prior to 10.4.3, there is a known issue that prevents Active Directory users from accessing certain Kerberized services on a Windows 2003 server. There is a patch 10.4.x clients which should resolve the problem and can be found here http://docs.info.apple.com/article.html?artnum=301722.

More information on connecting Mac clients to Windows 2003 can be found in Microsoft KB Article 834498 - Macintosh client cannot connect to Services for Mac on Windows Server 2003.

Citrix Presentation Server 4.0 for Windows 2000 and Windows 2003 has a problem with print the printing function. If a client has more than three printers a published application fails to inherit the Set as Default Printer setting of auto-created printers properly from the client settings. If a printer is even selected as a default through Citrix, another printer may be selected as the default printer erroneously. The issue is described in CTX106745.

Citrix is aware of this problem and actually has a hotfix for it. However the hotfix changes (breaks) the XML service port, if it is shared with IIS, from 80 to 8080. Therefore, while it is listed on the Citrix support web site, they have actually removed the hotfix from their site. The hotfix for Windows Server 2003 is PSE400W2K3003. The hotfix for Windows 2000 Server is PSE400W2K004.

UPDATE 19-Sept-05 Citrix has rereleased the hotfixes which now apply properly to the Presentaion Server without modifying the XML port. You now do not have to manually change the XML port back to 80. They can be obtained here:

END UPDATE

You can obtain the hotfix by opening a case with Citrix. However, I am not sure if they will charge the $400+ support call fee if you are only wanting to obtain that patch. If you have a support contract there shouldn’t be any charge. Alternativley you can try to get your Citrix reseller to obtain the hotfix for you.

If you do obtain the hotfix, after it is applied the XML service port, if shared with IIS, needs to be changed back to 80. The order in which this is to be done, on each server is:

Other recommended resources, from Citrix Tech Support, in troubleshooting the printing issues:

The Application Event Log contains multiple erros, with the event code ‘1202′ with the source of ‘SceCli’. The details contains the hex error code ‘0×534′, the error description starts out… “No mapping between account names and security IDs was done.” The ‘0×534′ code is the hex for “1332″ which shows up in the winlogon.log file as well.

This error is likely caused because a Group Policy Object contains an entry refering to a group or user account that it can not locate in the Security Accounts database. This can result when a group or account is renamed, deleted or the name is misspelled in the GPO. In one scenario, a Domain GPO referenced the group name of ‘Domain Administrators’ (which does not exist as a bult-in group) instead of the proper built-in group name of ‘Domain Admins’. Once this was corrected and the machine policy refreashed, everything worked began working properly and the 1202 errors cleared up.

The resolution to this problem can be found in the Microsoft KB Article KB324383 - “Troubleshooting SCECLI 1202 Events”.

If you are getting 1202 errors and it is not related to the GPO issues in the KB noted above, this the Microsoft KB Article KB284461 - “Event ID1000 and Event ID 1202 Messages Are Reported When You Set Security on the File Replication Service by Using Group Policy” may be helpful.

When attempting to execute a Windows Installer package or run a application setup executable, you get a “Access Denied” message and the installation will not continue. This is likely caused from the DCOM security settings being modified by a third party application install or program removal. To resolve this, do the following:

If you have other groups/accounts in the Access Permissions leave them alone. They may be required for third-party installed software.

After introducing a new Exchange Server 200o into an existing Exchange organization all email destined for email enabled public folders is routed to the newest server and is stuck in the SMTP queue. The new Exchange server does not yet have public folders replicas and is not setup for pf referals. There are no hints in the Event Viewer on this problem.

It appears this problem is do to the way Exchange is designed to route mail to public folders by default. Here is an excerpt from the Microsoft.com Exchange online documentation…

The msExchOwningPFTreeBL attribute always returns the public folder store that was most recently added first. A public folder store is created when a new server is installed. Therefore, frequently, the most recently installed servers are returned first. If the server is new, it may not contain a replica of the public folder hierarchy yet. Therefore the delivery of the message to this store causes an non-delivery report (NDR). In the Exchange 2000 Server Post-Service Pack 3 (SP3) Update Rollup and Exchange Server 2003, this logic has been changed so that messages are not submitted to stores that are older than two days. If a store that is older than two days does not exist, the message is submitted to the new store anyway.

Microsoft has a hotfix and/or a workaround for the way the PF routing works in KB 328870.

More information on this can be found in this blog: http://blogs.technet.com/exchange/archive/2004/09/10/228114.aspx