Thursday, April 22, 2010

Activesync 0x85010014 after moving email mailbox from exchange 2007 to 2010

It's always fun when you run into a problem that only affects one or two users out of a hundred. You can only imagine my joy when I discovered that only my account wasn't working with Exchange Activesync after I moved my mailbox from the old Exchange 2007 server to the new Exchange 2010 one. By the way, I highly recommend using Microsoft's "Exchange Remote Connectivity Analyzer" for externally testing your setup. It's a great diagnostic aid during upgrades and such.
I tested my mailbox against an old windows mobile 6.1 PDA and got the 0x85010014 error, then I used Microsoft's analyzer above and drilled down to "Attempting FolderSync command on ActiveSync session" where it was failing. Then after much searching on the web, I found the clue at which basically said that Inheritance was turned off on my AD account.
That's when i remembered that during the upgrade I had seen a warning that said some objects in AD had inheritance turned off. I had searched different OUs, etc at that time and hadn't managed to find it. So I opened up ADUC (Active Directory Users and Computers), set the view to Advanced under View so I could see the Security Tab on objects. I checked the "Include inheritable permissions from this object's parent" checkbox and then right afterward I was able to use ActiveSync again.

Updated: I've also found that an attribute flag gets set called "AdminCount" that can also cause that checkbox to reappear. To get rid of it, go under Attributes in the advanced view and clear the AdminCount attribute. You can use a powershell script to find all these affected users and groups here:

PS: If the account is a member of a priveleged group, you may find this checkbox unchecks itself after a while.

Saturday, April 17, 2010

Dell Latitude E6400 video artifact problem with the Intel GMA 4500MHD

Ran into a weird video problem with a E6400 recently. I tried updating drivers, changing settings, and all the usual stuff but it would show up again within the first 15 minutes, give or take a few. So I decided to research into the video chipset itself and found that users on multiple laptop makes and models appeared to be suffering the same problem. See example below.

I found the solution on one of the lenovo forums (See post by dragon-fly). Apparently, there's an issue when there are a unmatched pair of different size memory modules. This particular laptop had a 4GB and 2GB in it so I swapped out the 2GB for a 4GB. And entertainingly enough, the problem went away right after that. It's been a few days now and the problem hasn't reappeared once yet.

Thursday, April 15, 2010

Getting around the Windows 2003 P2V Hyper-V Migration via SCVMM blue screen problem

Yeah I know that's one long winded title. Here's the scenario:
1. Used Microsoft System Center Virtual Machine Manager 2008 R2 to do a physical to virtual server conversion for one of my older Windows 2003 x64 servers.
2. Since it was an OEM OS, I had to buy another server license and do a Repair from a Win2k3 R2 CD1 since that's just about the only good way to get around that activation issue.
3. All attempts to boot the VM got me the dreaded Blue Screen with a 07B error code.

1. Don't install the integration components during the migration. On the last step of the SCVMM physical to virtual wizard it has an option to View Script.
2. Add -SkipInstallVirtualizationGuestServices to the very last New-P2V command. Then run the "Windows powershell - virtual machine manager" shortcut from the start menu and paste in the script. If you started from an OEM installation, continue to step 3, otherwise jump to step 5.
3. Then after the conversion, boot the VM off a Win2k3 R2 CD1 ISO or real CD and hit Enter for the first screen, then R to repair once it finds the OS.
4. After that's done, install Service Pack 2 for windows 2003 as it's required for the integration components. Then reboot.
5. Install the Integration services but DO NOT REBOOT yet. Check the registry under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000
The Group Value should be WdfLoadGroup and NOT "Base" or else bad things will happen.
(Thanks to the guys at this thread: )

Now your virtual machine should boot up normally.

Wednesday, April 7, 2010

iTap RDP and group policy

A user recently complained that their iPad device wasn't able to RDP into their workstation. They were using iTap RDP ( which seemed to work fine for old XP boxes and non-domain joined workstations. It would give a NLA error when it tried to connect even though this newest version does support NLA. I knew it had to be group policy related since it only affected domain joined PCs. I wound up having to unconfigure the policy "Always prompt for password upon connection" under Computer Configuration -> Policies -> Admin templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security. Then gpupdate on my domain controllers, then gpupdate on the host pc and rebooted it for good measure. Afterwards, then the iTap RDP client was able to work properly.