Although I generally use Shavlik's HFNETCHKPRO to patch Windows Servers, I recently stumbled across two cases where Windows Update failed to work and I received the error 0X8024402C.
I found Microsoft's article on the issue, but clearing all proxy entries wasn't exactly what I was looking for in my case. (One server was running Project server 2003 and had added an entry as part of the Project server install. The other servers were running Veritas' Enterprise Vault product and had been configured with some proxies as part of their install.)
My solution was to observe the current settings by just running "proxycfg" without any switches and then appending "*.microsoft.com;*.windowsupdate.com" to the bypass list.
For example:
Run "proxycfg" and obtain the results:
Proxy Server(s): https://project;http://project
Bypass List : <local>;project
then run
proxycfg -d -p "<local>" "<local>;project;*.microsoft.com;*.windowsupdate.com
NOTE THERE IS NOT AN ENDING QUOTE
Thursday, December 14, 2006
Thursday, May 18, 2006
Help files over network shares
Came across an interesting issue the other day where a SAP Administrator had enabled sharing of the C: drive on a SAP deployment server, only to find he could no longer access the help files.
Apparently Microsoft has change functionality with MS05-026 to prevent a vulnerability in HTML help files and remote code execution. With security update 892675 installed you can't open HTML help files over network shares.
The workaround I used after scouring posts on the internet was to add the following registry key and then uninstall Internet Explorer Enhanced Security Configuration.
Apparently Microsoft has change functionality with MS05-026 to prevent a vulnerability in HTML help files and remote code execution. With security update 892675 installed you can't open HTML help files over network shares.
The workaround I used after scouring posts on the internet was to add the following registry key and then uninstall Internet Explorer Enhanced Security Configuration.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"MaxAllowedZone"=dword:00000001
"EnableFrameNavigationInSafeMode"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000001Sunday, March 26, 2006
Passed 70-291!
Passed 70-291!
I took the test on Friday and passed with an 866.
I had perfects in:
Implementing, Managing and Maintaining Name Resolution
Maintaining a Network Infrastructure
I performed well on:
Implementing, Managing and Maintaining IP Addressing
Implementing, Managing and Maintaining Network Security
My weak area was:
Implementing, Managing and Maintaining Routing and Remote Access
Like many organizations, we use third party solutions for Routing and Remote Access so I had less practical experience with RRAS.
To study I used the Mike Meyers Passport book, the ExamCram 2 book, the Syngress book, Self-Test software and converting from NetWare DHCP and BIND to Windows 2003 DNS and DHCP at my company.
Monday, March 06, 2006
Bug with trusts, 2003 sp1 and ESX VMware
While setting up some new trusts with some older NT domains, I found an interesting bug that prevented me from establishing an RPC connection.
Some googling (is that a word?) found at least this thread at VMware's forums.
One user recommended installing a Microsoft hotfix, but I preferred to find a workaround if possible and wait for resolution with a mainstream service pack for either Windows 2003 or ESX.
I found that I could use an xp desktop running the Windows 2003 sp1 adminpak tools to create the trust. I did of course have to make sure netbios was turned on and that I added the entries in my lmhosts file. (No WINS at our location.)
Some googling (is that a word?) found at least this thread at VMware's forums.
One user recommended installing a Microsoft hotfix, but I preferred to find a workaround if possible and wait for resolution with a mainstream service pack for either Windows 2003 or ESX.
I found that I could use an xp desktop running the Windows 2003 sp1 adminpak tools to create the trust. I did of course have to make sure netbios was turned on and that I added the entries in my lmhosts file. (No WINS at our location.)
Friday, February 10, 2006
Poor Windows 2003 DHCP server documentation?
While recently working with Windows 2003 DHCP server, I hit a big snag with Dynamic DNS.
Here's a copy of my post to the Windows forums after much frustration:
"After much testing and head-scratching, I've come to the conclusion that all
the documentation (both Microsoft and third party) is greatly misleading
regarding the radio button in Windows 2003 DHCP to "Always dynamically
update DNS A and PTR records".
I expected that when selected, that this would have all DHCP clients of the
server to register both their A records and PTR records in DNS. DHCP option
15 is set for the correct domain name, and DHCP option 6 lists the Windows
2003 DNS servers. The DHCP server is a member of the DNSUpdateProxy group
and I even added credentials to the DHCP server. (Note DNS and DHCP are not
on the same servers, not that it really matters in my situation.)
DHCP scopes configured to:
Enable DNS dynamic updates according to the settings below
Always dynamically update DNS A and PTR records
Discard A and PTR records when lease is deleted
The results of all this? XP and 2000 Clients only register their PTR
records. Why? They don't have the option to register their connections in
DNS selected on each XP and 2000 client? But why should they, I'm telling
DHCP to do it?
Anyway, I fixed it by checking the option on the DHCP server to "Dynamically
update DNS A and PTR records for DHCP clients that do not request updates
(for example, clients running Windows NT 4.0). I realize this is supposed
to be enabled by default, or that I could script it (although all the WMI
scripts I saw wouldn't work without SP2 on XP).
No offense, but all the wording in the interface and in the documentation
I've seen is a bit misleading on how all this should work."
Here's a copy of my post to the Windows forums after much frustration:
"After much testing and head-scratching, I've come to the conclusion that all
the documentation (both Microsoft and third party) is greatly misleading
regarding the radio button in Windows 2003 DHCP to "Always dynamically
update DNS A and PTR records".
I expected that when selected, that this would have all DHCP clients of the
server to register both their A records and PTR records in DNS. DHCP option
15 is set for the correct domain name, and DHCP option 6 lists the Windows
2003 DNS servers. The DHCP server is a member of the DNSUpdateProxy group
and I even added credentials to the DHCP server. (Note DNS and DHCP are not
on the same servers, not that it really matters in my situation.)
DHCP scopes configured to:
Enable DNS dynamic updates according to the settings below
Always dynamically update DNS A and PTR records
Discard A and PTR records when lease is deleted
The results of all this? XP and 2000 Clients only register their PTR
records. Why? They don't have the option to register their connections in
DNS selected on each XP and 2000 client? But why should they, I'm telling
DHCP to do it?
Anyway, I fixed it by checking the option on the DHCP server to "Dynamically
update DNS A and PTR records for DHCP clients that do not request updates
(for example, clients running Windows NT 4.0). I realize this is supposed
to be enabled by default, or that I could script it (although all the WMI
scripts I saw wouldn't work without SP2 on XP).
No offense, but all the wording in the interface and in the documentation
I've seen is a bit misleading on how all this should work."
Subscribe to:
Posts (Atom)
Posts
