Wednesday, May 6, 2015

ServiceStack v3, Angular, IIS Express, Windows Authentication & CORS

I've recently busted my balls trying to get ServiceStack v3/Angular/IIS Express/Windows Authentication all working together in our corporate environment.  It was a bit of a nightmare but it appears I finally have it all figured out.  Sorry about the crappy formatting.

First of all, I am running Visual Studio 2010 so I needed to ensure that SP1 was installed so I could properly configure my site from the Properties dialog of solution explorer.  First things first, you'll need to ensure that both Anonymous Authentication & Windows Authentication are enabled on the site:

Once you've confirmed both are enabled, head over to your web.config file and be sure you ad the following to the system.web section (OPTIONS simply would not work with Windows auth):

<system.web>
	<authorization>
		<allow verbs="OPTIONS" users="*"/>
		<deny users="?" />
	</authorization>
</system.web>

After this is added, implement Demis' (mythz) fallback service documented here (http://stackoverflow.com/questions/19254512/servicestack-corsfeature-global-options-handler-not-firing-on-certain-routes):

Request:

[FallbackRoute("/{Path*}")]
public class Fallback
{
public string Path { get; set; }
}

Service:

public class FallbackService : Service
{
    public object Any(Fallback request)
    {
        if (base.Request.HttpMethod == "OPTIONS")
            return null;

        throw HttpError.NotFound(String.Format("{0} was not found", request.Path));
    }
}

And finally you'll need to add the following to your AppHostBase in Global.asax:

base.Plugins.Add(new CorsFeature(
allowedOrigins: "http://FrontendUrlHere", allowCredentials: true, allowedMethods: "GET,POST,PUT,DELETE,OPTIONS"

));

Be sure you replace "FrontendUrlHere" with your front-end URL.  Allowed origins of "*" do not work when allowCredentials is set to true due to security reasons.

Friday, April 3, 2015

PsExec -- Error deriving session key: The system cannot find the file specified

So this one's been driving me insane for a while (especially since I figured it out a while ago and never documented the solution).  On some systems I would only be able to get PsExec working half the time...the other half the time I'd receive this infuriating error:


C:\Users\CJ\Downloads>psexec \\chrlcltsbx803 -i -s cmd.exe

PsExec v2.11 - Execute processes remotely
Copyright (C) 2001-2014 Mark Russinovich
Sysinternals - www.sysinternals.com

Error deriving session key:
The system cannot find the file specified.

So after running ProcMon to determine what file "couldn't be found," I realized--I was running PsExec  as my elevated administrative user without a profile.  As in: runas /noprofile /user:chrl\CJ cmd.exe. Unfortunately, this doesn't seem to work due to something with HKCU cryptographic keys.

Either way, the issue went away once running under my elevated account without the /noprofile switch. Hope this saves someone a headache.

Thursday, April 25, 2013

Lync 2010 Error Code: 500 Internal Server Error. The received certificate has expired. (-2146893016)

Our CA certificate recently expired and we were experiencing  a smorgasbord of issues after renewing the CA cert itself.  One issue we were running into is that our Lync mobile clients stopped connecting, and our external clients were receiving the following error:

Cannot synchronize with the corporate address book. This may be because the proxy server setting in your web browser does not allow access to the address book. If the problem persists, contact your system administrator.

Knowing that this was most likely related to the certificate, I checked and found my certs were up to date and working properly on both the Front End and Edge servers.  The next thing I checked was attempting to use the Microsoft Lync Connectivity Analyzer.  This threw an error stating:

Server discovery failed for unsecured external channel against https://lyncdiscover.tneus.com/

So I attempted accessing the URL directly from a web browser and came up with the following:


Hmm, so the certificate has expired?  That's strange as I had previously checked both the FE & Edge servers.  Next, I checked the TMG server and performed a rule test like so:


In the screenshot the test has passed (I took this after implementing the fix), but originally the https://lyncdiscover.xxxxx.com:4443 had failed the test with the same error reported by the web browser.  At this point I realized that the certificate could not be validated as I had not installed the new internal CA trusted root certificate within the TMG server.  After installing the root CA certificate all issues were now resolved.



Monday, June 11, 2012

Hyper-V Server 2008 - Error: 'The requested operation could not be completed due to a file system limitation'

When attempting to attach a VHD (or simply create a new virtual machine for that matter) by utilizing the Hyper-V manager on a remote computer (to manage Hyper-V Server 2008) I was having issues--I was receiving the error Error: 'The requested operation could not be completed due to a file system limitation' which was not too simple to figure out.

Turns out I was attempting to use a UNC path to point to the VHD (as I figured I would have to).  This is not the case--instead, in the management console on the remote machine I needed to use the local path on my actual Hyper-V server.

This resolved my issue.

Monday, April 16, 2012

Exchange 2003--How to force message stuck in 'Messages with an unreachable destination' to retry

I was in the middle of a migration from Exchange 2003 to 2010 and was troubleshooting public folder replication when I noticed my replication emails to the new public folder database were stuck in the unreachable messages queue.

The solution is to simply restart the SMTP service:

net stop smtpsvc
net start smtpsvc

Then the messages flowed out the appropriate connector.

Friday, July 1, 2011

Exchange 2010 HTML Mailbox Size Report

Not the prettiest thing in the world but gets the job done by printing each user's mailbox size & total items into a HTML table:

get-mailbox -database "Mailbox Database 1706745955" | get-mailboxstatistics  | where {$_.objectclass -eq "Mailbox"} | sort-object totalitemsize -descending | select-object @{label="User";expression={$_.DisplayName}},@{label=
"Total Size (MB)";expression={$_.TotalItemSize.Value.ToMB()}},@{label="Items";expression={$_.ItemCount}}  | convertto-html | out-file report.htm


May need to modify the mailbox database name.

Thursday, February 10, 2011

Windows Vista Update Error 0x80072EFD

Could not update Vista SP1 due to 0x80072EFD error, so I started out by manually updating to SP2.  No success.  This was driving me absolutely insane until I actually read the C:\windows\windowsupdate.log file.

First, try resetting the HTTP proxy through an elevated command prompt with the following command:

netsh winhttp show proxy

If you are still receiving this error, be sure you follow this KB:

http://support.microsoft.com/kb/836941

If this does not resolve the problem, try resetting Windows Update Components with the following Microsoft Fix It:

 http://support.microsoft.com/kb/971058

If this still does not work, be sure that WSUS GPO & registry settings are NOT in place!

First check GPO:

Administrative Templates->Windows Components->Windows Update, under the setting "Configure automatic updates."  If this is already set to "Not configured," then check registry settings under:

HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate

For any WSUS keys.  Deleting the WSUS keys I found in the registry remediated my issue.

Tuesday, February 1, 2011

Android Corporate Exchange Setup - Username or Password Incorrect

I spent a lot of time ensuring ActiveSync was working properly for a client on Exchange 2010--they have a lot of iPhones and I wanted to be sure everything top-notch.

When attempting to activate a Motorola Droid 2 with the Exchange server, I kept receiving the error "Username or password incorrect" despite the fact that the username & password were both in fact correct.  I was also unable to enter a server name no matter what.

I managed to solve the issue by entering a completely incorrect email address (user@blah.com) before finally being prompted for the server.  After entering the FQDN of the mail server, I was able to successfully authenticate the account.

Monday, January 31, 2011

Exchange 2010 - Can't Download OAB

During a migration from Exchange 2007->Exchange 2010, I could not figure out why my OAB would not download after deleting & re-creating it.

Originally, we were having an issue where Outlook 2003 clients would throw "Task 'Microsoft Exchange Server' reported error (0x8004010F): "The operation failed.  An object could not be found." when attempting to send/receive.  I tracked the issue down to the OAB after a short Google search. 

Our OAB virtual directory was actually empty, and there was no GUID folder before I found the solution below.

When attempting to download the OAB directly from Exchange 2010, one would receive the message: "An error occurred while opening the Microsoft Exchange Offline Address Book files," and event ID 27 (source: Outlook), "The operation failed," would be recorded in the application event log.

This post provided the solution.  After running the command in Exchange Management Console on the 2010 server:

update-FileDistributionService

I was able to download the OAB successfully from Outlook 2010.

Saturday, December 25, 2010

Disable OTA Updates Android

Ok Verizon was just pissing me off by pushing the OTA updates to my phone.  After dealing with "Install later" for 3 weeks, I finally managed to disable OTA updates using a trick I found on a forum.

First, make sure you have adb installed & that it can pick up your device.  Next, adb shell into your device & type the following commands:

su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/etc/security
mv otacerts.zip otacerts.zip.bak
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
sync
reboot