I recently had a problem on an Office Web App Server (Windows Server 2012 R2). To show a document in Web View, it had to fetch it from another server via HTTPS. This failed.
The ULS log showed:
"The request was aborted: Could not create SSL/TLS secure channel"
When I used Internet Explorer from the Office Web App Server, I could connect to the other server via HTTPS no problem. So the certificate was not the problem, it was trusted on the Office Web App Server.
After hours of searching, I Read more [...]
If you need to synchronize the time via the Internet on a Windows Server, it is best to configure this via command line. Find below the commands you need (Open CMD as Administrator):
w32tm /config /syncfromflags:manual /manualpeerlist:"ptbtime1.ptb.de, ptbtime2.ptb.de, ptbtime3.ptb.de"
w32tm /config /update
"ptbtime1.ptb.de" is just an example, of course you can use other time servers.
If you are not sure if the time of your Windows Server or Client is synchronized properly or if you would like to know which is the time source, you can use the following command lines (Start cmd with Administrator privileges):
net start w32time
w32tm /query /status
You should see something like this:
C:\Users\Administrator>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 2 (secondary reference - syncd by (S)NTP)
Precision: -6 (15.625ms per tick)
Root Read more [...]
SPN means "Service Principal Name". In Active Directory you can set an SPN with the command line tool SETSPN. Find below some usage examples which I use often:
setspn -Q http/www.mywebsite.com ==> Check if the SPN "http/www.mywebsite.com" exists
setspn -L MyServer ==> Show all SPNs for MyServer
setspn -X ==> Search for duplicate SPNs in the current domain
setspn -S http/www.mywebsite.com MyServer ==> Set the SPN for a specific Server object in AD. This also checks for duplicate Read more [...]
In environments where you have a Microsoft PKI Infrastructure (AD CA) setup, you can create new certificates via web enrolment:
This is straight forward for single-name certificates. If you wish to have multiple names for a certificate (Subject Alternative Names = SAN), you need a certain syntax in the "Atrributes" field of the web page:
You can add as many names as you want, separated by "&".
Important: Read more [...]
Many companies have a policy that require their users to change their passwords regularly (e.g. every 90 days). In Active Directory, this is normally enforced via Group Policy.
This works well, but can be problematic if the user is out of the office while the password expires. An example: If he or she is using a mobile phone to access company emails via ActiveSync, the access will be blocked once the password has expired. ActiveSync does not support password changes, so the user has no way to Read more [...]
I recently wanted to uninstall SQL Server 2008 R2 completely after I have upgraded to SQL Server 2014. The uninstall of the
"SQL Server 2008 R2 Setup Support Files"
did not work and produced the error:
Microsoft SQL Server 2008 R2 Setup Support Files cannot be uninstalled because the following products are installed:
Microsoft SQL Server 2008 R2 RsFx Driver
Strangely, the "Add/Remove Programs" section did not list the "Microsoft SQL Server 2008 R2 RsFx Driver". To uninstall this "hidden" Read more [...]
On a workgroup computer that's running Windows 7/8.1, Windows Server 2008 R2/2012 R2, the Windows Time service stops immediately after system startup. This issue occurs even after the Startup Type is changed from Manual to Automatic. Additionally, the following event is logged in the System log:
Log Name: System
Source: Service Control Manager
Event ID: 7036
The Windows Time service entered the running state.
Log Name: System
Source: Service Control Manager
Event ID: Read more [...]
The Microsoft Windows Malicious Software Removal Tool (MRT) is downloaded and run with the monthly Windows Update cycle on many Windows versions (e.g. Windows 7, 8.1, 10, Windows Server 2012 R2 and others). It always uses the same KB/Patch number:
You can disable this in Windows Update by hiding the update, but it will be re-offered next month. To permanantly disable the offering via Windows Update, change this registry key:
It's Read more [...]
It can happen that you lose all passwords or that you delete the users in a DB, so you have no access or limited access to the databse instance.
There are many articles on the Internet that talk about SQL password crackers or other strange methods (some cost you money) to sort this out, but there is a much better and simpler method.
For this to work, you need access to the server console (for example via RDP). The trick is to activate and reset the password for the sa account, then login with Read more [...]