Ian

18 posts

Event ID 1500 1501 application event log spwebapp

1 Comment
IT SBS Support

I have just been looking at a problem with IIS (OWA outlook web access and sharepoint http://companyweb were not responding) and remote access to the RDS server had stopped. The application event log was full of event ID 1500 and 1501 for the user spwebapp.

The Windows SBS 2011 is running Exchange/OWA and IIS and has the remote gateway configured to redirect to the RDS server.

I restarted the remote gateway service which fixed the remote access problem.

The next problem was OWA and Company web not responding. I restarted IIS by running the IISreset from an admin command prompt but this didn’t change anything.

Event Id 1500 and 1501
Event Id 1500 and 1501

As you can see the event were happening frequently (about 20 a second). I have no idea when this started as the log  was full and overwriting older events.

Continue reading

Windows 2012 Backup error 0x8004231F

General IT Support Windows Backup

I recently had a server that had Windows Backup failing with the error (0x8004231F) “There is not enough disk space to create the volume shadow copy on the storage location”

Windows Backup Error
Windows Backup Error

All the hard drives appeared to have plenty of space and the backup drives were new and also had plenty of space.

Disk Space
Disk Space

I deceided to try and run the backup from the command line and while this also errored it gave a bit more detail

Error code 0x8004231f Continue reading

PCI Compliance failure due to Clickjacking threat

General IT PCI Compliance

Recently I’ve come across a new PCI compliance failure “Web Application Potentially Vulnerable to Clickjacking”.

Clickjacking PCI compliance failure

What is Clickjacking ?

Clickjacking uses IFrames to basically put a tranparent layer over a website and therefore can hijack the clicks and keystrokes the user enters.  This is also known as a “UI redress attack” as it is changing the Users Interface.

This means users can be fooled into giving up usernames and passwords when they think they are logging into legitimate web sites, not realising there is a layer intercepting these details between them and the legitimate site. Continue reading

Security Metrics PCI Compliance Site Failed

General IT PCI Compliance

One of the companys I work with take Credit Card payments and therefore want to be PCI compliant, and use security metrics to scan the network for compliance.

Lately they’ve been failing their online scan for a few reasons.

  1. Windows 2003 has been detected and that now unsupport
  2. TLS version 1.0 is still enabled
  3. SSL RC4 is still enabled.

Security Metrics PCI Compliance Site Certification Failed…

Security Metrics PCI compliance Site Certification Failed
Security Metrics PCI compliance Site Certification Failed

Continue reading

Windows 2008 server Hyper-V host and corrupted windows install

General IT Hyper-V IT Support

I had a bit of a worrying time last week when a colleague upgraded an old (but live) Dell PowerEdge R310 server running Hyper-V with some new RAM.
He powered down the old server, upgraded the RAM and booted the server back up.
A few minutes later he was looking at the screen loading windows, when it failed. He put the DVD and tried to repair windows but when he got to the  System recovery window it didn’t show any installations of Windows.
He then looked to restore from backup to another server to get the Hyper-V clients running while we fix this server.

Yes, you know what’ coming here, the latest backup we had was over a year old. Our client had not swapped out the drives for that length of time and something had corrupted the one drive that was plugged in.  Windows Backup was reporting successful backups, but when you try to restore, you cannot see any dates to select from. An investigation for another day I think !

Continue reading

Draytek 2820 maximum number of permitted Internet Sessions

IT Support

I’ve been having some issues with a Draytek 2820 at home lately. I’d made some changes to my network and swapped out a none WiFi Draytek 2820 with the WiFi version. Whilst configuring the new router I took the opportunity to upgrade the Firmware to the latest version (3.3.7.7 , Release Jan 2016).

A few days later I started getting an error message browsing the internet:

“You have reached the maximum number of permitted Internet sessions. Please close one or more applications to allow further Internet access. Contact your system administrator for further information.”

I rebooted the router, which solved the problem, and didn’t think much of it. This happened again a few days later, so I checked the Session Limit, under Bandwidth management, and this was disabled. I did note that the message I saw in the browser was the same message that would be displayed if the Session Limit was enabled.
I tried enabling session manager and then disabling, just in case the GUI was not reporting it correctly, but still the same problem.

Continue reading

Windows 10 start menu critical error

IT Support

I had a customer today who had upgraded to Windows 10 from Windows 7. All was going well until he rebooted and the Windows 10 start menu gave an error:

“Critical Error – Your Start menu isn’t working.  We’ll try to fix it the next time you sign in.”

Windows 10 Start Menu Critical Error
Windows 10 Start Menu Critical Error

Of course this was never fixed the next time they signed in, it was just kept reappearing. Continue reading

Outlook missing emails after being moved to a folder

1 Comment
IT Support

OK, well todays problem I’ve not come across before is strange.

A user reports that they have moved some emails into a subfolder in outlook and they’ve disappeared. I check the folder and it’s empty. Hmm. I send a test email to the account, move it to the folder and all is good. I move the email back to the inbox and ask the user to move it. It disappears.

I then search the whole mailbox and it appears in the search results. When hovering over it I see the folder name is different to the folder name in outlook.I found the folder buried under several sub folders which contained all the emails the user had moved.

The user was happy not have lost any emails and will delete the top level folder and just use the sub-folder where the emails currently are. I checked the rules under the users profile but there is nothing set up to move emails from this folder that I can find.

I’ve not manged to replicate this and I have no idea how the user managed to create what appeared to be a shortcut.

If anyone knows please let me know.

Windows SBS 2008 server out of disk space

1 Comment
IT SBS Support

I’ve been seeing a lot of Windows 2008 SBS servers running out of disk space lately on the C drive.

This causes Exchange to stop working due to the “back pressure” feature, which has been the first clue to the problem. After a bit of searching I found several area’s where log files can grow.

The 4 main area’s I found are :

  1. Active Directory Certificate Services
  2. IIS Log Files
  3. SBS Data Collector log (DataserviceComponents.log)
  4. Sharepoint SQL logs

I found a great script at SBSfaqs (http://www.sbsfaq.com/?p=1598) and updated the script to include all 4 points above and be able to select which options to run.

You will need to save the 2 SQL files and the batch file to a folder called “SBS Cleaner” on the root of the E drive. Run the batch file as administrator.

Please find the code for each file below.

Other Sources:

http://support.microsoft.com/kb/2000544
http://blogs.technet.com/b/sbs/archive/2010/03/02/recovering-disk-space-on-the-c-drive-in-small-business-server-2008.aspx
http://oxfordsbsguy.com/2012/10/31/sbs-2008-disk-space-and-the-dataservicecomponents-log-file/

Continue reading