Author: Adam Fowler

Adobe Reader Has Stopped Working

Posted on by Adam Fowler

Hi,

This issue has just come up, and seems to be affecting many people around the world. Adobe Reader X and XI seem to be crashing at startup, after a wait of 10 seconds or so. You’ll see the great ‘Adobe Reader has stopped working’ crash message:

adobestoppedworking

Some quick research showed that others were also experiencing this. I found a few people on Twitter complaining about similar things. @CurtinOasis said “Currently issues with adobe reader crashing on lab computers. May prevent accessing PDF docs. Investigating as a high priority! Sorry guys!” and @VillSumith “Adobe Acrobat Reader, crashing due to faulty network proxy. What’s the connection? Anyone? #adobe #techsupport #windows

One of the fixes was to either update Adobe, or reinstall – both seemed to work, but a rather poor solution for a multitude of installs.

I found this post on the Adobe Community forums: http://forums.adobe.com/thread/1283545?tstart=0 which mentioned this same issue. Ashen.NZ found that Adobe Reader was doing a request to the file http://acroipm.adobe.com/10/rdr/ENU/win/nooem/none/message.zip and blocking that URL actually fixed the issue. I confirmed this myself, checking that file came up in the network traffic logs, and then blocked the whole subdomain http://acroipm.adobe.com – and it worked.

This is by no means a proper fix, but until Adobe work out what’s going on, this will at least keep you going. I’ll update this post if I come across any further information.

Update: The Adobe forums thread above has been updated with an official comment (as pointed out by @Jacobestrin) –

 

Hi Everyone,

 This was a temporary glitch with our servers that has now been resolved. Please re-launch Acrobat/ Reader and let us know if you still face this issue.

 Thanks for your patience.

 Regards,

Deepak

 

I’ve disabled the workaround and everything seems ok. Just a slight slipup from Adobe if it was a ‘glitch’ :)

Why Bother With Lync if Skype Is Free?

Posted on by Adam Fowler

Skype is free to use. Microsoft Lync costs lots of licensing money. They do the same things, so why would anyone pay for Lync?

This is the sort of question I’ve been asked more than once, from end users to high class Linux Engineers who are used to using the best fit free solution to their problem. As with most things, the choice between the two is dependent on what you want out of it.

They’re both owned by Microsoft now, and MS has started to integrate the two together. Some of the lines are starting to blur – but again, what does Lync offer that Skype doesn’t?

First, Skype is a consumer product. Lync is an enterprise product. Skype will update it’s desktop software whenever Microsoft’s severs say they’re ready. Lync will update when you tell your WSUS Server that it’s time to, after sufficient testing has been carried out. That’s the same reason nobody likes iTunes in an enterprise environment.

Lync will use your internal usernames and email addresses, while Skype needs an external Skype or Microsoft account. An I.T. Department can’t do as much to help someone who’s forgotten their username, had their account hijacked, blocked, eaten by a grue etc, while the Lync account is dependent on your Active Directory account and fully controllable (there is Skype Manager for businesses, where business accounts can be created from a CSV and some management overhead – but this is at a very basic level. See https://support.skype.com/en/faq/FA10519/what-is-skype-manager-and-how-does-it-work for further details).

Lync with Enterprise voice (with a compatible gateway) will allow you to use your existing company number range, and have Lync as your full PBX solution. Skype you have to buy a new phone number, and will be completely locked in to using Skype or losing the number. Vendor lockin is never a good thing.

Lync will fully integrate with your Exchange environment, with useful functions such as using Unified Messaging with Voicemail and sending the message back via email, conversation and call history saved back to each user’s mailbox, and fully reportable usage details via Lync’s SQL Reporting Services. Response groups for centralised numbers, simultaneous rings to multiple staff and other advanced voice functions make Lync a much fuller business product when compared to Skype.

Collaboration is much stronger in Lync too. Just being able to see if fellow staff members are available, on the phone, in a meeting, away for an hour or 24 hours automatically by their status saves everyone time. Screen sharing, whiteboards are incredibly useful extras. Both products have easily creatable multi participant calls and video chats, but at the Skype end you need to be a premium user for that function.

Lync can also host online meetings with external third parties, who only need a web browser and not a full Lync client or even a Lync account.

If you’re a complete control freak (as you should be in I.T.), you can have Lync on-premise with absolute control of your servers and the data they hold, or trade off some of the control with Office 365. Skype is a black box of mystery in regards to the server side. Redundancy, uptime and protection of data is a cross of the fingers since there’s not much else to do. If Skype ever goes down and your customers can’t contact you, you’ll have to hope someone at the Skype factory finds the right switch to flick.

There are probably other things I haven’t covered in this overview, but Microsoft Lync is an enterprise grade solution with everything you’d expect to get with that caliber of product, including the price tag.

Network Printers keep disappearing from Directory Services

Posted on by Adam Fowler

Hi,

Just had an issue where some new print servers were commissioned – Windows Server 2012, with local printers installed connected to IP addresses of network based printers, and then shared and listed in the directory:

list in directoryPretty common stuff. There’s even a Technet article on how to do this http://technet.microsoft.com/en-us/library/cc737008(v=ws.10).aspx

Our problem was that after a few days, every single printer from a server would drop off the directory. We could get them back by removing and adding the tick for ‘List in the directory’ and waiting 5 minutes, but that’s a rather painful and temporary fix. You can also restart the Print Spooler service and wait as it will republish the printers, but that’s non-permanent resolution.

Doing a bit of research (yes, googling) I found an old thread here http://www.techsupportforum.com/forums/f103/solved-network-printers-disappearing-from-directory-161202.html and a similar Microsoft support article here http://support.microsoft.com/kb/246906/en-us that both indicated the easist way is to disable Printer Pruner on each Print Server via Group Policy:

pruning

As per the screenshot, the three settings you want to disable are:

Directory pruning interval
Directory pruning priority
Directory pruning retry (ok this doesn’t really matter if the top two are disabled, but no harm)

This will stop the server doing any sort of pruning – and hey, if you want to remove a printer from the directory, you remove the tickbox.

As a side note, if you’re not already using Print Management – start using it. Step by Step guide from Technet here: http://technet.microsoft.com/en-us/library/cc753109(v=ws.10).aspx

Why use Print Management? It lets you centrally manage all Network Printers, their drivers, and has a bunch of handy options like deploying to Group Policy. Trust me, it’s worth having a look! You just need to add the “Print Services” role to a server, then add the feature “Print Services Tools”.

 

ASUS Warranty Repair wants my Password?

Posted on by Adam Fowler

Hi,

Last year I bought an ASUS laptop for my wife – an ASUS Vivobook S400CA which isn’t too badly specc’d with a small SSD drive and touchscreen. All seemed OK, apart from a somewhat dodgy spacebar that had to be pressed rather hard. We lived with that for a while, but got fed up so decided to log a fault on it.

I first started with calling the place of purchase – JB Hifi, who said I had to go to the manufacturer (I don’t *believe* they can legally say this under Australian Consumer Law, but that’s an aside issue) so I contacted Asus. I gave them all the necessary details, and was told I’d be contacted by the local Asus Repair Centre. A few hours later they called me, and said instead of posting it in, I could drop it off – fine by me as it was just down the road.

Upon arriving at the Asus Repair Centre, I am given more paperwork to fill out. It’s become obvious that this isn’t actually Asus, but a company that does work on their behalf. Again, no issue here as long as someone’s fixing the laptop. One of the fields on the paperwork asks for a ‘Password’. I query the person at the counter on this, asking why they need such a detail, especially since this is a faulty spacebar… and even if they really need to test it, the login screen will let them try.

The response was that because they did work on behalf of Asus, they had to test everything and give it a tick of approval, otherwise people will bring back their items with other faults and Asus has to keep paying this company each time that occurs. I can understand where they’re coming from, but they don’t need to log into my personal installation of Windows to do this surely? They said it was a necessity and they couldn’t accept the laptop without it.

I immediately logged in, created a temporary account with as little access as I could, and gave them the details. There wasn’t anything personal on this laptop that I knew of, but it’s still a worrying state.
I’m sure many of you will read this and just shake your heads, but here’s some reasons as to why this is bad practise:

  1. Giving them access to the laptop means they can easily go through it’s contents. Unless you’re computer savvy, you’re going to have little idea what access they actually have by handing over a login.
  2. These laptops run Windows 8 – Microsoft promotes the use of a Microsoft account for login. This login doesn’t just give local access to the laptop, but any service connected to the Microsoft account – Xbox, Hotmail/Outlook.com, Skype, SkyDrive – scary stuff.
  3. Someone logging a warranty claim should be told that this is a requirement before you turn up and get asked for credentials.
  4. When is it ever a good idea to write down your password on a piece of paper and hand it to a stranger?

I’m not sure if this is Asus’s own process, or just a process this particular 3rd party uses – but either way, this is something they should reconsider their policies and method. My recommendation would be for them to boot off a USB or CD to run diagnostics on the hardware, simple.

Note: I sent a tweet to Asus’s Australian twitter account @ASUSAU for comment but did not hear back. If I do hear anything, this article will be updated.

What Happened To My Email? Mailbox Audit Logging

Posted on by Adam Fowler

Hi,

A very common question. An email goes ‘missing’ from someone’s mailbox, and they want to know what happened. A fair enough question – rarely is it a fault of your Exchange servers, but it’s your problem to prove otherwise.

You can use Message Tracking (details here http://technet.microsoft.com/en-us/library/bb124926(v=exchg.141).aspx, and a great guide here http://exchangeserverpro.com/exchange-2010-message-tracking/) but that will just prove the email hit the person’s mailbox, which often we already know because they saw it. Keep in mind this won’t help you for past events, but if someone is making multiple claims of emails going missing you can enable this to find out for the next occurance.

To prove what happened next, you can use the Exchange 2010 and greater feature called Mailbox Audit Logging. This will track actions on individual emails, and save the log inside the person’s actual mailbox. This can not only log what the user themselves does, but also delegates and administrators. To see what you can log, have a look at this Technet article: http://technet.microsoft.com/en-us/library/ff459237.aspx

There is also a great guide from Paul Cunningham to get you started: http://exchangeserverpro.com/exchange-2010-mailbox-audit-logging/

My scenario requires a few more commands, as I want to log all actions rather than the default which doesn’t log anything the owner of the mailbox does.
First, enable MMailbox Audit Logging on the mailbox you’re concerned with via Powershell:

Set-Mailbox -identity Adam.Fowler -AuditEnabled $true

Easy. Now, if you run this command:

Get-Mailbox -identity Adam.Fowler | fl *audit*

You will see a few results. AuditEnabled should be true, and you’ll notice by default there are some different options between AuditAdmin, AuditDelegate and AuditOwner, with AuditOwner having no settings at all. To enable all possible logging options, for the Owner of the mailbox, run this command:

Set-mailbox -identity Adam.Fowler -AuditOwner Create, HardDelete, Move, MoveToDeletedItems, SoftDelete, Update

You can then run the previous command to see the extra options show up. Now that Mailbox Audit Logging is running on the mailbox, logs start to get generated. Once a few actions have been run on the mailbox, you can start looking at the results. Technet have some good examples here: http://technet.microsoft.com/en-us/library/ff522360.aspx

One example is if you are looking for an email with a subject that contains the word “test” within a date range:

Search-MailboxAuditLog -Identity Adam.Fowler -StartDate 7/21/2013 -EndDate 7/21/2013 -showdetails | where-object {$_.ItemSubject -like “*test*”}

If you want a glance at how many results you’re seeing, filter just to show the subject of each result and what happened to it (operation):

Search-MailboxAuditLog -Identity Adam.Fowler -StartDate 7/21/2013 -EndDate 7/21/2013 -showdetails | where-object {$_.ItemSubject -like “*test*”} | fl itemsubject, operation

Once you find the result you’re looking for, you’ll see a lot of helpful information – especially what device did the action. For example, under the ClientInfoString I can tell a particular action was done by my account on a Samsung Galaxy S3 via ActiveSync (aka Samsung I9300)

ClientInfoString : Client=ActiveSync;UserAgent=SAMSUNG-GT-I9300/100.40102;Action=/Microsoft-Server-ActiveSync/default.eas?Cmd=Sync&User=adam.fowler&DeviceId=SEC10FE7073DAC69&DeviceType=SAMSUNGGTI9300

The Operation field tells you what action was taken (e.g. MoveToDeletedItems), you’ll also get FolderPathName and DestFolderPathName (where the email went from and to). Of course this will help identify if a delegate has been cleaning up the owner’s emails, but also if a certain device they have is doing something it shouldn’t.

I would recommend only using Mailbox Audit Logging when required, due to the small amount of extra space and load you’ll use on your mailboxes, you would need to do extensive testing before enabling company wide.

Good luck!