RTFM!

Today I had the simplest of tasks to do. Make some software available for some users.
I always test out the software first to see if there are any issues etc.
I was given a CD with a piece of software on it, a single exe with a Username and Password to run it.
That didn’t work? After several attempts, I paid a bit more attention and realised that the Username and Password details were printed in reverse. I skim read the CD and see that it said Username and Password but didn’t notice they were the wrong way around!
So I swapped the Username and Password around and tried it again. Still no joy!

I left it for a bit as I had other stuff do and came back to it just before lunch.
I had a quick read of the manual and that told me a Username and Password combination the same as what was on the CD but the other way around! However, I had already tried it both ways!

I copied the exe onto my desktop and popped the CD out of the drive and run the program again making sure that I had typed the password in correctly. This time it worked? WTAF?
I then put the CD back in and tried it again only to get the same error as before?
I then loaded up the manual to have another read only to find a sentence saying that you have to copy the exe onto your computer for it to work? Err I guess I must have missed that bit. Ooopps!

Being an IT Pro! I never read the manual 😉 maybe I should try that from now on!

Unable to join the domain?

Today I set about installing a new server to replace an old one. This was going to be a Virtual Server on our Hyper-V cluster.

I have built enough servers of varying OS versions on Hyper-V enough times to not even think about what I am doing so was a tad surprised when it failed to join the domain.
A quick check of everything showed nothing obvious, as sometime I do make the odd stupid mistake!
The server had a DHCP IP address, I could ping IPs on the network, I was able to download files from the internet – which were about all I normally do before joining a new server onto the domain.
I let the server update itself with the latest OS updates and reboot, but that made no difference.
I then set about checking out the NetSetup.log and work through any issues in there.
After checking that and getting nowhere and starting to lose interest I decided to move the VM to a different node and try and add it to the domain again. This time it worked!

I really have no idea what that is as I have not had that issue before and have joined servers on to the domain with not issues plenty of times.
Maybe if I have a lull in work I will revisit, but as I have looooaads to do I don’t think that will happen anytime soon.

OICE_15 Folders

After being plagued with hundreds of OICE_15_XXXXXXX folders and the pain in the arse to get rid of them I have decided to make my life a tad easier today.

I have seen these folders being created under AppData in the roaming profiles of users, they get copied up and down as the user logs on and off and ultimately end up causing the roaming profiles not to sync as they are over quota.

I can’t add them to folder exclusions as they are all different and I can’t find a way to move them or stop them being created. We have to delete them as and when we come across them and they are not always easy to delete as some of the file are dot files and windows says it’s not there when you try and delete it! WTF FFS

I normally browse to the folder, shift right click and select `Open Command windows here‘, go into each folder and delete the dot files, then delete the folders. But it takes for bloody ever as I have to do that on the computers and on the server where the OICE_15 folders are.

To make life easier I have added an extra context menu to the right click menu for folders called `KillDOTFiles`

Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOTFoldershellkilldotfile]
@="KillDOTFile"
"Icon"=""
[HKEY_CLASSES_ROOTFoldershellkilldotfilecommand]
@=""C:\Windowskilldotfile.bat" %1"

Created a batch file that had the following contents

for %%a in (%1) do set temp=%%~nxa
set OICEDir=%temp:~0,4%
if /I NOT %OICEDir% == OICE (
rem echo No
) ELSE (
rem echo Yes
del %1*.* /q /f
rd %1 /s /q
)

Now all I need to do is highlight the folders, right click and they get deleted.

Ive added a bit of checking to the batch file, as if I give the file to anyone else i do not want to be held liable if they delete the wrong directory! It will happen!!

Why did I not think of doing this before?

QuickTime Issues – Poxy Apple Software

What a waste of 3 days this has been!

A problem was reported to me – someone couldn’t view a webpage with a QuickTime move in it.
Given that QuickTime was in need of an update as it was well out of date, I decided to update it first.

I am really not sure what the hell was going on, but it was plagued with errors. The main one being when I created the deployment package in SCCM it deployed the Apple Application Support MSI but then failed deploying the QuickTime MSI. The Apple Application Support MSI was a dependency of the QuickTime MSI. That worked fine but the QuickTime MSI failed saying that a version of QuickTime was already installed.
So I deployed a clean image to my test machine that included QuickTime and set about deploying the new version of QuickTime. Same error again – a version of QuickTime was detected again. Ok so much for upgrade! So I removed all Apple components and deployed QuickTime again. The same error.
I double checked and went through the registry and removed every Apple reference, went through ProgramData and removed everything Apple and in Program Files and Common Files etc. With everything gone I deployed it again. The same error?!?!

I then decided to run the MSI files manually. The Apple Application Support installed fine, but the QuickTime failed again with the same error.
This time I ran SysInternals Process Monitor to capture everything so I could see what was going on.

Several hours later I came across a registry entry that looked like it was causing the error. I deleted it and run the QuickTime MSI again only to find the registry key was back and so was the error. Now that made no bloody sense at all?
Thankfully I had a weekend to forget about that crap and start a fresh on Monday, which seemed to work as I redone the 2 deployments in SCCM and it then installed Apple Application Support and QuickTime with no issues. I really do not know what happened there, as nothing was different.

So, back to the original reason for doing this, I checked the online video and it still didn’t play.
So after all that faffing I was no further forward!
I then renamed my roaming profile and logged in and tried it again. This time it worked!
I looked through the roaming profiles folder to see what Apple stuff I could find, but as I severely limit what is allowed to roam there was no Apple files / folders there.
I then coped the old registry file over and logged on again – movie didn’t play again.

So the issue was with the registry.
I loaded up regedit and went through all the references to Apple or Quicktime that I could find, deleting all then one at a time then trying the online video again.
I finally came across a key called

HKCU/Software/Microsoft/Internet Explorer/Internet/Registry/REGISTRY/USER
[SID]/SOFTWARE/Apple Computer, Inc./QuickTime/LocalUserPreferences

With a setting called FolderPath that was set to an invalid location.
I changed the location to a valid one and hey presto it worked! FFS

It’s so nice to see Apple software that is enterprise friendly!

Recovery again – win some, lose one

Today I got given a USB key stick to try and recover data off.

I tried my trusty recovery tools and was greeted with a stat that wasn’t going to work out too well!

It took 50 mins to scan 3 sectors on the key stick and given that there were 31015 sectors reported in total it was not feasible to carry on

31015 / 3 * 50 / 60 / 24 = 358.97 Days!!

Hmm I think not. I know I spend a lot of my time sat around waiting for progress bars, but that is one progress bar that I do not want to wait for.

All that was left was to deliver the bad news to the owner!

I state what I always say yet again – Do not rely on a USB key stick to hold your important data and expect it to work everywhere all the time, because you have just learnt the hard way what can happen. Back it up and back up your backup, and if you are that worried, backup the backup of the backup! And by that I do not mean on the same key stick or hard drive.

SCCM upgrade from 2012 SP1 to 2012 R2 + CU

So, finally I have finished upgrading all of our clients to the latest version and CU of the SCCM client.

To say it has been a challenge is an understatement.

You would think that given what SCCM is used for that it would be easy and quick to do, but no.

There were just over 400 machines and once I upgraded the server form SP1 to R2 and then updated it to the latest CU I had to deploy the R2 client and then deploy the update to CU4.

The R2 client seemed to get deployed quiet easy, there were a few machines that for some reason had really really old SP1 version on them. For those, there were a few that didn’t like the upgrade, so I had to uninstall the old client and then deploy the new one.

I then set about deploying the CU4 update to all machines. There was a bunch that wouldn’t update, no matter how long I left it and no matter how many times I forced an Application Deployment Evaluation Cycle it stayed on the old version.

I had a SQL query listing all the machines on the old version, the started off about 49.

I found it easier to remote on and manually uninstall the client, wait for all processes to terminate, rename the old SCCM directory and then reboot the machine. I figured that out after a bit of trial and error trying to get things off and on again!

So, thinking I had it sussed out, I was somewhat surprised when I refreshed my query one morning to find the number of machines had increased. Looking closer it was a few machines from the Labs.

RDPing on showed that the version was indeed the old version. I really couldn’t be bothered to see what the hell was going on as it had been a good few weeks that I had been trying to do this and people not logging off! and machines in locked rooms that didn’t work with WOL were doing my nut in.

So for each of those I applied my fix – remove the old client, wait for processes to terminate, rename the old CCM directory, reboot the machine, deploy the new client via SCCM and then deploy the update. That seemed to work for every computer that somehow managed to downgrade its client version on a reboot!?

Now to package and deploy the growing list of application updated that are needed.

Wine that homos drink!?!?

You couldn’t make this shit up! I done Matraco a favour by fixing his pc that was infected with loads of dodgy shit, one being the Cryptowall 3 virus.

I do not know what the hell happened, but for some unknown reason none of his documents were encrypted. Maybe it was because there was loads of other crapware / shit ware / fag ware on there to clog up the system? Maybe it had too many spring onions or marrows on it, or maybe it was because he was using plastic gloves to type? Either was he is one lucky SOAB.

So, to say thank you for saving his life, he bought me some alcoholic beverages. Not just any alcoholic beverages. It was special alcoholic beverages. Apparently it was, and I quote `wine that homos drink`??? What the fucking hell?!?

That specific aside, I shall enjoy said alcoholic beverages, as its not often that TAB splashes his cash on anything other than marrows.

Cheers Matraco

CryptoWall – OH, your fucked

My first dealings with a Crypto Variant today, CryptoWall

Someone that I haven`t done any work for for a few years contacted me to ask for some help as they couldn`t open their emails. So I remoted on and took a quick look for them.

First thing that I noticed when the screen loads is 3 files in the middle of the desktop called DECRYPT_INSTRUCTION. Straight off I knew that this was not going to be a good result.

I had a quick read of what it says and then a quick look at the My Documents folder and then proceeded to tell him, in a non technical way, that he was Fucked. I then explained what had happened and told him that there was nothing that I could do, something that I don`t often tell people. I wasn`t going to suggest paying $500 to get it all unencrypted only to find that it didn`t work.
Ironically the only thing that wasn`t encrypted was all of his Sage Accounts!

He asked how it could of happened and after a quick visual check I told him
Well, you are running Windows XP that has out of date virus protection, that would not of helped, you have probably opened up a few dodgy emails with attachments and looked at them. He did say that he has been getting a lot of emails with invoices in them! Oh Dear

Its not often that I cant fix something, but in this case I couldn`t, so I told him to turn off and unplug the computer and buy 2 new ones to replace what he had as they are well out of date and possibly open to more problems!

TechNet Subscriptions

Microsoft have decided to retire their TechNet Subscription service
http://technet.microsoft.com/en-gb/subscriptions/ms772428.aspx

I signed the “Continue TechNet or create an affordable alternative to MSDN” petition to show my support for keeping the Microsoft TechNet Subscription service going.

http://www.change.org/petitions/continue-technet-or-create-an-affordable-alternative-to-msdn

As an IT Professional I use the software a hell of a lot to test things out and set up test environments. Some environments I have had going for well in excess of a year and having to rebuild them regularly would be a right pain to say the least!

I don’t know any fellow IT Pro’s that could afford an MSDN subscription to match the TechNet one.

If you are a TechNet Subscriber then sign the petition and show your support for keeping it going.

Microsoft, please continue the TechNet Subscription Service.

Thank you