Saturday, March 28, 2015

Error Message: BC30456: 'InitializeCulture' is not a member of 'ASP.index_aspx'



I solved it by disabling the Allow this precompiled site to be updatable feature in the publishing options of their website

Friday, March 20, 2015

How to manually delete a DFS Namespace using ADSIEdit

Information:
This procedure assumes all DC’s that hosted this DFS Namespace are no longer available and will not be restored.  Use this procedure with caution, follow good practices by taking system state backups prior to deleting anything from Active Directory.

1)      Open AdsiEdit
a.       Connect to the Default Naming Context of the Domain
b.      Right click the ADSI Edit and select Connect To
                                                               i.     
c.       Fill in the appropriate connection settings as shown below.
                                                               i.     
d.      Click OK
2)      Drill down to the following container
CN=Dfs-Configurat,CN=System,DC=domain,DC=net
a.       Delete the affected DFS Namespace(s) listed on the right.
                                                               i.      Example, deleting the apps DFS Namespace.
                                                             ii.     
3)      Force Replication
4)      On each DC stop and restart the DFS Namespace service.
a.       Command Line
net stop dfs
net start dfs
b.      Services MMC
                                                               i.      Select the DFS Namespace service and click Restart.
                                                             ii.     
5)      Restart the DFS service on the client computer.
6)      Run the DFS Management Console
a.       Remove any existing DFS Namespaces from the display.
b.      Restart the DFS Management Console
c.       Add DFS Namespaces to display.
                                                               i.      This list should not display the removed DFS Namespaces.
7)      You can now manually recreate the DFS Namespace

a.       To simplify creating the DFS Namespace you should export the DFS Namespace configuration on a regular basis so you can import it as needed.

Monday, March 16, 2015

Replica of Offline Address Book version 2 not found

The Microsoft® Exchange Server Analyzer Tool queries the Exchange_Public_Folder Microsoft Windows® Management Instrumentation (WMI) class to determine the current value for HasLocalReplica. If the Exchange Server Analyzer finds that the value for HasLocalReplica is set to False for the offline address book version 2 instance for an offline address list, an error is displayed.
When HasLocalReplica is set to False for the offline address book version 2 instance for an offline address list, offline address lists are not correctly generated. As a result, users of Microsoft Outlook® 2002 and earlier cannot download offline address lists.
This issue can occur if you have not configured any public folder stores to contain replicas for offline address book version 2. By default, the offline address book replicates its contents to the public folder store of the server on which it is installed. If the public folder store is removed from the offline address book's replication configuration, the issue that is described in the previous paragraph occurs.
To correct this error
  1. Open Exchange System Manager.
  2. Expand Administrative Groups, and then click Folders.
  3. Right-click Public Folders, and then click View System Folders.
  4. Click to expand the OFFLINE ADDRESS BOOK object.
  5. Under OFFLINE ADDRESS BOOK, right-click o=org/cn=addrlists/cn=oabs/cn=Default Offline Address List, and then click Properties.
  6. On the Replication tab, verify that a public folder store is entered in the Replicate content to these public stores box. If a public folder store is not entered, click Add and enter the appropriate public store for the offline address book.
  7. Click Apply, and then click OK.
  8. Click to expand o=org/cn=addrlists/cn=oabs/cn=Default Offline Address List.
  9. Under o=org/cn=addrlists/cn=oabs/cn=Default Offline Address List, right-click offline Address Book Version 2, and then click Properties.
  10. On the Replication tab, verify that a public folder store is entered in the Replicate content to these public stores box. If a public folder store is not entered, click Add and then enter the appropriate public store for the offline address book.
  11. Click Apply, and then click OK

Mailbox Enable User system policy change is required

The Microsoft® Exchange Server Analyzer Tool queries the Active Directory® directory service to determine the value for the purportedSearch attribute of each Exchange system policy object. The purportedSearch attribute indicates the search argument used when the policy is applied.
The Exchange Server Analyzer also queries Active Directory to determine the value for the msDS-Behavior-Version attribute of the forest object in Active Directory, NTDS Settings. This value indicates the Active Directory forest functional level. Valid values for the msDS-Behavior-Version attribute are shown in the following table.

 

Value Forest functional level
0
Microsoft Windows® 2000 Server mixed
1
Microsoft Windows Server™ 2003 interim
2
Microsoft Windows Server 2003 native
The Exchange Server Analyzer also queries Active Directory to determine the value for the revision attribute of the Windows2003Update container. The value of this attribute indicates whether the Active Directory preparation utility (ADPrep.exe) has been run.
Finally, the Exchange Server Analyzer queries the Win32_OperatingSystem Microsoft Windows Management Instrumentation (WMI) class to determine the value of the OSProductSuite key. The value of the OSProductSuite key indicates the version of Windows running on the computer.
If the Exchange Server Analyzer finds the following criteria to be true, a warning is displayed:
  • The value of the purportedSearch attribute of the Mailbox Enable User system policy does not equal (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*))
  • The Active Directory forest functional level is Windows Server 2003 interim or Windows Server 2003 native mode.
  • The Exchange Server computer is not running Windows Small Business Server 2003.
To avoid mailbox re-homing issues, a modification to the system policies is required. This update can be made using Active Directory Service Interfaces (ADSI) Edit (ADSIEdit.msc), the LDP (ldp.exe) tool, or another Active Directory editor tool.
If Windows Server 2003 is used as a domain controller and the Mailbox Enable User policy is not updated, linked value replication in Windows Server 2003 will cause the Recipient Update Service to overwrite the value of the homeMDB attribute of new users, causing their mailboxes to be re-homed on the first store on the server.
CautionCaution:
If you incorrectly modify the attributes of Active Directory objects when you use ADSI Edit, the LDP tool, or another Lightweight Directory Access Protocol (LDAP) version 3 client, you may cause serious problems. These problems may require that you reinstall Windows Server 2003, Exchange Server 2003, or both. Modify Active Directory object attributes at your own risk.
To correct this error
  1. Start ADSI Edit.
  2. Double-click the Configuration container, expand CN=Services, expand CN=Microsoft Exchange, and then expand CN=<ExchangeOrganizationName>.
  3. Select CN=System Policies.
  4. In the right pane, right-click CN=Mailbox Enable User, and then select Properties.
  5. Scroll down to select the purportedSearch attribute, and then click Edit.
  6. Clear the attribute, and then configure it with the following filter:
    (&(objectCategory=person)(objectClass=user)(mailnickname=*)(homeMdb=*))
    noteNote:
    The filter shown in Step 6 has been wrapped for readability. Make sure that you enter the filter without any spaces or returns.
  7. Click OK again to save the change, and then close ADSI Edit.

Thursday, March 5, 2015

IIS: Security Authorization

Overview

The element allows you to configure the user accounts that can access your site or application. Use authorization in combination with authentication to secure access to content on your server. Authentication confirms the identity of a user, while authorization determines what resources users can or cannot access.
IIS defines two types of authorization rules, Allow rules and Deny rules:
  • Allow rules let you define the user accounts or user groups that can access a site, an application, or all the sites on a server.
  • Deny rules let you define the user accounts or user groups that cannot access a site, an application, or all the sites on a server.

Compatibility

Version Notes
IIS 8.5 The element was not modified in IIS 8.5.
IIS 8.0 The element was not modified in IIS 8.0.
IIS 7.5 The element was not modified in IIS 7.5.
IIS 7.0 The element was introduced in IIS 7.0.
IIS 6.0 The collection replaces the IIS 6.0 AzEnable, AzStoreName, AzScopeName, and AzImpersonationLevel metabase properties.

Setup

To support and configure authorization for sites and applications on your Web server, you must install the URL authorization module. To do so, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

  1. On the taskbar, click Server Manager.
  2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
  3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
  4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select URL Authorization. Click Next.
    .
  5. On the Select features page, click Next.
  6. On the Confirm installation selections page, click Install.
  7. On the Results page, click Close.

Windows 8 or Windows 8.1

  1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.
  3. Expand Internet Information Services, expand World Wide Web Services, expand Security, and then select URL Authorization.
  4. Click OK.
  5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

  1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
  2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
  3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
  4. On the Select Role Services page of the Add Role Services Wizard, select URL Authorization, and then click Next.
  5. On the Confirm Installation Selections page, click Install.
  6. On the Results page, click Close.

Windows Vista or Windows 7

  1. On the taskbar, click Start, and then click Control Panel.
  2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
  3. Expand Internet Information Services, then select URL Authorization, and then click OK.

How To

How to add an authorization rule

  1. Open Internet Information Services (IIS) Manager:
    • If you are using Windows Server 2012 or Windows Server 2012 R2:
      • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows 8 or Windows 8.1:
      • Hold down the Windows key, press the letter X, and then click Control Panel.
      • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
    • If you are using Windows Server 2008 or Windows Server 2008 R2:
      • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
    • If you are using Windows Vista or Windows 7:
      • On the taskbar, click Start, and then click Control Panel.
      • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.
  2. In the Connections pane, expand the server name, expand Sites, and then navigate to the site or application on which you want to configure authorization.
  3. In the Home pane, double-click Authorization Rules.

  4. To add a new authorization rule, in the Actions pane click Add Allow Rule... or Add Deny Rule...
  5. Apply the authorization settings needed for your site or application, and then click OK. For example:
    • Example #1: Adding an Allow rule for all users for specific HTTP verbs:

    • Example #2: Adding a Deny rule for a specific user for all HTTP verbs:

    Note: To edit or delete an existing rule, select the rule in the Authorization rules pane, and then click Edit... or Remove in the Actions pane. If you click Edit..., a dialog box appears that allows you to edit the rule; this dialog box is similar to the Add Allow Authorization Rule and Add Deny Authorization Rule dialog boxes.

Configuration

You can configure the element at the server level in the ApplicationHost.config file, or at the site or application level in the appropriate Web.config file.
You can set default authorization rules for the entire server by configuring authorization rules at the server level. You can remove, clear, or override these rules by configuring more specific rules for your sites or applications.

Attributes

Attribute Description
bypassLoginPages Optional Boolean attribute.

Specifies whether to skip authorization check for the page specified as the login page for Forms authentication. This enables unauthenticated users to access the login page to log on.

The default value is true.

Child Elements

Element Description
add Optional element.

Adds an authorization rule to the collection of authorization rules.
remove Optional element.

Removes a reference to an authorization rule to the collection of authorization rules.
clear Optional element.

Removes all references to authorization rules from the collection of authorization rules.

Configuration Sample

The following configuration example, when included in a Web.config file, removes the default IIS authorization settings, which allows all users access to Web site or application content. It then configures an authorization rule that allows only users with administrator privileges to access the content.

   
      
         
             users="*" roles="" verbs="" />
             accessType="Allow" users="" roles="Administrators" />
         

Sample Code

The following examples add an allow authorization rule that allows users in the administrators group to access a Web site named Contoso.

AppCmd.exe

appcmd.exe set config "Contoso" -section:system.webServer/security/authorization /+"[accessType='Allow',roles='administrators']" 
Note: You can optionally set the commit parameter to apphost when using AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file instead of a Web.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetWebConfiguration("Contoso");
         ConfigurationSection authorizationSection = config.GetSection("system.webServer/security/authorization");
         ConfigurationElementCollection authorizationCollection = authorizationSection.GetCollection();

         ConfigurationElement addElement = authorizationCollection.CreateElement("add");
         addElement["accessType"] = @"Allow";
         addElement["roles"] = @"administrators";
         authorizationCollection.Add(addElement);

         serverManager.CommitChanges();
      }
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample
   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetWebConfiguration("Contoso")
      Dim authorizationSection As ConfigurationSection = config.GetSection("system.webServer/security/authorization")
      Dim authorizationCollection As ConfigurationElementCollection = authorizationSection.GetCollection
      Dim addElement As ConfigurationElement = authorizationCollection.CreateElement("add")
      addElement("accessType") = "Allow"
      addElement("roles") = "administrators"
      authorizationCollection.Add(addElement)
      serverManager.CommitChanges()
   End Sub
End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST/Contoso";
var authorizationSection = adminManager.GetAdminSection("system.webServer/security/authorization", "MACHINE/WEBROOT/APPHOST/Contoso");
var authorizationCollection = authorizationSection.Collection;

var addElement = authorizationCollection.CreateNewElement("add");
addElement.Properties.Item("accessType").Value = "Allow";
addElement.Properties.Item("roles").Value = "administrators";
authorizationCollection.AddElement(addElement);

adminManager.CommitChanges();

VBScript


Set adminManager = CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST/Contoso"
Set authorizationSection = adminManager.GetAdminSection("system.webServer/security/authorization", "MACHINE/WEBROOT/APPHOST/Contoso")
Set authorizationCollection = authorizationSection.Collection

Set addElement = authorizationCollection.CreateNewElement("add")
addElement.Properties.Item("accessType").Value = "Allow"
addElement.Properties.Item("roles").Value = "administrators"
authorizationCollection.AddElement(addElement)

adminManager.CommitChanges()