Sunday, February 19, 2017

System State backup using Windows Server Backup fails with error: System writer is not found in the backup

Symptoms

When you perform a system state backup using Windows Server Backup on Windows Server 2008, the backup fails with the following error:

Backup of system state failed [01/12/2009 16:21]
Log of files successfully backed up
'C:\Windows\Logs\WindowsServerBackup\SystemStateBackup 01-12-2009 16-21-37.log'
Log of files for which backup failed
'C:\Windows\Logs\WindowsServerBackup\SystemStateBackup_Error 01-12-2009 16-21-37.log'
System writer is not found in the backup.


 In the Application event log, the following events are logged:

Log Name: Application
Source: Microsoft-Windows-Backup
Event ID: 517
Level: Error
Description:
Backup started at '01/12/2009 16:21:03' failed with following error code '2155348226' (System writer is not found in the backup.). Please rerun backup once issue is resolved.

Log Name: Application
Source: Microsoft-Windows-CAPI2
Event ID: 513
Level: Error
Description:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddCoreCsiFiles : BeginFileEnumeration() failed.
System Error:
Access is denied.

Cause

The system writer fails because permissions to files in the %windir%\winsxs\filemaps\ or %windir%\winsxs\temp\PendingRenames directories are incorrect.

Resolution

To resolve this issue, type the following commands from an elevated command prompt:
Takeown /f %windir%\winsxs\temp\PendingRenames /a
icacls %windir%\winsxs\temp\PendingRenames /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\temp\PendingRenames /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\temp\PendingRenames /grant BUILTIN\Users:(RX)
Takeown /f %windir%\winsxs\filemaps\* /a
icacls %windir%\winsxs\filemaps\*.* /grant "NT AUTHORITY\SYSTEM:(RX)"
icacls %windir%\winsxs\filemaps\*.* /grant "NT Service\trustedinstaller:(F)"
icacls %windir%\winsxs\filemaps\*.* /grant BUILTIN\Users:(RX)
net stop cryptsvc
net start cryptsvc

Type the following command to verify that the system writer is now listed:

vssadmin list writers


If the system writer is missing, check the Application event log for the following event:
Log Name: Application
Source: VSS
Event ID: 8213
Level: Error
Description:
Volume Shadow Copy Service error: The process that hosts the writer with name System Writer and ID {e8132975-6f93-4464-a53e-1050253ae220} does not run under a user with sufficient access rights.  Consider running this process under a local account which is either Local System, Administrator, Network Service, or Local Service.
Operation:
   Initializing Writer
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer

The Details section of the event (Binary Data\In Bytes) would show up as:
 0000: 2D 20 43 6F 64 65 3A 20   - Code:
 0008: 57 52 54 57 52 54 49 43   WRTWRTIC
 0010: 30 30 30 30 30 37 32 39   00000729
 0018: 2D 20 43 61 6C 6C 3A 20   - Call:
 0020: 57 52 54 57 52 54 49 43   WRTWRTIC
 0028: 30 30 30 30 30 36 34 39   00000649
 0030: 2D 20 50 49 44 3A 20 20   - PID: 
 0038: 30 30 30 30 31 30 38 34   00001084
 0040: 2D 20 54 49 44 3A 20 20   - TID: 
 0048: 30 30 30 31 38 39 37 36   00018976
 0050: 2D 20 43 4D 44 3A 20 20   - CMD: 
 0058: 43 3A 5C 57 69 6E 64 6F   C:\Windo
 0060: 77 73 5C 73 79 73 74 65   ws\syste
 0068: 6D 33 32 5C 73 76 63 68   m32\svch
 0070: 6F 73 74 2E 65 78 65 20   ost.exe
 0078: 2D 6B 20 4E 65 74 77 6F   -k Netwo
 0080: 72 6B 53 65 72 76 69 63   rkServic
 0088: 65 20 20 20 20 20 20 20   e      
 0090: 2D 20 55 73 65 72 3A 20   - User:
 0098: 4E 54 20 41 55 54 48 4F   NT AUTHO
 00a0: 52 49 54 59 5C 4E 45 54   RITY\NET
 00a8: 57 4F 52 4B 20 53 45 52   WORK SER
 00b0: 56 49 43 45 20 20 20 20   VICE   
 00b8: 2D 20 53 69 64 3A 20 20   - Sid: 
 00c0: 53 2D 31 2D 35 2D 32 30   S-1-5-20

Open Regedit and navigate to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS\VssAccessControl.

Change the value of NT AUTHORITY\NETWORK SERVICE (REG_DWORD) to 1.

You may also want to check the entry for other services (LOCAL SERVICE, NetworkService) as indicated by event 8213.

The 'System Writer' should now show up in the "vssadmin list writers" command:
Writer name: 'System Writer'
   Writer Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Instance Id: {04cf6316-f0c5-4ce7-bbe4-e56e6334124c}
   State: [1] Stable
   Last error: No error
Posted by at No comments:
Labels:

Wednesday, February 15, 2017

SQL Server – Changing Default Database Location for Server

When you create a new database in SQL Server without explicitly specifying database file locations, SQL Server created files in default location. This default location is configured when installing SQL Server.
If you need to change this default location once SQL Server is installed, you can change this in server properties.
Method 1: Change default database location via SQL Server Management Studio:
Step 1. Right Click on Server and Select "Properties".
image
Step 2. in the "Server Properties" dialog box, navigate to "Database Settings" tab and data/log files location under "Database default locations" group. You can also change default backup location here.
image
Step 3. Click on "OK" to apply changes.
All new databases will be created to new location unless specified explicitly.

Method 2: Change default database location using TSQL Code:
You can also change default database location using TSQL code, use below code to change data, log and backup location:
USE [master]
GO

— Change default location for data files
EXEC   xp_instance_regwrite
       N'HKEY_LOCAL_MACHINE',
       N'Software\Microsoft\MSSQLServer\MSSQLServer',
       N'DefaultData',
       REG_SZ,
       N'C:\MSSQL\Data'
GO

— Change default location for log files
EXEC   xp_instance_regwrite
       N'HKEY_LOCAL_MACHINE',
       N'Software\Microsoft\MSSQLServer\MSSQLServer',
       N'DefaultLog',
       REG_SZ,
       N'C:\MSSQL\Logs'
GO

— Change default location for backups
EXEC   xp_instance_regwrite
       N'HKEY_LOCAL_MACHINE',
       N'Software\Microsoft\MSSQLServer\MSSQLServer',
       N'BackupDirectory',
       REG_SZ,
       N'C:\MSSQL\Backups'

GO
Posted by at No comments:
Labels:

How to export GP Dynamics table (like USERS LIST) to MS Excel sheet

Long Description:
This is a procedure we use to export a table content from a Dynamics database into an Excel sheet. In this case, I will be showing you how to extract the complete users list from Dynamics Great Plains using the SQL Server Enterprise Manager.

Tip: You can also run the "Import and Export Data" program directly. The advantage of launching it from Enterprise Manager is that when you right click the database from the Ent. Manager the correct options will be automatically set for you.

You can use this same procedure for exporting other data. Just make sure you know the tables and column names you want to export.

STEPS:

1. Drilldown through the Microsoft SQL Servers, SQL Server Group, Server, downto the databases until you see your DYNAMICS database.
2. Right click DYNAMICS database, then choose "All Tasks" - "Export Data". This will launch the DTS Import/Export Wizard.
3. When you see the "Data Transformation Services Import/Export Wizard" screen: Click Next.
4. On Choose a Data Source window, the correct "Data Source" option, the Server and the Database should all be already correctly selected. This is so because the system already detected it based on the database you right-clicked on to launch the DTS Import/Export. Click Next.
5. You will now select the "Destination" option. Click the pulldown menu to display the list of available formats. Find "Mirosoft Excel 97/2000". Click the browse button to select where you will save the file, type the filename then click "Save". After you have specified the destination and the name of your output file, click "Next" to proceed to next window.
6. You will now see the "Specify Table Copy or Query" window. Choose "Use a query to specify the data to transfer".

Tip: If you want to export the whole table contents then you can also choose the "Copy table(s) from the source database" option. This option will export all rows and all columns. This option is not always going to work because the whole table contents may be too big to fit in your output file. By using the "query" option instead of a whole table you will be able to filter only the columns and rows you want.

7. After choosing the "Use a query to specify the data to transfer", you will now see the "Type SQL Statement" screen. In order to extract the Dynamics users list, type this:

      SELECT USERID, USERNAME, USRCLASS FROM SY01400
      
    (For my purposes, I am extracting only 3 columns. The User ID, Name and Class.)
    
    After typing the query, click "Next".
    
8. You will now see the "Select Source Tables and Views" screen. Click "Next" to accept the defaults and move on.
9. Finally you will see the "Save, schedule and replicate package". Make sure the "Run Immediately" option is checked. Click "Next", then click "Finish" on the final screen. Click the "Finish", then "Done" confirmation screens.
10. Browse the folder where you saved the file and you should now have your users list in an Excel document.     
Posted by at No comments:
Labels:

Install Office Add-ins [AX 2012]

Applies To: Microsoft Dynamics AX 2012 R3, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 Feature Pack, Microsoft Dynamics AX 2012
This topic describes how to install Microsoft Office Add-ins by using the Microsoft Dynamics AX Setup wizard. In Microsoft Dynamics AX 2012 R3 and cumulative update 7 for Microsoft Dynamics AX 2012 R2, the Microsoft Project client add-in is included with the Office Add-ins.
Use the Office Add-ins for Microsoft Dynamics AX to integrate the Microsoft Dynamics AX client with Microsoft Excel or Microsoft Word. When you install the Office Add-ins, a new contextual tab for Microsoft Dynamics AX is created on the ribbon in Excel and Word. Users can use the controls on this tab to create and update data in an Excel spreadsheet or a Word document.
With the Microsoft Project client add-in, users can take advantage of features in both Microsoft Dynamics AX and Microsoft Project to manage a project. These features include assigning workers to projects and managing work breakdown structures.

Before you install the Office Add-ins

On the computer where you are installing this component, run the prerequisite validation utility to verify that system requirements have been met. For information about how to run the prerequisite validation utility, see Check prerequisites.
For more information about the hardware and software requirements for Microsoft Dynamics AX, see the system requirements.

Install the Office Add-ins

Use this procedure to install the files for the Office Add-ins on a client computer. If you install other Microsoft Dynamics AX components at the same time, the installation screens vary, depending on the components that you are installing.
  1. Start Microsoft Dynamics AX Setup. Under Install, select Microsoft Dynamics AX components.
  2. Advance through the first wizard pages.
  3. If the Setup Support files have not yet been installed on this computer, the Select a file location page is displayed. The Setup Support files are required for installation. Provide a file location or accept the default location, and then click Next. On the Ready to install page, click Install.
  4. If you’re installing AX 2012 R3, in the Select an installation option page, click Microsoft Dynamics AX.
  5. On the Select installation type page, click Custom installation, and then click Next.
  6. On the Select components page, select Office Add-ins. When you select Office Add-ins, Remote Desktop Services integration is selected automatically. Click Next.
  7. On the Prerequisite validation results page, resolve any errors. For more information about how to resolve prerequisite errors, see Check prerequisites. When no errors remain, click Next.
  8. If you are installing the Office Add-ins on a 64-bit operating system, the Select a file location page is displayed. Select the location where you want 32-bit versions of Microsoft Dynamics AX files to be installed, and then click Next.
  9. On the Specify a location for configuration settings page, specify whether you want the Office Add-ins to access configuration information from the registry on the local computer or from a shared configuration file. If you want to use a shared configuration file, you must enter the network location of the file.
    If you use a shared configuration file, client configuration settings are not stored locally, and the Microsoft Dynamics AX Configuration utility is not installed on the client computer.
    For more information about how to use a shared configuration file, see Configure clients to use a shared configuration.
    Click Next.
  10. On the Connect to an AOS instance page, enter the name of the computer that runs the Application Object Server (AOS) instance that you want to connect to. You can optionally specify the name of the AOS instance, the TCP/IP port number, and the WSDL port for services.
    If you do not know the name of the AOS instance or the port information, contact the Microsoft Dynamics AX administrator.
    NoteNote
    If you entered AOS connection information for other Microsoft Dynamics AX components that are installed on this computer, this page is not displayed. Subsequent installations on the same computer reuse the existing AOS connection.
    Click Next.
  11. On the Prerequisite validation results page, resolve any errors. When no errors remain, click Next.
  12. On the Ready to install page, click Install.
  13. After the installation is completed, click Finish to close the wizard.
  14. The first time that you open Excel or Word on a computer where the Office Add-ins component was installed, you are prompted to install the add-in. Click Install to continue with the installation.   
Posted by at No comments:
Labels:

Tuesday, February 7, 2017

PIN and Fingerprint Sign-in options unavailable (greyed out) in Windows 10 1607 Enterprise

See the post:

https://social.technet.microsoft.com/Forums/en-US/b975932a-b50b-4759-b43a-c94854c6da83/cant-enable-windows-hello-with-fresh-install-of-anniversity-upgrade-on-domain-account?forum=win10itprosetup
Apparently 1607 requires this registry key setting to enable PIN login on domain joined machines:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
"AllowDomainPINLogon"=dword:00000001
Posted by at No comments:
Labels: ,

How to use BitLocker Drive Encryption on Windows 10

Things to know before diving into this guide

  • BitLocker Drive Encryption is available only on Windows 10 Pro and Windows 10 Enterprise.
  • For best results your computer must be equipped with a Trusted Platform Module (TPM) chip. This is a special microchip that enables your device to support advanced security features.
  • You can use BitLocker without a TPM chip by using software-based encryption, but it requires some extra steps for additional authentication.
  • Your computer's BIOS must support TPM or USB devices during startup. If this isn't the case, you'll need to check your PC manufacturer's support website to get the latest firmware update for your BIOS before trying to set up BitLocker.
  • Your PC's hard drive must contain two partitions: a system partition, which contains the necessary files to start Windows, and the partition with the operating system. If your computer doesn't meet the requirements, BitLocker will create them for you. Additionally, the hard drive partitions must be formatted with the NTFS file system.
  • The process to encrypt an entire hard drive isn't difficult, but it's time-consuming. Depending the amount of data and size of the drive, it can take a very long time.
  • Make sure to keep your computer connected to an uninterrupted power supply throughout the entire process.
Important: While BitLocker is a stable feature on Windows 10, as any significant change you make to your computer has its risks. It's always recommended that you make a full backup of your system before proceeding with this guide.

How to check if your device has a TPM chip

  1. Use the Windows key + X keyboard shortcut to open the Power User menu and select Device Manager.
  2. Expand Security devices. If you have a TPM chip, one of the items should read Trusted Platform Module with the version number.
Note: Your computer must have a TPM chip version 1.2 or later to support BitLocker.
Alternatively, you can also check your PC manufacturer's support website to find out if your device includes the security chip, and for instructions to enable the chip in the BIOS (if applicable).
Devices, such as Surface Pro 3Surface Pro 4, or Surface Book come with the TMP chip to support BitLocker encryption.

How to ensure you can turn on BitLocker without TPM

If your computer doesn't include a Trusted Platform Module chip, you won't be able to turn on BitLocker on Windows 10. In this is your case, you can still use encryption, but you'll need to use the Local Group Policy Editor to enable additional authentication at startup.
  1. Use the Windows key + R keyboard shortcut to open the Run command, type gpedit.msc, and click OK.
  2. Under Computer Configuration, expand Administrative Templates.
  3. Expand Windows Components.
  4. Expand BitLocker Drive Encryption and Operating System Drives.
  5. On the right side, double-click Require additional authentication at startup.
  6. Select Enabled.
  7. Make sure to check the "Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)" option.
  8. Click OK to complete this process.

How to turn on BitLocker on the Operating system drive

Once you made sure BitLocker can be properly enabled on your computer, follow these steps:
  1. Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.
  2. Click System and Security.
  3. Click BitLocker Drive Encryption.
  4. Under BitLocker Drive Encryption, click Turn on BitLocker.
  5. Choose how you want to unlock your drive during startup: Insert a USB flash drive or Enter a password. For the purpose of the guide, select Enter a password to continue.
  6. Enter a password that you'll use every time you boot Windows 10 to unlock the drive, and click Next to continue. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)
  7. You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Options include:
    • Save to your Microsoft account
    • Save to a USB flash drive
    • Save to a file
    • Print the recovery
    Select the option that is most convenient for you, and save the recovery key in a safe place.
    Quick Tip: If you trust the cloud, you can choose to save your recovery key in your Microsoft account using the Save to your Microsoft account option. In which case, you can retrieve your encryption key at this location: https://onedrive.live.com/recoverykey.
  8. Click Next to continue.
  9. Select the encryption option that best suits your scenario:
    • Encrypt used disk space only (faster and best for new PCs and drives)
    • Encrypt entire drive (slower but best for PCs and drives already in use)
  10. Choose between the two encryption options:
    • New encryption mode (best for fixed drives on this device)
    • Compatible mode (best for drives that can be moved from this device)
      On Windows 10 version 1511, Microsoft introduced support for XTS-AES encryption algorithm. This new encryption method provides additional integrity support and protection against new attacks that use manipulating cipher text to cause predictable modifications in clear text. BitLocker supports 128-bit and 256-bit XTS AES keys.
  11. Click Next to continue.
  12. Make sure to check the Run BitLocker system check option, and click Continue.
  13. Finally, restart your computer to begin the encryption process.
  14. On reboot, BitLocker will prompt you to enter your encryption password to unlock the drive. Type the password and press Enter.
After rebooting, you'll notice that your computer will quickly boot to the Windows 10 desktop. However, if you go to Control Panel > System and Security > BitLocker Drive Encryption, you'll see that BitLocker is still encrypting your drive. Depending on the option you selected and the size of the drive, this process can take a long time, but you'll still be able to work on your computer.
Once the encryption process completes, the drive level should read BitLocker on.
You can verify that BitLocker is turned on by the lock icon on the drive when you open This PC on File Explorer.

BitLocker Drive Encryption options

When BitLocker is enabled on your main hard drive, you'll get a few additional options, including:
  • Suspend protection: When you're suspending protection your data won't be protected. Typically, you would use this option when applying a new operating system, firmware, or hardware upgrade. If you don't resume the encryption protection, BitLocker will resume automatically during the next reboot.
  • Back up your recovery key: If you lose your recovery key, and you're still signed into your account, you can use this option to create a new backup of the key with the options mentioned on step 6.
  • Change password: You can use this option to create a new encryption password, but you'll still need to supply the current password to make the change.
  • Remove password: You can't use BitLocker without a form of authentication. You can remove a password only when you configure a new method of authentication.
  • Turn off BitLocker: In the case, you no longer need encryption on your computer, BitLocker provides a way to decrypt all your files. However, make sure to understand that after turning off BitLocker your sensitive data will no longer be protected. In addition, decryption may take a long time to complete its process depending on the size of the drive, but you can still use your computer.

How to turn on BitLocker To Go

BitLocker is not an encryption feature that you can enable globally on every drive connected to your computer at once. It has two part: you can use BitLocker Drive Encryption to encrypt your sensitive data on the main hard drive of your PC, and then you can use BitLocker To Go. This last feature will help you to use encryption on remove drives and secondary hard drives connected to your computer.
To turn on BitLocker To Go on a removable drive do the following:
  1. Connect the drive you want to use with BitLocker.
  2. Use the Windows key + X keyboard shortcut to open the Power User menu and select Control Panel.
  3. Click System and Security.
  4. Click BitLocker Drive Encryption.
  5. Under BitLocker To Go, expand the drive you want to encrypt.
  6. Click the Turn on BitLocker link.
  7. Check the Use a password to unlock the drive option, and create a password to unlock the drive. (Make sure to create a strong password mixing uppercase, lowercase, numbers, and symbols.)
  8. Click Next to continue.
  9. You will be given the choices to save a recovery key to regain access to your files in case you forget your password. Options include:
    • Save to your Microsoft account
    • Save to a file
    • Print the recovery
    Select the option that is most convenient for you, and click Next.
  10. Choose the encryption option that best suits your scenario:
    • Encrypt used disk space only (faster and best for new PCs and drives)
    • Encrypt entire drive (slower but best for PCs and drives already in use)
  11. Select between the two encryption options:
    • New encryption mode (best for fixed drives on this device)
    • Compatible mode (best for drives that can be moved from this device)
      In this step is recommended that you select the "Compatible mode," as it will ensure you can unlock the drive if you move it to another computer running a previous version of the operating system.
  12. Click Start encrypting to finish the process.
When encrypting a storage try to start with an empty removable media, as it'll speed up the process, then new data will encrypt automatically.
In addition, similar to BitLocker Drive Encryption, you will get the same additional options using BitLocker To Go, plus a few more, including:
  • Add smart card: This option will allow you to configure a smart card to unlock the removable drive.
  • Turn on auto-unlock: Instead of having to type a password every time you re-connect the removable drive, you can enable auto-unlock to access your encrypted data without entering a password.

Quick access to manage your BitLocker drive

Whether you turn on BitLocker for your system hard drive or removable drive, you can always get quick access to the BitLocker settings for a particular drive using the following steps:
  1. Use the Windows key + E keyboard shortcut to open File Explorer.
  2. Click This PC from the left pane.
  3. Right-click the encrypted drive and select Manage BitLocker.

Posted by at 1 comment:
Labels: ,

Repeated Activation Prompts occur after installing Volume License version of Office 2016

Symptoms

After installing a Volume License copy of Office 2016, screen keeps prompting for Activation. 


"Let's get started"





Workaround



Registry key information

ImportantThis section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base: 

322756 How to back up and restore the registry in Windows 

   

To resolve this problem, export the following registry keys and delete from computer.  
  1. Close activation screen.
  2. On the Start menu, click Run.
  3. Type regedit, and then press Enter.
  4. Select the following key in the registry.
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\16.0\Common\OEM
  5. Right click the OEM value and click File>Export.
  6. Save the key
  7. Once the key is backed-up, click on Edit>Delete
  8. Repeat steps 4-7 with following key
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\16.0\Common\OEM
    Exit Registry Editor 
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)