Fast User Switching with Remote Desktop

A Windows Vista machine has a user called fourthcoffeejoberry logged on. Another user, fourthcoffeehenrikjensen logs on with Remote Desktop.

  1. fourthcoffeehenrikjensen receives this message, and presses Yes:
  2. The logged on user, fourthcoffeejoberry will see this popup on her desktop and press OK:

    While fourthcoffeehenrikjensen waits for fourthcoffeejoberry to respond, this message is displayed in his Remote Desktop window:
  3. fourthcoffeejoberry will be disconnected from her session and the screen on the Windows Vista machine will display Press CTRL+ALT+DELETE to log on:
  4. If she presses Ctrl+Alt+Del she will see that she is just disconnected and not logged of:
  5. The currently logged on user, fourthcoffeehenrikjensen can also see this if he opens Task Manager and displays processes from all users:
  6. fourthcoffeehenrikjensen logs off from Remote Desktop, fourthcoffeejoberry can now press Ctrl+Alt+Del and log in again.

If fourthcoffeejoberry tries to log on before fourthcoffeehenrikjensen has logged of, the process happens in reverse.

  1. fourthcoffejoberry presses Ctrl+Alt+Del and logs on, she receives this message:
  2. The prompt is presented to fourthcoffeehenrikjensen (logged on via Remote Desktop):

    While waiting for fourthcoffeehenrikjensen to reply, this message will display on fourthcoffeejoberry’s desktop:
  3. fourthcoffeejoberry is logged on to her session and sees her desktop as it was when she was disconnected. fourthcoffeehenrikjensen is also still logged on. He has to reconnect, disconnecting fourthcoffeejoberry temporarily, to log off from his session.

Windows Virtual PC: Disable the Internal network DHCP server

The Internal network network in Windows Virtual PC (WVP) has a built in DHCP service that provides the clients connected to it with addresses in the 169.254.0.16 to 169.254.10.254 range. If you need to disable this DHCP service this is how you do it:

  1. Shut down or hibernate all your running virtual machines
  2. Wait for vpc.exe to close, it usually does so by itself a few minutes after the last virtual machine has been closed. If you don’t want to wait you can kill it in Task Manager.
  3. Open the file %localappdata%microsoftWindows Virtual PCoptions.xml and find the Internal Network section.
  4. In the <dhcp> section, find the tag enabled and change its value from true to false:
  5. Save the file and restart your virtual machines.

Exploring Task Scheduler

Introduction

The new Task Scheduler 2.0 included in Windows Vista and improved on in Windows 7 has the ability to send an email when a task is triggered. Also new is the ability to attach a task to an event from the Event system. You could for instance create a task that sent you an email if you received an event specifying an imminent hard drive failure. For simplicity in my test I attached a task to event 7036 in the System log, which is logged every time a service starts. The UI is actually very nice since you can create the task directly from the Event Viewer using the Attack Task To This Event action:

When you do this you can find that task in the Task Scheduler in the Event Viewer Tasks folder.

Notice also the nice History tab which shows you the history of this particular task. As you can see I have an error in the Task category Action Failed. Lets look at that.

There is no human readable explanation in the data telling us why the email wasn’t sent. But there is an error value. In this case 2147746321 (0x80040211). I had no idea what that value actually meant so I ran it through Microsoft’s Err.exe application which is able to resolve error values on Windows. The output of Err.exe looked like this:

C:UsersmorganDownloadsErrErr>err 2147746321
# for decimal -2147220975 / hex 0x80040211 :
CDO_E_SMTP_SEND_FAILED                                        cdosyserr.h
  IMAPI_E_DEVICE_NOPROPERTIES                                   imapierror.h
UPNP_E_TRANSPORT_ERROR                                        upnp.h
VFW_E_NOT_COMMITTED                                           vfwmsgs.h
# Cannot allocate a sample when the allocator is not
# active.%0
# for hex 0xffffffff / decimal -1 :
NO_TITLE                                                      ftsiface.h
USE_DEFAULT                                                   ftsiface.h
JET_wrnNyi                                                    esent98.h
# /* Function Not Yet Implemented */
LZERROR_BADINHANDLE                                           lzexpand.h
# /* invalid input handle */
MAPI_DIAG_NO_DIAGNOSTIC                                       mapidefs.h
MSIDBERROR_FUNCTIONERROR                                      msiquery.h
# function error
ERROR_UNHANDLED_ERROR                                         ntddchgr.h
# Unknown error condition
PDR_ERROR                                                     penwin.h
# parameter or unspecified error
ICERR_UNSUPPORTED                                             vfw.h
ERROR_UNHANDLED_ERROR                                         winioctl.h
# Unknown error condition
# 14 matches found for “2147746321”

As you can see Err looks at all the header files that has that error value specified in them so you are bound to get many false positives. Task Scheduler uses CDO to send mail so in this case it is the information in the cdosyserr.h file that will tell us what the error is; CDO_E_SMTP_SEND_FAILED. OK, so CDO failed to send an email, why? To find that out I did a network trace using Wireshark while the task executed. The trace uncovered this error from the SMTP server: 550 5.7.1 Client does not have permissions to send as this sender. Since this is Windows talking to an Exchange 2010 server it will automatically authenticate, and it will authenticate using the credentials of the account that is used to run the task in Task Scheduler. This particular task is set up to run as my account; SIMONSENMorgan. According to the security settings on the Exchange 2010 Receive connector I am not allowed to send using an email address I do not own. That is, that is not specified as belonging to my account in Active Directory. As a result we get the SMTP error from Exchange. To remedy this I can temporarily permit my account to send as any sender:

Get-ReceiveConnector default* | Add-ADPermission -User SIMONSENmorgan -ExtendedRights “ms-Exch-SMTP-Accept-Any-Sender”

And now I will get the message, so to speak:

The History tab in Task Scheduler now also indicates a success:

Task Scheduler successfully completed task “Event Viewer TasksSystem_Service Control Manager_7036” , instance “{3d755426-8e80-49aa-9bdf-3475b032c7dd}” , action “Task notification” with return code 0.

(Incidentally while setting this up I first specified my old SMTP server, which was no longer running the SMTP service. The error in the task history displayed another error in this situation 2147746323 (0x80040213). Translated with Err this is the error CDO_E_FAILED_TO_CONNECT.)

The ‘A service started!’ message in the email is not very helpful so I started to look for ways to include data from the event in the message. After a (very) long time I was able to do that with the help of these resources:

The short story is that you have to create a task attached to an event, and then export it and manually change what data is retrieved from the event. For reference I have included the XML export from my test here. You have to edit this task to supply your own sender, recipient and SMTP server values.

What happened to at.exe?

 

 

From Windows help:
The at.exe executable schedules commands and programs to run on a computer at a specified time and date similar to Task Scheduler. Task Scheduler and the schtasks.exe executable replace at.exe. All tasks created using the at.exe executable must run under the same account. By default this account is the local system account, but you can change this by configuring the AT service account information.

More information

WinRM and TCP ports

WinRM, or Windows Remote Management, is an HTTP based remote management and shell protocol for Windows. The Windows Remote Management Service is responsible for this functionality. If WinRM is not configured for remote access, but the service is started, it listens for local requests on TCP port 47001. If you create listener it will still listen on 47001, but also on the default TCP ports 5985 (HTTP) and 5986 (HTTPS).

Upgrading to a higher edition (SKU) of Windows 7/Windows Server 2008 R2 using DISM

The Deployment Image Servicing and Management (DISM) tool is a new tool included with Windows 7 and Windows Server 2008 R2. DISM enumerates, installs, uninstalls, configures, and updates features in Windows images, in either WIM or VHD format. DISM can also work against online (running) instances. Of special interest for this post are the editions commands; Get-CurrentEdition, Set-Edition, Get-TargetEditions, and their side-kick Set-ProductKey. With these you can upgrade a Windows instance from the command line without access to media. For Windows 7 and Windows Server 2008 R2 all the bits for higher editions are present in the instance or image. This is great news, because with previous versions of Windows you had to pop in the media, usually a CD/DVD, and perform an upgrade manually. For offline images (WIM/VHD) this is supported for both Windows 7 and Windows Server 2008 R2. But for running instances, or online, it is only supported for Windows Server, and only if the server is not a DC.

  1. Find the current edition for a running instance (online):
    dism.exe /online /Get-CurrentEdition
  2. Find the current edition for an offline image:
    dism.exe /image:c:mounted_image /Get-CurrentEdition
  3. Find the valid target editions for a running instance (online):
    dism.exe /online /Get-TargetEditions
  4. Find the valid target editions for an offline image:
    dism.exe /image:c:mounted_image /Get-TargetEditions
  5. Upgrade a running instance (online):
    dism.exe /online /Set-Edition:”ServerDatacenter” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE
  6. Upgrade an offline image:
    dism.exe /image:c:mounted_image /Set-Edition:”Professional” /ProductKey:AAAAA-BBBBB-CCCCC-DDDDD-EEEEE

When using Set-Edition, the parameter ProductKey is also required. Note that ProductKey in this case is a parameter for Set-Edition and not the Set-ProductKey command. Set-ProductKey can only be used against the current running instance and against offline instances. (If you do not have a product key, you can use the KMS key for the edition you are upgrading to. This will, of course, not get you a free license or anything, but it is convenient for testing. Find the KMS keys here.) For offline images it is also important to note that the images has to be generalized before you can upgrade it. Use sysprep.exe /generalize to do this.

Transcript of the upgrading of a VHD file:

C:Usersadministrator>diskpart

Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV

DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd

DiskPart successfully selected the virtual disk file.

DISKPART> attach vdisk

  100 percent completed

DiskPart successfully attached the virtual disk file.

DISKPART> list volume

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
———-  —  ———–  —–  ———-  ——-  ———  ——–
Volume 0     F                       CD-ROM          0 B  No Media
Volume 1     C                NTFS   Partition    465 GB  Healthy    System
Volume 2     D                NTFS   Partition    931 GB  Healthy
Volume 3     E                NTFS   Partition    931 GB  Healthy
Volume 4     G   System Rese  NTFS   Partition    100 MB  Healthy
Volume 5     V                NTFS   Partition    126 GB  Healthy

DISKPART> exit

Leaving DiskPart…

C:Userssuperman>dism /image:v: /get-Targeteditions

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Editions that can be upgraded to:

Target Edition : ServerDataCenter
Target Edition : ServerEnterprise

The operation completed successfully.

C:Userssuperman>dism /image:v: /set-edition:ServerDataCenter

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Starting to update components…
Removing package Microsoft-Windows-ServerEnterpriseEdition~31bf3856ad364e35~amd64~~6.1.7600.16385
[==========================100.0%==========================]
Finished updating components.

Starting to apply edition-specific settings…
Finished applying edition-specific settings.

The operation completed successfully.

C:Usersadministrator>diskpart

Microsoft DiskPart version 6.1.7600
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: HOME-HYPERV

DISKPART> select vdisk file=E:Hyper-Vlab-w2k8r2quicktestlab-w2k8r2quicktest.vhd

DiskPart successfully selected the virtual disk file.

DISKPART> detach vdisk

DiskPart successfully detached the virtual disk file.

DISKPART> exit

Leaving DiskPart…

C:Usersadministrator>

This VHD is actually from a Hyper-V server, and has been generalized before it was mounted on the host and upgraded.

Some more info about DIMS and image servicing: http://technet.microsoft.com/en-us/library/dd744543(WS.10).aspx

Exchange 2010 not receiving mail

My Inbox had been awfully quiet for a few days. Time to investigate:

Putty with manual SMTP session:

220 <servername> Microsoft ESMTP MAIL Service ready at Wed, 2 Dec 2009 12:53:01 +0100
ehlo server1.nowhere.com
500 5.3.3 Unrecognized command
ehlo server1.nowhere.com
250-<servername> Hello [<client IP>]
250-SIZE
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-X-ANONYMOUSTLS
250-AUTH NTLM
250-X-EXPS GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250-CHUNKING
250-XEXCH50
250-XRDST
250 XSHADOW
mail from:test@nowhere.com
452 4.3.1 Insufficient system resources
rcpt to:morgan@simonsen.bz

That’s not good. What does the event log say:

Event Log:

Index              : 5950
EntryType          : Error
InstanceId         : 3221502622
Message            : Microsoft Exchange Transport is rejecting message submissions because the available disk space has
dropped below the configured threshold.

                     The following resources are under pressure:
Queue database logging disk space (“C:Program FilesMicrosoftExchange ServerV14TransportRoles
dataQueue”) = 88% [Medium] [Normal=86% Medium=88% High=90%]
Physical memory load = 95% [limit is 94% to start dehydrating messages.]

                     The following components are disabled due to back pressure:
Inbound mail submission from the Internet
Mail submission from Pickup directory
Mail submission from Replay directory
Content aggregation

                     The following resources are in normal state:
Queue database and disk space (“C:Program FilesMicrosoftExchange ServerV14TransportRolesdata
Queuemail.que”) = 88% [Normal] [Normal=92% Medium=94% High=96%]
Version buckets = 0 [Normal] [Normal=80 Medium=120 High=200]
Private bytes = 8% [Normal] [Normal=71% Medium=73% High=75%]
Batch Point = 0 [Normal] [Normal=1000 Medium=2000 High=4000]

Category           : ResourceManager
CategoryNumber     : 15

Source             : MSExchangeTransport
TimeGenerated      : 29.11.2009 21:45:58
TimeWritten        : 29.11.2009 21:45:58
UserName           :

That’s worse. The server had about 1.6 GB free disk space, and had hit the threshold set for the Queue database. I extended the disk to 32 GB and all was well. Hopefully not too many messages have been lost. SMTP has a default retry period of 48 hrs so I should have a lot of new messages as the various sending servers retry to deliver their messages.