Problem starting Microsoft CRM 4.0 on a Terminal Server

This error occurred when I tried to start the CRM 4.0 client on a terminal server. The client stopped loading with the error message:

"An error occurred loading Microsoft Dynamics CRM functionality. Try restarting Outlook"

And in the toolbar it said:

Initializing MAPI sub-system

In the eventlog I got the following error:

Event Type:    Error
Event Source:    MSCRMAddin
Event Category:    None
Event ID:    5975
Date:        2009-02-26
Time:        00:41:04
User:        N/A
Computer:    CRMSERVER
Description:
An error occurred initializing a process that triggers Microsoft CRM actions based on Outlook events.  Some synchronization or tagging actions may not occur.  Try restarting Microsoft Outlook. HR=0x8007007e. Context=. Function=CAddin::HrActivateAddin. Line=697.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I think the problem was due to the fact that Microsoft CRM 3.0 had been installer on the server and there was something left in the users profile.

The solution to the problem was to delete the local profile for the user in My Computer > Advanced Settings

Links:

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.crm&tid=2b7957c4-d0fb-4689-918e-c3ab91736c42
http://support.microsoft.com/kb/948312
http://support.microsoft.com/kb/949087

Problems installing Flash in TS or Citrix

Today I ran into a curious problem. I had installed Flash 9 on three Citrix servers and on the last one it only worked for admins.

I googled for a while and ran into this solution:

1. Make sure you have ADMIN privileges to the machine
2. Search your machine for the file “flash.ocx”
3. copy or write down the full path to this file. It -should- be
C:/Windows/System32/Macromed/Flash/Flash.ocx
If the file is NOT in that folder, copy it into that folder. Make sure there are NO other .ocx files in that folder. If there is an ‘swflash.ocx’ delete it.
4. Choose Start> Run
5. In the run dialog, type or paste exactly this line. :
RegSvr32 C:/Windows/System32/Macromed/Flash/Flash.ocx

 

And it worked!!!

Links:

http://www.brianmadden.com/forums/t/21123.aspx

Citrix Metaframe having problems with Windows Server 2000 SP4 Rollup Fix 1

The other day I ran into a problem with an old Windows 2000 Citrix Server which suddenly stopped accepting some connections. The problem turned out to be that they recently updated the server with Rollup Fix 1 (from 2005). It seems that there is a problem with RO1 together with Citrix. The fix needs to be manually downloaded from MS.

Links

http://support.microsoft.com/default.aspx?scid=kb;en-us;891861
http://support.microsoft.com/kb/904711
http://support.citrix.com/article/CTX107051

Terminal Services Lockdown Checklist

Note: This is a work in progress

[Computer ConfigurationAdmin TemplatesSystemGroup Policy]

Enable the following setting:
User Group Policy loopback processing mode

[Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options]

Enable the following settings:
Do not display last user name in logon screen
Restrict CD-ROM access to locally logged-on user only
Restrict floppy access to locally logged-on user only

[Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Installer]

Enable the following setting, and set it to Always:
Disable Windows Installer

Note The default setting for Disable Windows Installer prevents any non-managed applications from being installed by a non-administrator. Setting Disable Windows Installer to Always may prevent some of the newer updates from Windows Update from being applied. Therefore, we recommend that you only set Disable Windows Installer to Always if there is a specific need or an identified threat that you must address. 

[User ConfigurationWindows SettingsFolder Redirection]

Enable the following settings:
Application Data
Desktop
My Documents
Start Menu

[User ConfigurationAdministrative TemplatesWindows ComponentsWindows Explorer]

Enable the following settings:
Remove Map Network Drive and Disconnect Network Drive
Remove Search button from Windows Explorer
Disable Windows Explorer’s default context menu
Hides the Manage item on the Windows Explorer context menu
Hide these specified drives in My Computer (Enable this setting for A through D.)
Prevent access to drives from My Computer (Enable this setting for A through D.)
Hide Hardware Tab

[User ConfigurationAdministrative TemplatesWindows ComponentsTask Scheduler]

Enable the following settings:
Prevent Task Run or End
Disable New Task Creation

[User ConfigurationAdministrative TemplatesStart Menu & Taskbar]

Enable the following settings:
Disable and remove links to Windows Update
Remove common program groups from Start Menu
Disable programs on Settings Menu
Remove Network & Dial-up Connections from Start Menu
Remove Search menu from Start Menu
Remove Help menu from Start Menu
Remove Run menu from Start Menu
Add Logoff to Start Menu
Disable and remove the Shut Down command
Disable changes to Taskbar and Start Menu Settings

[User ConfigurationAdministrative TemplatesDesktop]

Enable the following settings:
Hide My Network Places icon on desktop
Prohibit user from changing My Documents path

[User ConfigurationAdministrative TemplatesControl Panel]

Enable the following setting:
Disable Control Panel
Important When you enable this setting, you prevent administrators from installing any MSI package on to the Terminal Server, even if the explicit Deny is set for the Administrator account. 

[User ConfigurationAdministrative TemplatesSystem]

Enable the following settings:
Disable the command prompt (Set Disable scripts to No)
Disable registry editing tools

[User ConfigurationAdministrative TemplatesSystemLogon/Logoff]

Enable the following settings:
Disable Task Manager
Disable Lock Computer

[Computer ConfigurationAdministrative TemplatesSystemUser Profiles]

Enable the following settings:

Delete Cached Copies of Roaming Profiles

[User ConfigurationAdministrative TemplatesInternet ExplorerInternet Control PanelAdvanced Page]

Enable the following settings:

Empty Temporary Internet Files Folder when browser is closed

Turn off Internet Explorer enhanced Security for regualar users

Links:

http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html
http://support.microsoft.com/?kbid=278295
http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=37&threadid=45686&enterthread=y
http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html

Unable to open shim database version registry key – v2.0.50727.00000.

Q: I get the following error om my terminal servers:

Event Type: Error
Event Source: .NET Runtime
Event Category: None
Event ID: 0
Date:  2007-06-19
Time:  07:08:58
User:  N/A
Computer: COMPUTER
Description:
The description for Event ID ( 0 ) in Source ( .NET Runtime ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Unable to open shim database version registry key – v2.0.50727.00000.

A: There is a hotfix for this but I am not sure how public it is. I got it from connect.microsoft.com (direct link below)

KB Link

Download Link

Source

SSL/TLS protected RDP

From Windows Server 2003 SP1 it is possible to protect the RDP connection using SSL/TLS. This will give you a HUGE boost in security. Here is a simple way to set it up using a self signed certificate.

1. Create a self signed certificate using SelfSSL from the IIS 6.0 Resource Kit

   selfssl.exe /N:CN=LABDC01 /K:1024 /V:7 /S:1 /P:443

Note: If you already have IIS installed this will add the cert to the default website and if you are not going to use it you can disable SSL on that site. If you already have a SSL site on the computer you will need to back up the cert because this will be broken so you will need to recreate it. If you do not have IIS installed you will recieve an error message because the cert can’t be added to the default website but it will still be addad to the computer cert store.

2. Start Terminal Services Configuration and open properties of RDP. Click the edit button and select the correct certificate.

3. Select Security Layer SSL

Problems with Citrix over VPN

I had some problems with a customers brand new Citrix Server. I can use it locally but I run into problems over VPN.

After some searching the net I found this article on Citrix Knowledgebase. It gave a hint on somethin called Session Reliability whish I hadn’t heard of before. I said that I migth get it to work if I turned session reliability of. And what do you know… they where right 🙂

You can find the setting under Citrix Farm Properties.

Links:

Troubleshooting the Citrix XTE Service and Errors