• Problem starting Microsoft CRM 4.0 on a Terminal Server

    This error occurred when I tried to start the CRM 4.0 client on a terminal server. The client stopped loading with the error message:

    "An error occurred loading Microsoft Dynamics CRM functionality. Try restarting Outlook"

    And in the toolbar it said:

    Initializing MAPI sub-system

    In the eventlog I got the following error:

    Event Type:    Error
    Event Source:    MSCRMAddin
    Event Category:    None
    Event ID:    5975
    Date:        2009-02-26
    Time:        00:41:04
    User:        N/A
    Computer:    CRMSERVER
    Description:
    An error occurred initializing a process that triggers Microsoft CRM actions based on Outlook events.  Some synchronization or tagging actions may not occur.  Try restarting Microsoft Outlook. HR=0x8007007e. Context=. Function=CAddin::HrActivateAddin. Line=697.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    I think the problem was due to the fact that Microsoft CRM 3.0 had been installer on the server and there was something left in the users profile.

    The solution to the problem was to delete the local profile for the user in My Computer > Advanced Settings

    Links:

    http://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.crm&tid=2b7957c4-d0fb-4689-918e-c3ab91736c42
    http://support.microsoft.com/kb/948312
    http://support.microsoft.com/kb/949087

  • Problems installing Flash in TS or Citrix

    Today I ran into a curious problem. I had installed Flash 9 on three Citrix servers and on the last one it only worked for admins.

    I googled for a while and ran into this solution:

    1. Make sure you have ADMIN privileges to the machine
    2. Search your machine for the file “flash.ocx”
    3. copy or write down the full path to this file. It -should- be
    C:/Windows/System32/Macromed/Flash/Flash.ocx
    If the file is NOT in that folder, copy it into that folder. Make sure there are NO other .ocx files in that folder. If there is an ‘swflash.ocx’ delete it.
    4. Choose Start> Run
    5. In the run dialog, type or paste exactly this line. :
    RegSvr32 C:/Windows/System32/Macromed/Flash/Flash.ocx

     

    And it worked!!!

    Links:

    http://www.brianmadden.com/forums/t/21123.aspx

  • Citrix Metaframe having problems with Windows Server 2000 SP4 Rollup Fix 1

    The other day I ran into a problem with an old Windows 2000 Citrix Server which suddenly stopped accepting some connections. The problem turned out to be that they recently updated the server with Rollup Fix 1 (from 2005). It seems that there is a problem with RO1 together with Citrix. The fix needs to be manually downloaded from MS.

    Links

    http://support.microsoft.com/default.aspx?scid=kb;en-us;891861
    http://support.microsoft.com/kb/904711
    http://support.citrix.com/article/CTX107051

  • Terminal Services Lockdown Checklist

    Note: This is a work in progress

    [Computer ConfigurationAdmin TemplatesSystemGroup Policy]

    Enable the following setting:
    User Group Policy loopback processing mode

    [Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity Options]

    Enable the following settings:
    Do not display last user name in logon screen
    Restrict CD-ROM access to locally logged-on user only
    Restrict floppy access to locally logged-on user only

    [Computer ConfigurationAdministrative TemplatesWindows ComponentsWindows Installer]

    Enable the following setting, and set it to Always:
    Disable Windows Installer

    Note The default setting for Disable Windows Installer prevents any non-managed applications from being installed by a non-administrator. Setting Disable Windows Installer to Always may prevent some of the newer updates from Windows Update from being applied. Therefore, we recommend that you only set Disable Windows Installer to Always if there is a specific need or an identified threat that you must address. 

    [User ConfigurationWindows SettingsFolder Redirection]

    Enable the following settings:
    Application Data
    Desktop
    My Documents
    Start Menu

    [User ConfigurationAdministrative TemplatesWindows ComponentsWindows Explorer]

    Enable the following settings:
    Remove Map Network Drive and Disconnect Network Drive
    Remove Search button from Windows Explorer
    Disable Windows Explorer’s default context menu
    Hides the Manage item on the Windows Explorer context menu
    Hide these specified drives in My Computer (Enable this setting for A through D.)
    Prevent access to drives from My Computer (Enable this setting for A through D.)
    Hide Hardware Tab

    [User ConfigurationAdministrative TemplatesWindows ComponentsTask Scheduler]

    Enable the following settings:
    Prevent Task Run or End
    Disable New Task Creation

    [User ConfigurationAdministrative TemplatesStart Menu & Taskbar]

    Enable the following settings:
    Disable and remove links to Windows Update
    Remove common program groups from Start Menu
    Disable programs on Settings Menu
    Remove Network & Dial-up Connections from Start Menu
    Remove Search menu from Start Menu
    Remove Help menu from Start Menu
    Remove Run menu from Start Menu
    Add Logoff to Start Menu
    Disable and remove the Shut Down command
    Disable changes to Taskbar and Start Menu Settings

    [User ConfigurationAdministrative TemplatesDesktop]

    Enable the following settings:
    Hide My Network Places icon on desktop
    Prohibit user from changing My Documents path

    [User ConfigurationAdministrative TemplatesControl Panel]

    Enable the following setting:
    Disable Control Panel
    Important When you enable this setting, you prevent administrators from installing any MSI package on to the Terminal Server, even if the explicit Deny is set for the Administrator account. 

    [User ConfigurationAdministrative TemplatesSystem]

    Enable the following settings:
    Disable the command prompt (Set Disable scripts to No)
    Disable registry editing tools

    [User ConfigurationAdministrative TemplatesSystemLogon/Logoff]

    Enable the following settings:
    Disable Task Manager
    Disable Lock Computer

    [Computer ConfigurationAdministrative TemplatesSystemUser Profiles]

    Enable the following settings:

    Delete Cached Copies of Roaming Profiles

    [User ConfigurationAdministrative TemplatesInternet ExplorerInternet Control PanelAdvanced Page]

    Enable the following settings:

    Empty Temporary Internet Files Folder when browser is closed

    Turn off Internet Explorer enhanced Security for regualar users

    Links:

    http://www.msterminalservices.org/articles/Locking-Down-Windows-Terminal-Services.html
    http://support.microsoft.com/?kbid=278295
    http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=37&threadid=45686&enterthread=y
    http://www.msterminalservices.org/articles/Managing-Terminal-Services-Group-Policy.html

  • Deploy Citrix Client using GPO

    Here is a link on how to package a Citrix Client for deployment using AD and GPO

    Source

    http://www.appdeploy.com/packages/detail.asp?id=539

  • Unable to open shim database version registry key – v2.0.50727.00000.

    Q: I get the following error om my terminal servers:

    Event Type: Error
    Event Source: .NET Runtime
    Event Category: None
    Event ID: 0
    Date:  2007-06-19
    Time:  07:08:58
    User:  N/A
    Computer: COMPUTER
    Description:
    The description for Event ID ( 0 ) in Source ( .NET Runtime ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Unable to open shim database version registry key – v2.0.50727.00000.

    A: There is a hotfix for this but I am not sure how public it is. I got it from connect.microsoft.com (direct link below)

    KB Link

    Download Link

    Source

  • SSL/TLS protected RDP

    From Windows Server 2003 SP1 it is possible to protect the RDP connection using SSL/TLS. This will give you a HUGE boost in security. Here is a simple way to set it up using a self signed certificate.

    1. Create a self signed certificate using SelfSSL from the IIS 6.0 Resource Kit

       selfssl.exe /N:CN=LABDC01 /K:1024 /V:7 /S:1 /P:443

    Note: If you already have IIS installed this will add the cert to the default website and if you are not going to use it you can disable SSL on that site. If you already have a SSL site on the computer you will need to back up the cert because this will be broken so you will need to recreate it. If you do not have IIS installed you will recieve an error message because the cert can’t be added to the default website but it will still be addad to the computer cert store.

    2. Start Terminal Services Configuration and open properties of RDP. Click the edit button and select the correct certificate.

    3. Select Security Layer SSL

  • Citrix Client Problems

    Apparently there is a change in the hotkey setup in Citrix Client v10 which sets Shift-F12 to mean Full Screen. Unfortunatley this conflicts with the AS/400 setup at one of my customers where Shift-F12 means F24… 

    I am looking into this problem and I will write more in this article if I find a solution 

  • Problems with Citrix over VPN

    I had some problems with a customers brand new Citrix Server. I can use it locally but I run into problems over VPN.

    After some searching the net I found this article on Citrix Knowledgebase. It gave a hint on somethin called Session Reliability whish I hadn’t heard of before. I said that I migth get it to work if I turned session reliability of. And what do you know… they where right 🙂

    You can find the setting under Citrix Farm Properties.

    Links:

    Troubleshooting the Citrix XTE Service and Errors