SQL Server Scheduled Job fails to execute

SQL Server Scheduled Job ‘MessageBox_Message_ManageRefCountLog_BizTalkMsgBoxDb’ (0x9550CE8A82FC08489D1CCDE01A38C057) – Status: Failed – Invoked on: 2016-01-25 15:16:00 – Message: The job failed.  Unable to determine if the owner (DOMAIN\ACCOUNT) of job MessageBox_Message_ManageRefCountLog_BizTalkMsgBoxDb has server access (reason: Could not obtain information about Windows NT group/user DOMAIN\SAACCOUNT, error code 0x5. [SQLSTATE 42000] (Error 15404)).

This is due to the fact that the SQL Server Agent is running under a local account that cannot read the domain account permissions. Change the job to a local account or change the SQL Server Agent Service to a domain account.

Posted in Microsoft General | Tagged , , | Leave a comment

SCCM error 0x87D01201(-2016407039)

When using the Software Center to install new software, the error 0x87D01201(-2016407039) pops up.

Open Control Panel, Configuration Manager. Click on the Cache tab and click on Configure Settings. Afterwards, click on Delete Files. Now try again to install the software from the Software Center.

Posted in Microsoft General, Uncategorized | Tagged | 2 Comments

Setting permissions using ICACLS and PowerShell

 

Although PowerShell offers cmdlets to get access control lists (ACL) and modify then, I found it not that convenient. The ICACLS command can also be used within PowerShell to set permissions. Here are some basic examples how to use ICACLS with PowerShell to set the permissions.

Please note that for PowerShell, the ` token is used before the ( and ) character since PowerShell needs to know that this is character is part of ICACLS and not PowerShell.

/T is used to also apply the permissions to subfolders.

Remove inheritance:

icacls D:\TestFolder /inheritance:d

Full access:

icacls D:\TestFolder /grant domain\username:`(F`) /T

Remove user:

icacls D:\TestFolder /remove:g domain\username /T

Read:

icacls D:\TestFolder /grant domain\username:`(R`) /T

Modify (create/write/delete):

icacls D:\TestFolder /grant domain\username:`(M`) /T

Posted in Microsoft General, Scripts | Tagged , | Leave a comment

What I like about Office 2016

My best combination for years from a productivity perspective: Windows 7 & Office 2010. This allowed me to do everything without any limitations such as not working applications and plugins.

Off course, I had experience with Windows 10 and Office 2013 but I was not convinced that I would benefit from it and become more productive. But this week I finally moved to Windows 10 because… Office 2016 came out and I want to try it. And until now, I really like it.

Here are my favorite features in Office 2016:

  • When moving the slider in the Ruler, it shows a preview.

Great feature that displays how the content will look like when you let go of the mouse button.

  • When navigating (scroll) through the document, the Navigation pane displays the actual location.

The Navigation Pane is a great help navigating through documents, but when you scroll through your document it would not display the actual location in the document unless you clicked somewhere in the content. This has changed that the Navigation Pane focus is displayed when you navigate (scroll) through the document.

TECHLOG50

Posted in Microsoft General | Tagged | Leave a comment

How to use a PKI certificate with Tomcat

In this blog post I am going to set-up secure access to a web application running on Tomcat (on Windows 2012 R2) by using a certificate from an internal PKI.

I am going to use KeyStore Explorer 1.1 (mirror) for the creation and modification of the KeyStore. This GUI tool makes it easier than the command line.

Use the PastBin URL to copy and paste the code in the correct format.

Install KeyStore Explorer 1.1

Note: Since KeyStore explorer needs Java, the easiest is to install it on the Tomcat server.

 
Start KeyStore Explorer  
In KeyStore Explorer, click on Create a new KeyStore
image
Select JKS and click Ok
image

Click on Generate Key Pair
image
Leave the default values and click Ok
image
 
image
Change the period that the certificate is valid and click on the Book icon
image
Enter the correct information for your environment.

Make sure the CN name is the same name that end-users are going to use to access the application.

Click Ok


image
The name field is now filled, click Ok
image
Enter an alias for the Key Pair
image
Enter a password for the Key Pair.

Save the password for later use!


image
 
image
Right click on the Key Pair and select Generate CSR

image
Change the location of the CSR file and click OK
image
 
image
Give the CSR file to your PKI administrator to generate a CER file.
image
When you have received the CER file, right click on the Key Pair and select Import CA Reply

Select the CER file and click Ok


image
 
image
Next, import both the root certificate and the intermediate certificate of your PKI.

Click on Import Trusted Certificate and select the root or intermediate certificate


image
Use the name inter for your Intermediate certificate
image
Use the name root for your root certificate
image
Successfully added the root and intermediate certificates.
image
Now the file looks like this:

Note: The certificate from the PKI infrastructure is not separately added. It is only used to sign the private key.


image
Save the file (.jks) in a Tomcat directory, I prefer the Conf folder.
image
Open Server.xml from the Tomcat Conf directory and add:

<Connector port=”443″ maxThreads=”150″ scheme=”https” secure=”true”
SSLEnabled=”true” keystoreFile=”conf/contoso_keystore” keystorePass=”<password>keyAlias=”mysite.contoso.com
clientAuth=”false” sslProtocol=”TLS”/>

 

Change the red values.

First is the filename of your KeyStore in the Conf directory

Second is your KeyStore password

Third is the name of your KeyPair in the KeyStore.

 

PasteBin URL
Save the Server.xml file and restart Tomcat.  
Go to https://yoursite/application to view the secure contents.  

 

If you encounter any issues, please check the following:

1. You need to sign the private key in your Keystore with the certificate from your PKI.

Only adding the Certificate to your Keystore is not enough!

2. You need to point to the correct KeyStore file in Server.xml.

3. The keyAlias should point to the Private key and not to the root, intermediate or the PKI certificate (if added)

3. If you change the port number, make sure it is not in use by any other process on the system or by an other connector port in the Tomcat configuration (Server.xml).

4. Check the catalina log in the Logs directory of Tomcat for more information if there are any errors.

5. If you receive the error: Connector attribute SSLCertificateFile must be defined when using SSL with APR in Catalina.log, then comment out line 27 in Server.xml. That line states:

<Listener className=”org.apache.catalina.core.AprLifecycleListener” SSLEngine=”on” />

Result:

image

 

Redirect traffic from port 80 to 443

Now that the server is running on port 443, traffic coming in from port 80 should be redirected to port 443 to use HTTPS.

Open Server.xml from the Tomcat Conf directory and verify that the port 80 connector contains redirectPort=”443”.

<Connector port=”80″ protocol=”HTTP/1.1″          connectionTimeout=”20000″
redirectPort=”443″ />

>

image

PasteBin URL

Open Web.xml from the Conf folder and add:

    <security-constraint>
<web-resource-collection>
<web-resource-name>Protected Context</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>

image

PasteBin URL

Save the file and restart Tomcat  

 

Redirect the default homepage to the web application

Now that the web application is secure and port 80 is redirected to port 443 it is time to replace the default website.

image

Create a new HTML file with the content:

<html>

<head>
<meta http-equiv=”refresh” content=”0;URL=https://site/application”>
</head>

<body>
</body>

</html>

PasteBin URL
Save the file in the Tomcat folder \webapps\ROOT\  
Restart TomCat, when opening http://server the user is redirected to https://server/application  
Posted in Microsoft General | Tagged , , | Leave a comment

HTTP Error 404.17 – Not found

 

HTTP Error 404.17 – Not found

The requested content appears to be script and will not be served by the static file handler.

 

SNAGHTMLee88a

 

1.Install ASP.NET
2.Enable ASP.NET in IIS under ISAPI and CGI restrictions

 

image

 

TECHLOG50

Posted in Microsoft General | Tagged , , | Leave a comment