If you support clients who have vendor apps (Kronos) that use a specific version of Java you'll want to read this to automate the install of the client on all workstation and prevent the version from being updated. I have found this very useful!
Use Group Policy to Distribute JRE With Its Automatic Update Feature Disabled
Friday, May 7, 2010
Friday, April 23, 2010
Reset BES 5 BAS admin password
Use the following SQL script to add a user called admin to your Blackberry Enterprise Server (works with Express, too) version 5.x. Password is blackberry.
/*+---------------------------------------------------------------------------
* Support Script: BASAuthentication.sql
* Created: 07/09/2009
* Tracked via :
* Description: The script performs a stored procedure to create or edit
* the BAS administrator user account. (admin)
*
* Instructions for running script:
* 1. Backup database
* 2. Edit items under the editing section. (By default none required)
* 3. Run the script on the BES configuration database
*+--------------------------------------------------------------------------*/
DECLARE
@DisplayName VARCHAR(256),
@Authentication VARCHAR(256),
@AuthenticatorTypeId INT,
@AuthenticatorInstanceId INT,
@ExternalAuthenticatorId VARCHAR(255),
@EncryptedPassword VARCHAR(256)
/************************************************************
Start of editing required section
*************************************************************/
SET @DisplayName = 'System Administrator' -- Display name (Not always used)
SET @Authentication = 'BAS' -- 'BAS' for BAS authentication
SET @EncryptedPassword = '2951a982f568f15567b7c6e0e50990b9' -- Encrypted string of password 'blackberry'
/************************************************************
End of editing required section
*************************************************************/
IF @Authentication LIKE 'BAS'
BEGIN
SET @AuthenticatorTypeId = 0 -- Set to 0 for BAS
SET @AuthenticatorInstanceId = 0 -- Set to 0 for BAS
SET @ExternalAuthenticatorId = NULL
EXEC SetUpBASorADAuthentication @DisplayName, @AuthenticatorTypeId, @AuthenticatorInstanceId, @ExternalAuthenticatorId, @EncryptedPassword
END
GO
Wednesday, April 14, 2010
Windows Update fails with 8000FFFF
This is reposted from Brad Rutkowski's Blog because it is a very good solution!
Quick Solution: Check the permissions on the root of C: and ensure that BUILTIN\Users have Read access.
Quick Solution: Check the permissions on the root of C: and ensure that BUILTIN\Users have Read access.
Long Story:
8000FFFF == E_UNEXPECTED, not very helpful…
Had a client where windows update was continually failing with the error code 8000FFFF. When looking in the Windows Update log we’d see errors like this:
WARNING: PTError: 0x80248014
Handler FATAL: CBS called Error with 0x8000ffff, <— Checked the CBS.log file but that didn’t give any clues.
Handler FATAL: Error source is 106.
DnldMgr Error 0x8000ffff occurred while downloading update; notifying dependent calls.
AU # WARNING: Download failed, error = 0x8000FFFF
AU # WARNING: Download failed, error = 0x8000FFFF
AU WARNING: BeginInteractiveInstall failed, error = 0x8024000C
CltUI WARNING: AU directive Interactive Progress is exiting due to error 8024000C
And in the event viewer upon each run we’d see these events:
Log Name: Application
Source: ESENT
Date: 7/2/2008 3:05:16 PM
Event ID: 491
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: XXXX
Description:
Catalog Database (1560) Catalog Database: An attempt to determine the minimum I/O block size for the volume "C:\" containing "C:\Windows\system32\CatRoot2\" failed with system error 5 (0x00000005): "Access is denied. ". The operation will fail with error -1032 (0xfffffbf8).
Log Name: Application
Source: Microsoft-Windows-CAPI2
Date: 7/2/2008 3:05:16 PM
Event ID: 257
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXX
Description:
The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -1032.
After seeing this data I did a stare and compare between my root permissions and his and found that he’d modified the c:\ permissions on his system:
His machine:
c:\temp\xcacls c:
C:\ NT AUTHORITY\SYSTEM:(OI)(CI)F
BUILTIN\Administrators:(OI)(CI)F
Mine:
C:\>xcacls c:\
c:\ BUILTIN\Administrators:F
BUILTIN\Administrators:(OI)(CI)(IO)F
NT AUTHORITY\SYSTEM:F
NT AUTHORITY\SYSTEM:(OI)(CI)(IO)F
BUILTIN\Users:(OI)(CI)R <— This is the key one missing that was causing the headache.
NT AUTHORITY\Authenticated Users:(OI)(CI)(IO)C
NT AUTHORITY\Authenticated Users:(special access:)
FILE_APPEND_DATA
The Cryptographic Services runs under “Network Service” which would require Users to have read access. I added BUILTIN\Users with read access to C and all worked again.
Hopefully this post will guide others with similar issues to the solution quickly.
Subscribe to:
Posts (Atom)