Enterprise Vault - This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.

Orait.. Let's talk about Enterprise Vault Outlook Plugin again... The project that I involved requires a few versions jump - from EV ver 9 to EV ver 12. The planning was to upgrade Plugin to version 12 first, followed by servers upgrade. According to EV Compatibility List ( https://www.veritas.com/support/en_US/article.000097605 ), the plugin will be supported if the server is either the same version(n), n-1 or n+1. 

Now back to the issue. Due to version incompatibility between the plugin and the server, during my testing, there was an information box appeared whenever I opened my MS Outlook, as documented below.


Issue :

Received below error after upgrading EV Outlook Plugin from version 9 to version 12 (where the EV server was still at ver 9).

This version of the Enterprise Vault Outlook Add-In is not compatible with the Enterprise Vault server version.

Contact your Help Desk for details of how to resolve the issue.

At the same time, the Enterprise Vault plugin was missing :

Before EV Plugin upgrade :

Read More

Enterprise Vault Outlook Plugin - Location is not valid. Choose a different installation location.

I was part of a project to upgrade Enterprise Vault system - my task was to ensure the Enterprise Vault Outlook plugin is properly deployed to Outlook clients. However, during my testing to install Enterprise Vault Outlook Plugin ver 12, I faced an issue as below :

Location is not valid. Choose a different installation location. 

No logs, just a warning. 


Thererfore, I performed some troubleshoting, which leads to the resoluton.


Issue : 
Unable to install Enterprise Vault Outlook Plugin version 12 - error : Location is not valid. Choose a different installation location. 



Troubleshooting

1.  Normal EV Outlook plugin installation won’t produce any log. Therefore, for troubleshooting purpose (which then be used during automation), the installer executed with MSIEXEC command :
   
   msiexec /i "C:\temp\EVOutlookClient\Veritas Enterprise Vault Outlook Add-in (x86).msi" /qn /norestart /l* C:\temp\EV12Installation.log
   
   
2.  Based on the log, these error (marked in yellow) captured
   
   
   

   Action ended 12:44:38: Set_TARGETDIR. Return value 1.Action 12:44:38: DiscoverUserProfileFolders.
   Action start 12:44:38: DiscoverUserProfileFolders.DiscoverUserProfileFolders:  Initialized.DiscoverUserProfileFolders:  GetRegKeyChildren : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\ for childrenDiscoverUserProfileFolders:  GetRegKeyChildren : ENDDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-18 and path %systemroot%\system32\config\systemprofileDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-19 and path C:\Windows\ServiceProfiles\LocalServiceDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-20 and path C:\Windows\ServiceProfiles\NetworkServiceDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-2401 for value ProfileImagePathDiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-21-2058597364-130651613-2805778835-2401 and path C:\Users\.zHISclientDiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26805 for value ProfileImagePathDiscoverUserProfileFolders:  Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders:  ReadRegistry : ENDDiscoverUserProfileFolders:  Found profile with SID S-1-5-21-2058597364-130651613-2805778835-26805 and path
   DiscoverUserProfileFolders:  ReadRegistry : BEGINDiscoverUserProfileFolders:  Reading Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2058597364-130651613-2805778835-26814 for value ProfileImagePathDiscoverUserProfileFolders:  Error 0x2: RegQueryValueEx failed to read ProfileImagePath with error 2DiscoverUserProfileFolders:  ReadRegistry : END

   
   
3.  Check on Registry Editor (REGEDIT) under HKLM\ Software\Microsoft\Windows NT\CurrentVersion\ProfileList, there are some registry keys which do not point to any profiles. It is most likely the profiles have been improperly deleted before this.
   
   Example of Registry Key Which Ties to User Profile : 
   
   
   
   Registry Key Which Not Ties to Any User Profile
   
   
   

 

Resolution :

1.  Either, look for the keys one by one and delete them, or 
   
2.  Run below script
   

On Error Resume Next
Const HKEY_LOCAL_MACHINE = &H80000002
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objRegistry=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:StdRegProv")
strProfileListKeyPath = "Software\Microsoft\Windows NT\CurrentVersion\ProfileList"
objRegistry.EnumKey HKEY_LOCAL_MACHINE, strProfileListKeyPath, arrProfileList
For intCurrentSID = 0 To UBound(arrProfileList)
objRegistry.GetStringValue HKEY_LOCAL_MACHINE,strProfileListKeyPath & "\" & arrProfileList(intCurrentSID),"ProfileImagePath",strProfileImagePath
If Not (objFSO.FolderExists (strProfileImagePath)) Then
DeleteRegEntry  HKEY_LOCAL_MACHINE, strProfileListKeyPath & "\" & arrProfileList(intCurrentSID)
End If
Next

Function DeleteRegEntry(sHive, sEnumPath)
' Attempt to delete key.  If it fails, start the subkey
' enumration process.
lRC = objRegistry.DeleteKey(sHive, sEnumPath)
' The deletion failed, start deleting subkeys.
If (lRC <> 0) Then
' Subkey Enumerator
   On Error Resume Next
   lRC = objRegistry.EnumKey(HKEY_LOCAL_MACHINE, sEnumPath, sNames)
   For Each sKeyName In sNames
      If Err.Number <> 0 Then Exit For
      lRC = DeleteRegEntry(sHive, sEnumPath & "\" & sKeyName)
   Next
   On Error Goto 0
' At this point we should have looped through all subkeys, trying
' to delete the registry key again.
   lRC = objRegistry.DeleteKey(sHive, sEnumPath)
End If
End Function

 

Read More

Change Internet Explorer Connections Settings from Registry

Okay, I seriously thought I already have this post uploaded in this blog, but it turned out I was wrong. I have kept this for a long time, and it helped me a numbers of times already so I reckon it will help others as well.

IE Connections. There are a few settings we can configured in IE Connections Settings such as :

• Automatically detect settings 
• Use automatic configuration script 
• Use a proxy server 
• Bypass proxy server for local addresses 
• Use different proxy servers for different protocols 
• Proxy server exception. 

For this post, I will list registry keys positions for each setting.


Objective : Grey-Out / Not-Grey-Out Automatic Configuration
Location :

• Hive : HKCU
• Key : Software\Policies\Microsoft\Internet Explorer\Control Panel\
• Value Name : AutoConfig
• Value Type : DWORD

Value Data : 0

Result : Not-Greyed-Out, settings for Automatically detect settings & Use automatic configuration script can be changed.

Value Data : 1

Result : Greyed-Out, settings for Automatically detect settings & Use automatic configuration script cannot be changed

Objective : Checked / Unchecked Automatically detect settings

Location :

• Hive : HKCU
• Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings\
• Value Name : AutoDetect
• Value Type : DWORD

Value Data : 0

Result : unchecked

Value Data : 1

Result : checked

Objective : Enable / Disable Use automatic configuration script

Location :

• Hive : HKCU
• Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name : AutoConfigURL
• Value Type : REG_SZ

Value Data : <Config URL>

Result : Config URL configured

Objective : Grey-out / un-grey-out Option to use proxy server

Location :

• Hive : HKCU
• Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name : ProxyEnable
• Value Type : REG_DWORD

Value Data : 0

Result : option to use a proxy server for your LAN is un-checked, box to put proxy server and port disabled, Advanced box disabled, option to bypass prosxy server disabled

Value Data : 1

Result : option to use a proxy server for your LAN is checked, box to put proxy server and port enabled, Advanced box enabled, option to bypass prosxy server enabled

Objective : Set Proxy Server

Location :

• Hive : HKCU
• Key : Software\Microsoft\Windows\CurrentVersion\Internet Settings
• Value Name : ProxyServer
• Value Type : REG_SZ

Value Data : ProxyName:port

Result :

Read More

Suppress Adobe Product Improvement Program Pop-Up by Using Microsoft Group Policy Preference or AppSense Environment Manager

I implemented this a few years back, when I needed to eliminate any unneeded pop-up to my users. In this case, it was for Adobe Reader. Newly created profiles will have this automatically pop-up when they launched Adobe Reader  for the first time.

Adobe Product Improvement Program - Help Improve the Adobe Reader Experience.

The screen also can be triggered by going to Help | Improvement Program Options...

These steps will help to disable the Improvement Program Options menu, and consequently suppress the pop-up. Note that it requires registry editing, so be extremely careful. Note that the steps mentioned are for Adobe Reader 11. If oy used different version, ensure your key path refers to correct version (SOFTWARE\Policies\Adobe\Acrobat Reader\11.0)

Using GPP : 

1.  Launch GPMC, and go to target GPO.  Edit the policy, and navigate to Computer Configuration | Preference | Windows Settings | Registry, right click at Registry, hover to New and click at Registry Item
   
   
   
   
   
2.  Ensure Hive is changed to HKEY_LOCAL_MACHINE
   
   
   
3. Use below info to fill up the form :
   Key Path : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
   Value Name : bUsageMeasurement
   Value Type : REG_DWORD
   Value Data : 0
   Base : Decimal
   
   
   
   
4.  Reboot the target machine. Once it is up, log in to computer, and launch Adobe Reader. No Improvement Program pop-up appeared, and Improvement Program Options... is no longer listed  in Help menu.
   
    

Using AppSense Environment Manager : 

1. Launch AppSense Environment Manager, right click at Process Started | choose Node
   
   
   
   
2.  Change the information for Condition and Match accordingly, then click OK
   Condition : Equal to
   Match : AcroRd32.exe
   
   
   
   
3. At workspace on the right side, right click at the Process condition, and navigate to Conditions | Registry | and choose Registry Value Exists. This step is to check whether the needed value is existed or not.
   
   
   
4. Fill up all needed info by following below information :
   Hive : HKEY_LOCAL_MACHINE
   Key : SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown
   Value Name : bUsageMeasurement
   Value Type : REG_DWORD
   Comparison : Not Equal To
   Value Data : 0
   Base : Decimal
   
   
   
   
5. You may also want to give a bit of description and notes to the setting. Select OK.
   
   
   
   
6.  This is the outcomes, so far.
   
   
   

Read More

Change Location of User Profile Folders in Registry

I love to move my Windows profile folders from common, Microsoft-preset folders to my desired folders. And occasionally, out of stupidity, I mistakenly deleted the active folders, rather than the previous folders, which resulting to below error :

<Path> refers to a location that is unavailable. It could be on a hard drive on this computer, or on a network. Check to make sure that the disk is properly inserted, or that you are connected to the Internet or your network, and then try again. If it still cannot be located, the information might have been moved to a different location.

As always, it is not hard to resolve this issue. However, it involves registry changes, therefore do it cautiously.

1.  Open regedit
   
   
   
2.  navigate to HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
   
   
   
3.  There are 2 parts here : 
   • Shell Folders
   • User Shell Folders
   Shell Folders is designed to be used by Windows NT and earlier. It is necessary not to delete this folder.
   
   

Read More

Citrix Group Policy Management Console

It is a common practice to have a management server, with most (if not all) consoles installed on it. the purpose of this practice are to consolidate the management consoles into centralized servers, and reduce un-needed resources utilization on target servers (e.g : SQL, AppSense, Citrix Delivery Controller, VMware vCenter). 

One component that I love to have in my management server is Citrix GPMC. I prefer to configure my Citrix policies via GPO, rather than Citrix Policies. One main reason is to consolidate all policies into a single, centralized location. 


This is what you can see from AD server or normal servers/machines without Citrix GPMC installed / enabled.

This is what you can see from Citrix servers with GPMC installed / enabled.

Now, how to install Citrix GPMC : 

1.  Download the installers from here :
   
   x86 : http://support.citrix.com/article/CTX142463#download
   
   x64 : http://support.citrix.com/article/CTX142464#download
   
   
2.  Right click at the installer, and click Install (or just double click at it).
   
   
   
3.  Preparing to install..
   
   
   
4.  Accept the agreement, and click Install
   
   
   
5.  Installing...
   
   
   
6.  Done, click Finish.
   
   
   
7.  Launch Group Policy Management, and Edit any GPO
   
   
   
8.  Now we can see Citrix Policies available in GPO.
   
   

Read More

Configure HTTPS authentication to CA Server

In previous post, I demonstrated steps to install a Certificate Authority server as well as enabling Web enrollment. All good so far. However, when we tried to proceed with web enrollment, below message box appeared :

In order to complete certificate enrollment, the Web site for the CA must be configured to use HTTPS authentication.

To make it worst (not really), if we tried to access to the web page by using HTTPS, no page can be displayed. 

Luckily, Microsoft has compiled all needed steps on how to get it resolved, as posted here.

Implementing SSL on a Web site in the domain with an Enterprise CA
The following example will assume that you have an Enterprise CA from which to issue certificates. Further, the assumption is that you have a Certification Authority Web Enrollment pages installed, either on that CA or on another computer in the domain. This example will walk through the steps necessary to do the following:

1. Configure an appropriate certificate template for SSL certificates.
2. Obtain a certificate for IIS using the certificate template
3. Configure the HTTPS on the Default Web Site
4. Connect to the HTTPS location for certificate enrollment

So, let's start with those steps.

1) Configure an appropriate certificate template for SSL certificates.

1.  Launch Certificate Authority Console
   
   
   
2.  Right click Certificate Templates | Manage
   
   
   
3.  Certificate Templates Console will launch. Look for Web Server template, right click at it, and choose Duplicate Template
   
   
   
4.  At Compatibility tab, you may want to maintain or change the settings depending on the environment.
   
   
   
5.   Go to General tab, and change the name of the template to reflect correct usage. Change the certificate validity and renewal period if needed.
   
   
   
6.  Go to Security tab, add 2 information :
   • User/Group Accounts which will be used in enrollment
   • Computer accounts which require ability to enroll
   
   
   
   
   
   
   
7.   Go to Cryptography tab, make changes if needed. Once all good, click Apply then OK.
   
   
   
8.  New template created. Close the Certificate Templates Console.
   
   
   
9. At Certificate Authority Console, right click at Certificate Templates | New | Certificate Template to Issue. Find the newly created certificate templates, click on it, then click OK.
   
   
   
    

2) Obtain a certificate for IIS using the certificate template

1.  Launch MMC console
   
   
   
2.  Go to File | Add/Remove Snap-in...
   
   
   
3.  Click at Certificate | Add >
   
   
   
   
4.  Choose Computer account, and click Next >
   
   
   
5.  Choose Local computer, then click Finish.
   
   
   
6.  Click OK.
   
   
   
7.  Expand certificate (Local Computer) | right click at Personal | Choose All Tasks | click at Request New Certificate
   
   
   
8.  click Next.
   
   
   
9.  Select Active Directory Enrollment Policy, then click next
   
   
   
10. Click at ' More information is required to enroll for this certificate. Click here to configure settings. ' (coloured in blue).
    
    
    
11.  We need to configure who will receive the certificate. In this case, the rootCA server. At Subject tab, at Subject name box, change the type to Common name, put in the value, and click Add >. Once done, click Apply then OK.
    
    
    
12.  Click enroll.
    
    
    
13.  Enrolling
    
    
    
14.  Click Finish.
    
    

3) Configure the HTTPS on the Default Web Site

1.  Launch IIS Manager
   
   
   
2.  Navigate to Default Web Site (or if you have more, choose appropriately).
   
   
   
3.  At Action column, click at Bindings...
   
   
   
   
4.  Click at https, and click at Edit...
   
   
   
5.  Change the SSL certificate to correct certificate (you can press View... to check to whom certificate is being issued)
   
   
   
   
   
   
6.  Click OK.
   
   
   
7.  Click Close.
   
   

4) Connect to the HTTPS location for certificate enrollment

1.  launch the web enrollment with HTTPS. UID required, access the web using ID which previously configured.
   
   
   
2.  This page will appeared if you try to access using unauthorized user ID.
   
   
   
3.  Website launched successfully with HTTPS.

Read More