Month: March 2011

ASN1 bad tag value met. 0x8009310

sysop

Question:
I get CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b on IIS 7 and I am unable to install my certificate.

Answer:
This can be a result of IIS placing the certificate in the wrong certificate store or forgetting where it places the private key, in many cases it gets placed in Other People Certificate store for theCurrent User account. Only certificates that are stored in the Personal Section of the Local Computer store can be used in IIS.

Option #1: Repair a damaged certificate.

  1. Open up DOS prompt (cmd.exe)
  2. Type: certutil -repairstore my “THUMBPRINT/SERIALNUMBER”
    Note: Also, sometimes the certificate is not available and needs to be imported in order for this command to work.
  3. Go back into the IIS Manager and re-edit the bindings for this site. (Where you can select the certificate.
    Note: Sometimes, you will get an error, so just ignore the error and try again. When trying again, the certificate may already be selected and nothing else needs to be done.

Option #2: Restore Certificate to the Local Computer Store

  1. Open the Certificate Snap-In from within the MMC (Microsoft Management Console)
    Start -> Run -> Type “mmc” -> File -> Add/Remove Snap-in -> Add -> Certificates
  2. Add Current User account.
    My User Account -> Finish.
  3. Add Local Computer account.
    Computer account -> Local Computer -> Finish.
  4. Close Add Standalone Snap-in.
  5. Click Ok.

    6. Now you should have a screen similar to this:

  6. Drag the certificate that will not install, out of the Other People store and drop it under theLocal Computer -> Personal -> Certificates.

    7. Do not close out of the MMC at this time.

  7. Open up a command prompt.
    Start -> Run -> Type cmd.
  8. Type: certutil -repairstore my “THUMBPRINT_OF_CERTIFICATE”. (with quotes)
  9. You should now have the private key back on the certificate so now open up IIS and assign it to your website.

Kill a stuck print job

sysop

open notepad and paste the following

net stop spooler
del %systemroot%\system32\spool\printers\*.shd
del %systemroot%\system32\spool\printers\*.spl
net start spooler

save it as c:\delprintjobs.cmd

and run it … TADA …. jobs are gone..

Transferring FSMO Roles in Windows Server 2008

sysop

The five FSMO roles are:

  1. Schema Master
  2. Domain Naming Master
  3. Infrastructure Master
  4. Relative ID (RID) Master
  5. PDC Emulator

The FSMO roles are going to be transferred, using the following three MMC snap-ins :

  • Active Directory Schema snap-in : Will be used to transfer the Schema Master role
  • Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role
  • Active Directory Users and Computers snap-in : Will be used to transfer the RID MasterPDC Emulator, and Infrastructure Master roles

Note: The following steps are done on the Windows Server 2008 machine that I intend to set as the roles holder ( transfer the roles to it )

Lets start transferring the FSMO roles.

  • Using Active Directory Schema snap-in to transfer the Schema Master role You have to register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in 
  1. Click StartRun
  2. Type regsvr32 schmmgmt.dll
  3. Click OK A popup message will confirm that schmmgmt.dll was successfully registered. Click OK
  4. Click Start Run, type mmc, then click OK
  5. Click File > then click Add/Remove Snap-in…
  6. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK

  7. Right click Active Directory Schema, then click Change Active Directory Domain Controller…
  8. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role holder and then click on OKYou will receive a message box stating that the schema snap-in is not connected to a schema operations master. That is for sure, as we have not yet set this Windows Server 2008 domain controller as a Schema Master role holder. This will be done in the next step. Click OK
  9. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then click Operations Master…
  10. On the Change Schema Master page, the current schema master role holder will be displayed ( ex. DC.SOMETHING.NET) and the targeted schema holder as well (ex. DC2K8.SOMETHING.NET). Once you click Change, the schema master holder will become 
    DC2K8.SOMETHING.NET     , click Change

    Click Yesto confirm the role transfer

    The role will be transferred and a confirmation message will be displayed. Click OK

    Then click Close, as you can see in the below snapshot, the current schema master is DC2K8.SOMETHING.NET

  • Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role
  1. Click Start Administrative Tools > then click Active Directory Domains and Trusts
  2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller…
  3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain Naming master role holder and then click onOK
  4. Right click Active Directory Domains and Trusts, then click Operations Master…
  5. On the Operations Master page, we are going to change the Domain Naming role holder from DC.SOMETHING.NET to DC2K8.SOMETHING.NET, Click ChangeClick YES to confirm the transfer of the Domain Naming roleThe role will be transferred and a confirmation message will be displayed. Click OK , then click Close


Till now, we have successfully transferred two FSMO roles, the Schema Master role and the Domain Naming role. The last three roles can be transferred using a single Snap-in.

 

  • Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
  1. Click StartAdministrative Tools > then click Active Directory Users and Computers
  2. Right click Active Directory Users and Computers, then click All TasksOperations Master…
  3. You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under each of these three tabs to transfer the roles.Click Yes to confirm the role transferThe role will be transferred and a confirmation message will be displayed. Click OK

    As for the Infrastructure role, once you click on the Change button you will receive the below message

    By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. If your environment is a multi-domain/forest, then you should think about structuring your FSMO roles and transfer the Infrastructure role to a none Global Catalog domain controller. Else if you have small number of domain controllers ( ex. two domain controllers) then you should not worry about this. ClickYes

  4. The Tabs should now look like this:

 

That’s it, by now, you have successfully transferred the five FSMO roles to the Windows Server 2008 Domain Controller.

 

Summary

 

There are five FSMO roles in a forest, to transfer any of these roles you have to use the appropriate Active Directory snap-in.

 

 

Broadband2Go install issues

sysop

What a mess! Spent nearly a full day trying to remedy the 1720 install error. Tech support was no help at all and I must have tried a half-dozen different online suggestions. In the end, it was just a matter of removing the VM drivers through Add/Remove and deleting the Novatel directory in my Program Files. Deleting the directory was the key

Best Apps for Your New iPhone

sysop

So you’ve gotten a new iPhone on Verizon’s network. Mazel tov. For those new to the iPhone ecosystem, you may want to check out our many guides to the various apps available for your new smartphone.

We have dueling iPhone app choices from technology columnist David Pogue and App Smart columnist Bob Tedeschi’s favorite apps, picks from former tech reporter and longtime Apple watcher John Markoff and selections from media columnist David Carr.

Check back often, as our Apps Index is continually updated with apps coverage from all corners of nytimes.com.

For example, Mr. Tedeschi likes:

SOUNDHOUND (FREE AND $5) You’ve probably heard of Shazam, the app that identifies songs. SoundHound is faster, and it offers a broader range of ancillary features. You can hum a tune into the phone and it’ll find the song, look up lyrics and run YouTube videos of song performances. The $5 version lets you identify an unlimited number of songs. Users of the free version get five tags monthly.

HIPSTAMATIC ($2) Scores of photography titles are in the App Store. Many are terrific, but not one matches Hipstamatic’s blend of simplicity, serendipity and art. At heart, the app is a filter that will unpredictably saturate, blur or discolor your images, among other things. The results are always surprising and often stunning. Add packs of lenses and film effects for $1 apiece.

EVERNOTE (FREE) The company advertises this as a personal digital assistant, and it’s an apt description. Evernote is a traveling notepad that synchronizes with desktop and browser software (also free). Use your iPhone to copy an image, take a photo, record a voice memo or jot down a note, and it appears on your computer (and vice versa). It also recognizes your written text, within limits. The free version stores a fair amount of information, but for $45 a year, you needn’t sweat the data limits.

ANGRY BIRDS ($1) A runaway favorite among the iPhone crowd, the app tests your ability to break down the barricades that protect green pigs. The weapon: flightless birds, launched by catapult. No wonder they’re angry. The game is easy to learn, yet challenging to play, with witty touches throughout. You can try a limited free version, but if you do, good luck resisting the paid version, with more than 800 possible scenes.