Skip to content

Microsoft Office Troubleshooting

Recently, I was asked to talk with our Help Line staff about strategies for troubleshooting problems with Microsoft Office. I spent some time addressing the activation issues relating specifically Office 2010, which I wrote up in a separate post.

The most important point I want to make about general Office troubleshooting is that reinstalling office will rarely fix a problem. Office will kick-off a repair operation automatically if it detects problems with core Office files. Application, heal thyself.

More importantly, a repair operation or uninstall/reinstall process will refresh Office program components, but it won’t touch templates, user and system specific registry information, and add-ins that are the most frequent cause of problems.

Safe mode

The first step in troubleshooting should be to start the application in safe mode. Most versions of Office applications support a safe mode, which doesn’t load templates, registry info, and add-ins. This step quickly determines whether the problem lies with Office itself or elsewhere.

Invoking Office safe mode is as easy as adding the command-line parameter /safe. Usually, I open the Run window (WindowsKey+R), and type the name of the office executable and add the /safe parameter. If you don’t know the executable name, you can find it with the browse button, and then add the parameter at the end:

office14-safemode-run

If the app doesn’t start, then you probably do need to perform a Repair installation. If the application starts successfully (sometimes without opening a document in safe mode), then you know that the core office files are fine, and a reinstall isn’t likely to help.

Continue Reading »

Posted 10 December 2010 Geoff § Guides § Posts Comments (0) ° Tagged: , ,

Troubleshooting Office 2010 Activation

Microsoft Office 2010 volume license edition use the Volume License 2.0 mechanisms to manage activation. Office 2010 will activate against our campus Key Management Service (KMS), without user intervention, in a manner similar to Windows Vista and Windows 7.

Occasionally, the activation process doesn’t work. Problems are usually related to network communication with the KMS. Below are some steps to identify and resolve problems that might occur during activation.

Gather Information.

Gathering data is essential to fixing problems. If you ask me (or other IT staff) for help with Office 2010 activation, the first thing I will ask from you is the output of the commands in the steps below.

There are a few steps that will make it easy to collect all the output of your troubleshooting steps.

  • Open an elevated Command Prompt (Run As Administrator)
  • Change the Properties of the command prompt window to increase the Screen Buffer height to, say, 3000 lines. This will prevent you losing earlier steps as the lines scroll off the screen.
  • Run cscript /h:cscript, which changes the default script host to cscript, so that output will go to the command prompt instead of a pop-up dialog box.

When you are ready to copy the text from the command prompt, right-click the title bar of the window, select Edit > Select All, and then Control-C to Copy the text to the clipboard. Then you can paste the text to any place you want; a webmail message, a footprint entry, or a text file in notepad.

Continue Reading »

Posted 07 December 2010 Geoff § Guides § Posts Comments (3) ° Tagged: , ,

Powershell Join-String function

Update: better yet, read about the -Join and -Split PowerShell operators. Live and learn.
—Geoff

Something I’ve found myself missing in PowerShell is a function to combing the elements of a list with a given separator, like Perl’s join() function. I finally got annoyed enought to write one. It seems to do what I want, so I’m going to add it to my profile.

Here it is in action:

PS C:\> $array = 3.14,'Puppy',$false,'','Green',$null,'foo'
PS C:\> $array | Join-String
3.14,Puppy,False,,Green,,foo
PS C:\> $array | Join-String -collapse
3.14,Puppy,Green,foo
PS C:\> $array | Join-String -collapse ' - '
3.14 - Puppy - Green - foo

Here’s the code:

# Join-String - A simple pipeline-oriented function to
# concatenate a bunch of strings together with a separator
# Geoffrey.Duke@uvm.edu  Wed 11/17/2010 

function Join-String
(   [string] $separator = ',',
    [switch] $Collapse )
{ 

begin {
    [string] $string = '';
    $first  =  $true;
}

process {
    foreach ( $element in $_ ) {
        #Skip blank elements if -Collapse is specified
        if ( $Collapse -and ($element -eq '' -or $element -eq $null ) ) {
            continue
        }

        if ($first) {
            $string = $_
            $first  = $false
        }
        else {
            $string += $separator + $element -as [string]
        }
    }
}

end {
    $string
}

}

If you have a notion for how it could be improved, please comment.

Posted 17 November 2010 Geoff § Posts Comments (0) ° Tagged: ,

Event data mining with PowerShell

On Server 2008 and 2008 R2, if your Domain Controllers aren’t configured to require LDAP signing and disallow simple LDAP binds in plaintext, Active Directory Domain Services logs a warning event on startup, and summary events every 24 hours.

A couple weeks ago, I followed the recommendation to enable logging of unsigned and plaintext LDAP authentication requests. Setting the LDAP Interface Events value to 2 generates a Directory Services event 2889 for each connection.

Now I want to do some analysis of the collected events. The event structure puts the important details, namely the client name and IP address, in the big description text field. It looks like this:

Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 11/3/2010 11:46:38 AM
Event ID: 2889
Task Category: LDAP Interface
Level: Information
Keywords: Classic
User: ANONYMOUS LOGON
Computer: CDC01.campus.ad.uvm.edu
Description:
The following client performed a SASL (Negotiate/Kerberos/NTLM/Digest) LDAP bind without requesting signing (integrity verification), or performed a simple bind over a cleartext (non-SSL/TLS-encrypted) LDAP connection.

Client IP address:
132.198.124.202:53298
Identity the client attempted to authenticate as:
CAMPUS\myhost0256BB4$

Previously, I’ve exported the logs to CSV format, then used Excel and some text-mangling functions to pull out the important details. But I noted that the two important values were nicely separated in the XML representation of the event:

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS LDAP" />
    <EventID Qualifiers="16384">2889</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>16</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8080000000000000</Keywords>
    <TimeCreated SystemTime="2010-11-03T15:46:38.219250600Z" />
    <EventRecordID>122013</EventRecordID>
    <Correlation />
    <Execution ProcessID="512" ThreadID="3396" />
    <Channel>Directory Service</Channel>
    <Computer>CDC01.campus.ad.uvm.edu</Computer>
    <Security UserID="S-1-5-7" />
  </System>
  <EventData>
    <Data>132.198.124.202:53298</Data>
    <Data>CAMPUS\myhost0256BB4$</Data>
  </EventData>
</Event>

Continue Reading »

Posted 03 November 2010 Geoff § Posts § worklog Comments (0) ° Tagged: , , ,

Compiling OpenSSL for Win x64

I’m upgrading the components of the user provisioning system I built. Previously, I used ActiveState Perl and the UWinnipeg PPM repository to get the Net::LDAPS stack working.

This time, though, I decided I wanted to use the native architecture of my Server 2008 R2 systems. I am using the Perl64 install from ActiveState, but I have to build my own SSL libraries (and maybe roll up PPMs for the needed perl mods).

I just compiled OpenSSL for x64 (amd64), mostly following the instructions in the INSTALL.W64 and INSTALL.W32 documents. I’m blogging the step for my future reference:

  1. Open a VS x64 Win64 Command Prompt and navigate to the source directory
  2. perl Configure VC-WIN64A –prefix=c:\local\openssl
  3. ms\do_win64a.bat
  4. nmake -f ms\ntdll.mak
  5. nmake -f ms\ntdll.mak test (all tests passed)
  6. nmake -f ms\ntdll.mak install

Running the openssl command succeeds:

C:\local\openssl\bin>openssl version
  OpenSSL 1.0.0a 1 Jun 2010
Posted 20 September 2010 Geoff § Posts Comments (1) ° Tagged: ,

Network Policy Service error – eventid 4402

I’ve been working on deploying a load-balanced Remote Desktop Gateway service. I deployed the first farm member, then cloned it to create a second member. The second member was throwing Error events, which has the description "There is no domain controller available for domain CAMPUS."

Now, I know that the domain controllers are up and available. I remembered having fixed this at some point with the Terminal Services Gateway box I set up originally.

Google pointed be to a technet blog entry describing the solution(s).

nps-error-fix

When I selected Register server in Active Directory, I received an error because the account I was using didn’t have rights to modify the the AD objects. And that explains why this system as having the problem: when I joined the cloned system to the domain, I was not using a domain admin account.

I logged back in as a domain admin and reran the registration step. Done, and blogged for my future reference.

Posted 17 September 2010 Geoff § Posts Comments (0) ° Tagged: , ,

My favorite Mac video

[contains some adult language : f-word]

Posted 15 September 2010 Geoff § Posts Comments (0) ° Tagged: , ,

Server 2008 R2 DNS client issues

We use BIND for our DNS, and allow certain systems to perform dynamic DNS registration. This arrangement has worked well for years. When I started deploying Server 2008 R2, I noticed that they weren’t registering PTR records.

At the same time, I noticed a bunch of errors that seemed to indicate that Dynamic DNS wasn’t working at all. It turns out this is a false error, due to the differently formatted, but still correct, success message returned by the BIND DNS. (see KB977158 for details)

After spending lots of time doing packet captures (thanks for your help, Sam!), I opened an issue with Microsoft. After collecting a few traces to analyze, they determined that the same differently formatted success message was responsible.

I installed the KB977158 hotfix, and now my Server 2008 R2 hosts are successfully registering their PTR records.

Posted 18 June 2010 Geoff § Posts Comments (0) ° Tagged: ,

PowerShell – find a free IP

Since we don’t use DHCP in our server subnets, I frequently have to locate free IP addresses when deploying a server. I remembered reading a TechNet Magazine article by Don Jones that used the PowerShell PROCESS block and the Win32_PingStatus WMI class in a sample script.

I took that and rewrote the function a little:

function Ping-Address {
  PROCESS {
    $ping = 'unreachable'
    $formatstring = "{0,-15}  {1,-12} {2}"
    $queryString  = "SELECT * FROM Win32_PingStatus"
    $queryString += " WHERE Address = '$_' AND"
    $queryString += " ResolveAddressNames = $true"
    $results = Get-WmiObject -query $queryString

    foreach ($result in $results) {
      if ($results.StatusCode -eq 0) {
        $ping = 'ping!'
      }
    }
    $formatstring -f $_,$ping,$results.ProtocolAddressResolved
   }
}

I can then use this function like so:

PS Z:\> (14..20) | %{ '132.198.59.'+ $_.ToString()} | Ping-Address
132.198.59.14    ping!        132.198.59.14
132.198.59.15    ping!        132.198.59.15
132.198.59.16    ping!        xxxxxxx.campus.ad.uvm.edu
132.198.59.17    ping!        xxxxxxx.uvm.edu
132.198.59.18    unreachable
132.198.59.19    ping!        xxxx.uvm.edu
132.198.59.20    unreachable

I’ve already used it a bunch of times. I think I will probably grow this into a real script, taking the IP address range info as parameters. Another day…

Posted 27 May 2010 Geoff § Posts Comments (0) ° Tagged: ,

2008 R2 DCDIAG errors with NIC teaming

I’m in the process of deploying a couple new Server 2008 R2 domain controllers. I’m using two IBM blades, each having a pair of Broadcom NICs that I configured in fault-tolerance teams.

In trying to verify the configuration of one of the DCs, I used the command:

dcdiag /test:dns

The output surprised me:

Starting test: Connectivity
    Message 0x621 not found.
    Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
    ......................... CDC01 failed test Connectivity

I ran the command from a Server 2008 Sp2 (not R2) host:

dcdiag /s:cdc01 /test:dns

The test passed without error. Strange. I verified firewall and DNS. Then turned to the hivemind. This post shows similar behavior. This post on the TechNet forums identified the NIC Team as a probable source, and a contributor referenced a hotfix KB978387 for a bug in dcdiag on Server 2008 R2 on systems with NIC Teams.

Installed and now the test passes:

Starting test: Connectivity
   ......................... CDC01 passed test Connectivity

I spent much of my day working on this, and on tracking the connections to AD by clients using unsigned SASL binds or LDAP simple binds without an encrypted connection.

Posted 26 May 2010 Geoff § Posts Comments (1) ° Tagged: , ,