Alexander’s Blog

SharePoint Server 2010 uses several regional settings, such as Locale, Sort order, Time zone, Calendar, Time format and Currency. Here’s a description of these settings.

Locale: The Locale setting controls numbering, sorting, calendar, and date and time formatting for the Web site.

Sort order: This option controls the sort order for lists and libraries.

Time zone: The Time zone setting lets you select the time zone that is appropriate for your location, such as Eastern Time zone.

Calendar: This option lets you select the type of calendar you want to use. For example, in United States we use the Gregorian calendar. In Japan you may use Japanese Emperor Era calendar.

Work Week: You can define the work week for your calendar, such as Monday through Friday.

Time Format: You can select from 12 Hour or 24 Hour format. For example, the military uses 24 Hour format.

Currency: You can also set your currency settings, which are configured on the Create Column page when you are working with lists. Technically, Currency is not a regional setting but because it is tied with the regional settings it is often considered a regional setting. The default value of the currency depends on the locale that you specify in your regional settings.

There are three places where you can configure the regional settings in SharePoint Server 2010. Let’s take a closer look at these settings.

1. Web Application level (requires access to Central Administration).
2. Site level (requires Site Administrator permissions).
3. User level.

Web Application Level

1. Go to Central Administration -> Application Management -> Manage web applications.
2. Select the Web application and then on the ribbon click General Settings and from the drop-down menu select General Settings again.
3. Select the appropriate time zone for your Web sites and then click OK. These settings will apply to any new sites that you create within this Web application. Existing sites are not affected.

   

Site Level

You can override the Web application level regional settings with the site level settings. You need to be a site owner to perform this action.

1. Go to the site for which you want to change the regional settings.
2. Go to Site Actions -> Site Settings -> Site Administration -> Regional settings.

   

3. Select the appropriate regional settings for your region, such as Locale, Sort order, Time zone, Calendar, Alternate Calendar, and Time format and then click OK.

   

User Level

If the Web application and site level regional settings are not appropriate for users at different locations, such as different time zones, they can set their own regional settings.

1. Login to the SharePoint site with your user account.
2. Click on the Open Menu in the upper right-hand side and select My Settings.

   

3. Click My Regional Settings.

   

4. Uncheck the box Follow web settings and then select the appropriate setting, such as Locale, Time zone, Calendar, Alternate Calendar, and Time format and then click OK.

   

5. You should now notice your new regional settings applied to your content. For example, if you upload a file it will display your local time and not the time set at the site or Web application level.

By now you may have heard of all the warnings and bad things that can happen if you have Java installed on your computer, like having your credit card or other personal data stolen, identity theft, and spyware installed on your computer after you are redirected to certain sites. Even Department of Homeland Security (DHS) issued a warning in January to disable Java. This is rather unusual because DHS doesn’t usually go around telling people what they should remove from their computers.

Before I tell you how to disable Java, I want to make it clear that Java is not the same thing as JavaScript. They may sound similar but they are two different things.

Difference Between Java & JavaScript

Oracle’s Java is a programming language while JavaScript is a scripting language developed by Netscape and is not part of the Java platform. JavaScript is used inside HTML pages to enhance its functionality and can make your Web pages do things that HTML code won’t let you do by itself.

According to Java.com here are the key differences between Java and JavaScript.

Java is an OOP programming language while Java Script is an OOP scripting language.

Java creates applications that run in a virtual machine or browser while JavaScript code is run on a browser only.

Java code needs to be compiled while JavaScript code are all in text.

They require different plug-ins.

Disabling Java

So now you know that we are concerned about Java, and not JavaScript.You can disable Java on individual browsers, or you can disable Java for all the browsers. I personally prefer to disable them on all the browsers. I use Firefox, Internet Explorer and Chrome on a daily basis on the same computer. If you want to disable Java on an individual browser, for example, Chrome, you can type chrome://plugins, click Disable and then restart the browser. In Firefox go to Add-ons, locate Java platform, disable it and restart the browser. In Internet Explorer it is not easy to disable Java. In fact, even if you go to Java Web site and check if you have Java installed in Internet Explorer, don’t believe it as gospel truth. You can read this InfoWorld article for more information: Disabling Java in Internet Explorer: No easy task. Frankly, besides Internet Explorer, other browsers can also lie and tell you that Java is not installed, when it is.

The security warning issued by DHS was related to all versions of Java 7 through Update 10. Java 7 Update 11 sets the default Java security settings to “High” so that users will be prompted before running unsigned or self-signed Java applets. The latest version is of today is Java 7 Update 13. With all the issues with Java I believe it is best to disable Java altogether on all the browsers. Period!

NOTE: Even after Oracle claimed that they have fixed the problem that prompted DHS to issue a security warning, DHS still insisted that we should disable Java.

Disabling Java in Internet Explorer

1. If you don’t already have Java installed, install the latest version of Java. I know, I am asking you to install Java but you can’t kill the beast if it doesn’t exist. So first you need to install it and then disable it. This will be good for you in the long run. As of today, the latest version of Java is Java 7, Update 13.
2. Windows 8/7/Vista: Go to Control Panel and search for Java. Double-click to open the Java Control Panel.

   NOTE: On 64-bit Windows computers you can also get to the Java Control Panel by using this command at Start, Run: c:\Program Files (x86)\Java\jre7\bin\javacpl.exe. On 32-bit Windows computers, use the following command: c:\Program Files\Java\jre7\bin\javacpl.exe.

   Windows XP: Go to Control Panel and double-click to open the Java Control Panel.

3. On the Security tab, uncheck the box Enable Java content in the browser. This should disable Java on ALL your browsers, even though it doesn’t say that on the screen. This will provide the highest level of security and none of the Java apps (singed or unsigned) will run in your browser. This is the method I prefer.

   

4. Restart your browser, or as a best practice I recommend you restart your computer.
5. To verify that Java is disabled, go to the Java verification site in each browser and verify that you don’t have Java running.

Disabling Java on Macs

For instructions on how to disable Java on Macs, visit JavaTester.org. You will find some very useful information on this site. Among other things, you can also check whether JavaScripting is working in your browser. Remember, you want to disable Java, not JavaScript.

Possible Consequences of Disabling Java

The potential drawback of disabling Java can be that some Web sites won’t display menus properly, or you may not be able to see the stock prices, weather updates or some ads. Frankly, most of us don’t care about this stuff. Even if you do, in my opinion disabling Java far outweighs the benefits of seeing ads or weather updates on different sites.

TIP: If you must use Java because you feel your life is completely miserable without Java and you had some great luck skiing in the avalanche season and skating on thin ice then enable Java in the latest version of Chrome or Firefox, rather than Internet Explorer, because they give you more control on when to run Java on specific pages.

Have I experienced any negative consequences by disabling Java in all three of my browsers (Firefox, Internet Explorer, and Chrome)?

No.

The other day I noticed that my Windows Server 2012 Datacenter was not accepting replication requests. In fact, it was rejecting both inbound and outbound replication. The way I discovered the problem was that I was unable to connect to a couple of Windows Server 8 Enterprise computers that I just added to the network in Remote Desktop Connection Manager v2.2. I was getting the DNS error. I first tried to flush the DNS cache (IPconfig /flushdns) at the command prompt and then tried a few other things. When I looked at one Domain Controller (DC) it had the DNS records of the new computers but the other one didn’t. The DNS servers on both these DCs were Active Directory-integrated. I tried to manually force the replication and discovered that Windows Server 2012 wasn’t accepting replication. This is where I started to troubleshoot the replication problem.

Troubleshooting

I ran DCDIAG on the problem DC using the following switches.

/v: Verbose – Print extended information

/c: Comprehensive, runs all tests, including non-default tests but excluding DcPromo and RegisterInDNS.

/s: Use <Directory Server> as Home Server. Ignored for DcPromo and RegisterInDns tests which can only be run locally.

I piped all the results into a text file because it is easy to read the results in a text file that I can also print out. Here’s the syntax I used.

dcdiag /v /c /s:[Directory Server] > c:\temp\dcdiag_2012_12_24.txt

where Directory Server is the name of the server that is having problems. For example:

dcdiag /v /c /s:MyDC1 > c:\temp\dcdiag_2012_12_24.txt

Evaluating the Results

To evaluate the results, first I skimmed through the results looking for any obvious errors. Then I did a search for the word “failed” to narrow down my search and focus on specific failures. I discovered several things. First of all MyDC1 had failed the Advertising test.

Testing server: Default-First-Site-Name\MyDC1

Starting test: Advertising

Warning: DsGetDcName returned information for \\MyDC2.contoso.com,

when we were trying to reach MyDC1.

SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.

……………………. MyDC1 failed test Advertising

In addition, the DC also failed the Replications test. This was not a surprise because I knew that the DC is rejecting requests for replication. I just didn’t know why.

Starting test: Replications

* Replications Check
[Replications Check,Replications Check] Inbound replication is disabled.

To correct, run “repadmin /options WS12DC1 -DISABLE_INBOUND_REPL”

[Replications Check,MyDC1] Outbound replication is disabled.

To correct, run “repadmin /options MyDC1 -DISABLE_OUTBOUND_REPL”

……………………. MyDC1 failed test Replications

As the results report clearly showed me both inbound replication and outbound replication were disabled. The report also suggested that I needed to run the RepAdmin command to enable them.

The third thing I noticed was that the time service on the DC has stopped and the NetLogon service was paused.

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
w32time Service is stopped on [MyDC1]

* Checking Service: NETLOGON
NETLOGON Service is paused on [MyDC1]

……………………. MyDC1 failed test Services

The NetLogon service is a crucial service. Not only it verifies NTLM logon requests, it also registers, authenticates, and locates domain controllers. Windows Time service is also important because it maintains date and time synchronization on all clients and servers in the network.

Solution: Enable Inbound & Outbound Replication

I followed the instructions in the DCDIAG report and ran the following command at the command prompt.

C:\Windows\system32>repadmin /options MyDC1 -DISABLE_INBOUND_REPL
Current DSA Options: IS_GC DISABLE_INBOUND_REPL DISABLE_OUTBOUND_REPL
New DSA Options: IS_GC DISABLE_OUTBOUND_REPL

Notice the current DSA Options after I ran the command. Both inbound and outbound replications were disabled. After I ran this command now only the outbound replication is disabled, which means the inbound replication is now enabled. I then ran the second command to enable the outbound replication.

C:\Windows\system32>repadmin /options MyDC1 -DISABLE_OUTBOUND_REPL
Current DSA Options: IS_GC DISABLE_OUTBOUND_REPL
New DSA Options: IS_GC

Now both the inbound replication and the outbound replication are enabled.

Solution: Start Netlogon and Windows Time Service

I enabled the Netlogon and Windows Time service in services console (services.msc). At this point I went to Active Directory Sites & Services console and manually replicated from MyDC2 to MyDC1 and it successfully replicated all the objects. I ran the DCDIAG report once again to verify that there were no errors and everything looked fine.

Additional Resources

1. I found this article that has some useful information: Troubleshooting AD Replication error 8456 or 8457: “The source | destination server is currently rejecting replication requests.
2. There are some other utilities like DNSLint that can be useful in troubleshooting DNS name resolution issues. You can download DNSLint from Microsoft here.

There are some major differences between Microsoft Threat Management Gateway (TMG) and Microsoft Unified Access Gateway (UAG). The two products are completely distinct and do not share any code. However, if you install UAG, it will automatically install TMG and if you remove UAG it will automatically uninstall TMG. So they are definitely linked in certain ways. TMG can be installed on Standard, Enterprise or Datacenter editions of Windows Server 2008 SP2 or R2. UAG can be installed on Windows Server 2008 R2 (Standard or Enterprise).

TMG is a software firewall. Unfortunately, it will go away in future as Microsoft doesn’t seem to have any plans for its renewal. However, it will be supported until April 14, 2015 and won’t completely disappear from the scene until April 14, 2020. UAG is also going to be a dead duck. I would love to see Microsoft sell these Forefront products to another company that can turn them into a more useful solution, rather than making them disappear altogether.

The following are some highlights to give you some insight on both these products. This is not a comprehensive list by any means. It’s just something to help you figure out which product might be the right choice for you.

For more information check out this article on TechNet.

When working with Windows computers, especially Windows servers, I often run into situations where the hard drive is running out of disk space. In fact, I have often seen drives literally have no available space on a SharePoint or SQL server. There are too many reasons why a drive can run out of space, or continue to run out of space even if you keep freeing more disk space. In this article I won’t be going into the details of the reasons why drives run out of space but I can tell you that trace logs, SharePoint_Config_log.ldf file on SharePoint 2010, and cache files in %windir%\winsxs\ManifestCache folder on the server and PST files, temporary files, and thumbnails, eating up the disk on the workstation are a few common reasons. I have also blogged about other reasons in the past. The purpose of this article is to show you how to find out the size of some of the largest files on your computer so you can take action and delete them if they are not needed.

Not all large files are needed. If they are not needed then there is no sense in keeping them on your computer. Obviously, you can delete a lot of small junk files but The question is how to find out which are the largest files. A simple way to find out the size of the largest files is to write a PowerShell script. You can then pipe the results of the script to a file and look at them one by one. Here’s a sample script that will display in GB the 5 largest files on your server or workstation. You can change the number 5 at the end of the script to display more or fewer large files.

@echo off
Powershell -noexit “Get-PSdrive  | where { $_.Used -gt 0 } | foreach { Get-ChildItem $_.Root -recurse -force -ErrorAction SilentlyContinue | Select Name,DirectoryName, @{Label=’Size’;Expression={($_.Length/1GB).ToString(‘F04′)}} | Sort Size -descending | select -first 5}”

1. Paste the above script in Notepad.
2. Save the file as a batch file (File, Save As, change “Save as type” to All files, click Save). Give it a name like Top5largestFiles.bat. Make sure you use the .bat extension, otherwise it will not execute as batch file.
3. Start the Command Prompt as an Administrator.
4. Go to the folder where you saved the batch file.
5. Type the name of the batch file (e.g. Top5largestFiles). It’s optional to type the .bat at the end of a batch file because the system automatically knows that it’s an executable file.
6. Wait a while because the batch file needs to go through every file on your computer. The results will be displayed in GB.
7. You can also pipe the results into a text file if for some reason you want to save the results as a reference for future use. For example, type
   5ToplargestFiles > largefiles.txt
   This will send the results into a text file called largestfiles.txt.
8. Once you know which files are the largest files you can go through them and see if some of them can be deleted. Obviously, you have to have certain level of knowledge to understand which files are safe to delete.

As an example, on a SQL Server 2008 R2 if you run out of disk space, you can delete the file that ends with _blobs.bin (e.g. a368b368b28d9265_blobs.bin) in the %windir%\winsxs\ManifestCache folder. According to Microsoft, this file is used by Windows Update mechanism and it is safe to delete this file. However, do not delete or mess with any other files in the WinSxS foder. Even if you delete all the files in the ManifestCache folder, they may appear later after a Windows Update or a reboot but will likely be not as large. Just keep an eye on these files and deleted them when necessary. Here a post from Joseph Conway on TechNet that describes in detail what the WinSxS folder is all about. Unfortunately, there is no known solution to this problem of Windows servers and workstations running out of disk space. Until Microsoft comes up with a solution, here’s a workaround.

Here’s how you can delete files in the Windows\WinSxS\ManifestCache folder.

1. Run the above batch file to find out the top 5 largest files.
2. If the files in the ManifestCache folder are among the largest files then use the following commands.
3. Run Command Prompt as an Administrator.
4. Run the command “net stop trustedinstaller” without the quotes to stop the Windows Modules Installer service. If your OS is running this service then make sure you wait for it to stop, if it’s not running and you get the message “The Windows Modules Installer service is not started” then go to the next step.
5. Type EXIT to get out of the PowerShell command and run the command “takeown /f %windir%\winsxs\ManifestCache\*” without the quotes at the Command Prompt to take the ownership of the folder. This step is necessary because you must take ownership of the folder before giving the Administrators proper permission.
6. If you get an error it’s likely because you ignored the first part of the previous step and ran the command inside PowerShell (if your prompt starts with PS then you are in the PowerShell command). If you run the command in PowerShell you will get the message “ERROR: The system cannot find the path specified.”
7. Run the command “Icacls %windir%\winsxs\ManifestCache\* /grant Administrators:f” without the quotes to grant Administrators Full Access permissions to the folder.
8. The last step is to delete the files in the ManifestCache folder. Run the command “del /q %windir%\winsxs\ManifestCache\*” without the quotes.
9. Restart the Windows Modules Installer service by typing “net start trustedinstaller” without the quotes.

Scheduling Cleanup of ManifestCache folder

The ManifestCache folder will continue to grow in the future but you can create a batch file to cleanup the content occasionally. I would recommend that you clean up the folder only if you need disk space because the cache files will improve performance. This solution is for people who are in desperate need of additional disk space. Here’ a batch file that I use on my SharePoint 2010 server and my SQL Server 2008 R2 server. I saved the content of this batch file in Notepad and named the file CleanManifestFolder.bat. I run this file at the elevated Command Prompt.

@echo off
cls
net stop trustedinstaller
takeown /f %windir%\winsxs\ManifestCache\*
Icacls %windir%\winsxs\ManifestCache\* /grant Administrators:f
del /q %windir%\winsxs\ManifestCache\*
net start trustedinstaller

You can also schedule to run this file with Task Scheduler if necessary.

Disk Cleanup Tool

At this point you may want to go through additional files and delete them if they are safer to delete. On some operating systems, such as Windows 7, you also have the option Disk Cleanup on the drive properties. However, this tool is designed to delete only certain types of files that are safe to delete, such as downloaded program files, temporary Internet files, setup log files, temporary files, thumbnails, etc. It won’t find other files that can be very large and often useless. I still encourage you to go through these and delete them. Especially, the temporary files and thumbnails. I noticed that on my PC, the thumbnails were 79MB but the temporary files were a whopping 13.7GB. Your mileage may vary but the results may surprise you.