Friday, August 19, 2022
  • Home

Troubleshooting event ID 12317, “File Server Resource Manager failed to enumerate share paths or DFS paths.”

September 29th, 2006 by Patrick S

A while ago Jabez Posted an article about FSRM: “Access is Denied” is logged in Event Viewer, Browsing Our Friends blog over at “The Filing Cabnit” It seems some light has been shed on the article as well as a small workaround. Please find most of the article below but don’t forget to check out their blog to get the full story-You rock guys.

EVENT LOG Application
EVENT ID 12317
TIME 5/1/2006 12:15:45 PM
MESSAGE File Server Resource Manager failed to enumerate share paths or DFS paths. Mappings from local file paths to share and DFS paths may be incomplete or temporarily unavailable. FSRM will retry the operation at a later time.
Error-specific details:
Error: (0x80070005) Access is denied.

Although this event doesn’t affect quota functionality, the fact that it occurs hourly has prompted numerous support calls from customers. We’ve isolated the cause and the solution for this event as well, most of the cause anyway.

An Event 12317 showing access denied is caused when the NT AUTHORITY\Authenticated Users group is not a member of the BUILTIN\Users group in the domain. (As you might know, the local BUILTIN\Users group on a domain controller is mapped to the domain built-in group Users. Therefore, the effect of removing NT AUTHORITY\Authenticated Users from the BUILTIN\Users group on a domain controller has a domain-wide effect.  

Why does this cause the event error? Because the DFS RPC endpoint is configured to allow both BUILTIN\Administrators access and BUILTIN\Users access, the latter of which is assumed to contain NT AUTHORITY\Authenticated Users (the default setting). Without NT AUTHORITY\Authenticated Users in the mix, the NetDfsEnum API fails to enumerate the domain-based roots because the FSRM service is authenticating with that identity. The resulting ERROR_ACCESS_DENIED error causes the event to fire.

What we haven’t solved is why NT AUTHORITY\Authenticated Users would be removed from the BUILTIN\Users group. We’ve looked for Active Directory guidance indicating this is a best practice, but we couldn’t find any. We suspect that admins might intentionally remove this group in an attempt to increase security.

So, to resolve this event, add NT AUTHORITY\Authenticated Users to BUILTIN\Users group on the PDC emulator. You can check this by launching Active Directory Users and Computers and looking in the Builtin folder for the domain. The Users group must contain the Authenticated Users group. If it does not, you can add it using the snap-in. Next, stop and restart the FSRM-related services (srmreports and srmsvc) on the file servers where FSRM is running.

If you were one of the 39 people requesting updates on the article that Jabez posted a while back i will alert you ASAP with links to this article and the one at the File Cab.
Hope the information helps-All credit is to the guys at the Filing Cabnit Blog

Posted in Bugs, Windows Server System | 2 Comments »

Using network shares as targets for the file-based Backup tool in Windows Vista

September 29th, 2006 by Patrick S

Beta testers using the file backup application in Windows Vista have complained about being prompted for a user name and password after they try to back up to a network share. It’s especially frustrating for users who know they already have access to the share. Though this behavior might seem like a bug, there’s a good reason why the prompt occurs: the backup application needs to store the user name and password for the share so that when the scheduled backup job runs, under the “LocalSystem” account, the backup application can use those credentials to access the share.  If the backup application didn’t gather these credentials ahead of time, you would be prompted to enter them before each backup. (And I should mention that if the password changes at some point, you’ll need to re-enter the credentials in the backup settings or else the next backup will fail, and the resulting error message will then link you to a UI that lets you update the backup configuration.)

Read the rest of this article at our Friends-The Filing Cabinet Blog

Posted in MS News, Windows Vista | Comments Off on Using network shares as targets for the file-based Backup tool in Windows Vista

Virtual PC 2007 beta coming “soon”!

September 29th, 2006 by André Nogueira

I just went to Connect, and saw that one of their upcoming betas is… Virtual PC 2007! This might not be great or even unexpected news, but it’s good to see they’ll be beta testing this version – I had countless problems with the “Alt Gr” key… (did they only test VPC2004 with US keyboards?)

The beta will run from 10th November 2006 until 30th March 2007. You can only apply for the beta during this period, so there’s no need to logon to Connect now 🙂

I know not if these dates are final, or if nominations will begin prior to the beginning of the beta period – I’ll try to find more info, and keep you posted.

The Virtual PC Guy’s WebLog blog doesn’t seem to have any info about the beta… But i’ll be monitoring it for information!

Source: Connect

Posted in MS News | Comments Off on Virtual PC 2007 beta coming “soon”!

School Shootings – What is the world coming to?

September 29th, 2006 by Kristan M. Kenney

It’s not often I write about subjects such as this – but it seems like for the last few months, all that has been on CNN is school shootings. Take for instance the incident earlier this week regarding the 53-year-old that walked into a school, took 6 female hostages, molested them, and shot one of them in the back of the head before killing himself. Or the incident of a student in Montreal who killed one student and injured 19 others before killing himself on September 13th? Let’s not forget the Columbine school shooting that happened in 1999, either.

I myself am still in high school – and it is incidents like this that make me think sometimes, could it happen locally? Sometimes they say that you never fully realize the impact of an event until it actually happens close to home.

What is the world coming to? Public high schools should be a safe place for students to learn and make friends – not get shot up. What has the government done to curbstomp this kind of behavior? What CAN be done about it? Where the hell are the kids getting the guns and ammunition?

If you’ve watched the movie Bowling for Columbine (I enjoyed it, a great work of art by Michael Moore) – they showed a clip of someone who had a rifle on them… it was disassembled and stashed under their clothing… you couldn’t even tell he had anything on him. How can schools stop this if they have no way of telling if someone has a gun on them?

This shit needs to stop – lock the damn gun registry down and enforce the law like you’re supposed to, taxpayers aren’t shelling out their cash to you politicians for nothing, mmkay? Parents, stop leaving your ****ing gun cabinets unlocked!

Posted in Daily Life | 12 Comments »

ZDNet Asia: Who is draining your file server storage space?

September 29th, 2006 by Jabez Gan [MVP]

My article posted in ZDNet Asia :

Have you ever noticed that your file server storage space has quickly run out after upgrading the file server storage device?

Your management might say: “Our employees are doing a great job! They are doing loads more work!” But have you ever wondered what is actually stored in the server? Are they all work related files?

While working on a freelance basis for IT departments in many small companies, I have found, on browsing the file server, that computer users store non-work related files like MP3 or video files.

Although I don’t personally mind that computer users store these files temporarily for the occasional viewing, it is not acceptable when each employee stories his or her own collection of music, jokes or videos without deleting them from time to time.

System administrators can save time spent monitoring the file types that users have by using the File Server Resource Manager (FSRM) which is a feature in Windows Server 2003 R2.

View more at source:,39044904,39393227,00.htm

Posted in Windows Server System | Comments Off on ZDNet Asia: Who is draining your file server storage space?

Vulnerability in Windows Shell Could Allow Remote Code Execution

September 29th, 2006 by Kristan M. Kenney

Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.

The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View.

Microsoft is working on a security update currently scheduled for an October 10 release.

Customers are encouraged to keep their anti-virus software up to date.

Affected Software:

  • Microsoft Windows 2000 Service Pack 4
  • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
  • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows Server 2003 for Itanium-based Systems, Microsoft Windows Server 2003 with SP1 for Itanium-based Systems, and Microsoft Windows Server 2003 x64 Edition

To work around this issue:

Temporarily prevent the Microsoft WebViewFolderIcon ActiveX control from running in Internet Explorer

You can disable attempts to instantiate this ActiveX control in Internet Explorer by setting the kill bit for the control in the registry.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

For detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow these steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.

To set the kill bit for a CLSID with a value of {e5df9d10-3b52-11d1-83e8-00a0c90dc849}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{e5df9d10-3b52-11d1-83e8-00a0c90dc849}]
“Compatibility Flags”=dword:00000400

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{844F4806-E8A8-11d2-9652-00C04FC30871}]
“Compatibility Flags”=dword:00000400

Impact of Workaround: Web sites that use the WebViewFolderIcon ActiveX Control may no longer display or function correctly.

Source: Microsoft TechNet Security Advisory

Posted in Security | Comments Off on Vulnerability in Windows Shell Could Allow Remote Code Execution

Microsoft Launches Forefront Security for SharePoint Beta

September 29th, 2006 by Patrick S

As mentioned in the Redmond Wash-Microsoft Corp. today is launching the public beta of Forefront Security for SharePoint ( This latestrelease of Microsoft Forefront security products for businesses is based on Antigen for SharePoint Server, the multi-engine security solution acquired by Microsoft as part of the acquisition of Sybari Software Inc. in 2005.

Forefront Security for SharePoint is optimized to provide advanced protection for Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0. Microsoft SharePoint products and technologies facilitate easy collaboration across an organization, connecting people, processes and systems within and beyond organizational boundaries. Forefront Security for SharePoint uses the combined power of multiple antivirus engines from leading security providers to protect against viruses, unwanted files and inappropriate content.

Microsoft Forefront Security for SharePoint delivers the following: 

  • Protection against the latest threats.  Forefront Security for SharePoint simultaneously utilizes up to five antivirus engines from leading security vendors to provide customers with increased protection against malware threats, inappropriate content and dangerous files types. This latest release includes the new Microsoft Antivirus engine.
  • Integration to help optimize server performance.: Integration with Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0, as well as scanning innovations and performance controls, help ensure optimal collaboration server performance.
  • Simplified management control.: Forefront Security for SharePoint provides centralized management control to help ensure organizations can simply and cost-effectively deploy, manage and maintain the security of their collaboration servers.

The launch of Forefront Security for SharePoint will coincide with the general availability of Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0, which are scheduled to be available to businesses by the end of 2006 and generally available in early 2007. It will be available through Microsoft’s global channel of Security Solutions Competency partners. Companies can download the beta release at

Posted in Beta News, MS News, Products, Windows Server System | Comments Off on Microsoft Launches Forefront Security for SharePoint Beta

Daniel Lai-Asia MVP Best Practice of the Month

September 29th, 2006 by Patrick S

Our very own Daniel Lai from MSBLOG was just awarded the “MVP Best Practice Of The Month” Award for his Training Guide on Business Desktop Deployment 2007.

Microsoft Solution Accelerator for Business Desktop Deployment 2007 Beta 1 aims to be the best practice guidance on how to optimally deploy Windows Vista and the 2007 Office system. It was spreading out across 6 technical websites including Microsoft newsgroups and TechNet Blog

Daniel has many achievements under his belt-he has written an adv training guide, been invited to deliver internal training to MSFT employees and even teaches Hong Kong MSFT epg Employees on Vista Development 

We here at MSBLOG are proud to have a good friend such as Daniel who strives to be the best…For that we congratulate him-Well Done Daniel and keep em coming!

Posted in Daily Life, MSBLOG Related, MVP Program, Windows Vista | 1 Comment »

Public DPM V2 Beta Released!

September 28th, 2006 by Joseph Bittman MCSD .Net

Today, Microsoft announced the public availability of the DPM V2 Beta!!! 🙂

  Read Karan’s post in the NG: (more details in the presspass article – see bottom for link) 

Announcing Data Protection Manager v2 Beta
Today, at Storage Decisions in New York, Microsoft announced the public beta
of System Center Data Protection Manager version 2.

Data Protection Manager (DPM) is a key member of the Microsoft System Center
family of management products, designed to help IT Pros manage their Windows

Today, DPM 2006 delivers centralized backup for branch offices, while
providing rapid and reliable recovery of files from readily accessible disk
instead of waiting to locate and mount tapes.  Restores are achieved from an
easy-to-use IT administrator interface, as well as enabling end-users to
restore their own data directly from Windows® Explorer or any Microsoft
OfficeT application.

Data Protection Manager (DPM) v2 is the next generation of Microsoft’s data
protection platform – and the backup/restore tool that administrators of
Microsoft networks have been asking for.

DPM “v2” sets a new standard for Windows backup and recovery — delivering
continuous data protection for Microsoft application and file servers to a
seamlessly integrated secondary disk and tape solution on the DPM server.
DPM enables better backups as well as rapid and reliable recoveries for both
the IT professional and the end-user.  DPM significantly reduces the costs
and complexities associated with data protection through advanced technology
for enterprises of all sizes.

DPM version 2 provides:

·     Continuous Data Protection for Windows Application and File Servers –
DPM protects core Windows Server workloads (Exchange, SQL, SharePoint and
File) by continuously capturing data changes with application-aware
block-level agents, providing an easy-to-manage and robust disk/tape back
end platform, and one-click lossless application recovery.

·     Rapid and Reliable Recovery – DPM enables IT administrators and
end-users to easily recover data in minutes from easily accessible disk
instead of locating and restoring from less-reliable tapes.

·     Advanced Technology for Enterprises of all sizes – DPM brings together
the best aspects of CDP real-time protection with traditional tape
backup/restore to provide a comprehensive disk to disk to tape data recovery
solution.  Combined with Microsoft’s experience in Windows Server
technology, DPM v2 provides a technically advanced and comprehensive data
protection solution for the most demanding Windows environments – from the
SMB to the Enterprise.


·     Read the Beta Announcement press release

·     Customers can go to for more details.

·     Partners go to

·     Anyone can send email to for more information.

Karandeep Anand [MSFT]
This posting is provided “AS IS” with no warranties, and confers no rights.



Posted in MS News | 2 Comments »

The BBC and Microsoft – exploring new digital media together

September 28th, 2006 by Zack Whittaker

Here’s the press release from the BBC:

Quote (slightly edited)
The BBC has signed an agreement with Microsoft to explore ways of developing its digital services. The non-exclusive memorandum of understanding sets out a framework for joint projects between the two organisations.

This includes plans for next-generation web 2.0 and ways to share online content in the future. BBC director general Mark Thompson said there had been unprecedented rates of change in technology. He said: “To ensure that the BBC is able to embrace the creative challenges of the digital future, we need to forge strategic partnerships with technology companies and distributors for the benefit of licence payers.”

Mr Thompson and Ashley Highfield, director of new media and technology at the BBC, met Microsoft chairman Bill Gates on Wednesday as part of a fact-finding tour in Seattle, US. They are also speaking to other companies, including Real Networks, IBM and the makers of the virtual world Second Life. A BBC spokeswoman said the memorandum of understanding was the beginning of a dialogue between Microsoft and the BBC.

Potential areas of collaboration include search and navigation, distribution and “content enablement”. However, any procurement of new technology with the company would be subject to regulatory approval. Bill Gates said: “Microsoft’s strength is in driving digital innovation, and our vision is to open up rich, new consumer experiences that allow people to enjoy digital content anytime, anywhere and on any device.

“This vision fits squarely with the BBC’s charter to lead the industry in delivering content that is compelling and accessible.”

Posted in Corporation, Media Center/Media Player | Comments Off on The BBC and Microsoft – exploring new digital media together

The REAL VML patch is out

September 26th, 2006 by Patrick S

Microsoft has released a patch against the VML vulnerability outside of their normal update cycle.
Which is great-they obviously though that this was a VERY serious issue

The patch is available right now via

Go get it NOW if you run Windows IE 6.x

Now with Ajax

Posted in Internet Explorer, Security | 1 Comment »

The importance of testing

September 26th, 2006 by André Nogueira

Testing software products is a stage of development which generally doesn’t receive much attention. To try and change this (and because I want to learn more about testing myself), I’ll be writing a series of posts on testing – not necessarily software, but rather testing in general.

But why is testing perceived as a minor, unimportant process? Several reasons can be attributed to the lack of attention given this vital part of product development:

1) High costs
2) The need to hire dedicated personnel
3) The belief that programmers can test their own code
4) A large number of other things I can’t think of right now

While 2) is true, 1) and 3) are not necessarily true. Much of the time and money spent on software development is usually spent finding and squashing bugs near the project’s due date – had these bugs been found earlier in the process, the time and money spent would have been greatly reduced.

Another usual practice is beta testing only the code. “What else can you beta test?”, you might ask. While at first sight it might that beta testing ideas and specifications is rather absurd, practice shows it is not.
Sometimes whole projects fail to achieve their goals because the initial specification wasn’t good or clear enough, or maybe because the idea wasn’t correctly captured. More often than not, only during the coding phase do developers find that functionality has to be added, removed, or changed.

Plenty of information on testing exists, but most of it is scattered or isn’t easy to find. With these posts I hope to give everyone pointers and ideas on how to better set up a test environment, so we’ll all build better software. Testing isn’t a burden or a minor task – it’s a task as important as planning or development, and which requires participation by all involved in creating the product.

I do hope you’ll enjoy reading this series of posts as much as I’ll enjoy writing it! And, of course, if you disagree with something I say… please comment! 😀

Posted in Testing | 1 Comment »

Windows Vista Build 5728: 64-bit Version Available; Build Availability Window Closing Soon

September 26th, 2006 by Patrick S

Here is a quick update regarding the release of interim build 5728:

  1. The 64-bit version of build 5728 is now availabile in both German and English. 
  2. The window is rapidly closing for download of the English build, as Microsoft near their targeted download quantity.  If you’ve not yet downloaded the build, I would suggest doing so today.

Posted in Beta News, Windows Vista | 4 Comments »

Why Windows Genuine Activation sucks

September 26th, 2006 by André Nogueira

Even if you don’t use Windows, it’s almost certain you’ve heard about activation – when you install Windows you can use it only for a few days without activating. After that, you’ll need to activate it (ie. communicate with a Microsoft server to tell it you’ve just installed Windows, and receive a message saying if it was successful or not) or it you’ll only be able to start Windows in safe mode.

But does Windows Genuine Activation (WGA) work? Not likely. Is it completely transparent and hassle-free for legitimate, paying customers? Maybe in a parallel universe, but not on Earth.

Being a beta tester for several companies I format my computers all the time. I have a handful of licences, but I don’t keep track of what licence is installed on what computer – the family computer has an OEM version of Windows installed, and on all other computers (which get formatted at most once a week) I use the first product key I can grab. I have 3 full XP licences for 2 computers, so I’m certainly not a pirate, right? Not according to Microsoft.

I don’t know how many activations you’re allowed to have during a given time period, but I’ve lost count of the number of times Internet activation failed because I had activated “too many times”. When this happens you have no alternative but to call – not too big a deal, right? Wrong. I don’t know how it’s like in the rest of the world, but at least in Portugal there are two phone numbers – a regular paid one, and a toll-free one. The problem? More and more people don’t have fixed phones anymore, just mobile phones, and here in Portugal you can’t call the toll free number from your mobile phone – you get a signal like the number didn’t exist. If you want to activate from a mobile phone, you have to pay the 10 minute phone call (this includes trying to activate by phone, hearing all the instructions you can’t skip – I’ve tried countless times – and explaining what happened to the operator you’re transfered to when activation fails).

Furthermore, your copy isn’t deactivated when you uninstall. Imagine you work on a small business which owns a boxed version of, say, Office. You’ll be doing a presentation later that week, so you install Office 2003 on your laptop, since now you only have Office 2000. You install and activate, but something went wrong with the upgrade – addins stopped working, random crashes… You format your computer, and install and activate Office 2003 again. This time everything works, but at the last moment you find that your laptop is too old to play that embeded video in your presentation, so you uninstall Office and install and activate it on your boss’s brand new laptop. Chances are you’ll have a problem activating, even though these are legitimate uses – you can have the boxed version installed on only one computer, which was the case here. However, because programs aren’t deactivated Microsoft thought Office was installed in 3 computers at the same time when in fact it was installed in only one. Trying to convince the operator that you’re not breaking the licence can be though, or at least take some time. And if you think this was just some made up story of what could happen, think again – this happened to me last Sunday.

But think about it – just who is prevented from installing pirated copies of Windows? Have pirated copies of Windows stopped circulating? They haven’t – on the contrary, with the widespread usage of peer-to-peer software it’s never been easier to find cracked software, including software which requires activation.

So to sum up… Is WGA serving its purpose? No, and I honestly don’t believe WGA in Vista will be any different. What WGA is doing – and it does this brilliantly – is annoy paying customers, preventing them from doing their work. I’ve lost count of the number of times I went to some company to prepare the computers for some presentation later that week, and ended up having to install OpenOffice.Org because I couldn’t activate their copies of Office. If anything, WGA is the #1 reason for people to stop using Office and Windows.

Resources which are currently being wasted with WGA could very well be used for more interesting projects – perhaps make some Microsoft Research prototypes a reality, or creating new products all together. As it is, WGA is doing nothing more than making Windows, Office and other products which use it a bit more expensive because of the money spent on developing and maintaining it.

Edit: It was suggested in the comments section that I simply don’t activate Office and Windows, since I will be reinstalling them anyway. Since Office (at least all the versions I’m using) limit you to opening Office applications X times, I have to activate. I can’t take the chance of needing to edit a document or make a presentation, and have Office tell me “Sorry, you can’t – you need to activate”. Regarding Windows, it could work if it weren’t for the fact that without activating I can’t get access to Windows Update and a lot of downloads on Microsoft Download Center. To be able to fully use those two services, you need to have an activated copy of Windows (not all downloads from the Download Center require activation, but many do).

Posted in Computing, Microsoft, MS News, Windows Vista, Windows XP | 11 Comments »

The Microsoft Usability team needs testers in Seattle!

September 26th, 2006 by André Nogueira

According to Microsoft’s usability homepage, they’re looking for testers in the Seattle area:

Let us know if you live in the Seattle Washington (USA) area and match one of the profiles below. We may have a study for you!

• Mac User
• MP3 Player Owner
• C++ Developer
• Xbox 360 Game Player
• Project Manager
• Software Tester

If you match one of our Hot Profiles above, E-mail us with the study that interests you in the subject line. We’ll reply to your mail about participation in one of our studies!

Even if you’re not in the Seattle area, you can still register with the Usability team – in their site they say that some studies are conducted online!You can find more info at the Microsoft Usability website

Posted in Beta News, Microsoft, MS News | Comments Off on The Microsoft Usability team needs testers in Seattle!

« Previous Entries