Random ramblings

of a System Administrator

September 13, 2017
by ugrin

So SharePoint thinks my file is checked out!

Recently I had an issue with a word document that was marked as checked out in SharePoint 2013 but there was no checked out icon nor I could check in the file. At first I taught I could use the Discard Check out button in the Office ribbon in the FILES section. The button was greyed out and i wasn’t able to edit the file. Every time i would press Check Out, there will be an error popping up saying that the file was locked for editing and checked out for another user. I contacted the user and asked him to login inside and check if he was able to Check In the file. Unfortunately he was also unable to Check In the file. He also got the same error saying that the file was Checked Out by him.

So what to do?

As always there is a solution but we have to use powershell and open the webpage using powershell in the context of the user and use the ReleaseLock cmdlet.

First we have to get the UserID for the user that holds the file:

$myWeb = Get-SPWeb http://thenameofyoursite

$myFile = $myWeb.GetFile(“the path to your document”)

$myUserID = $myFile.LockedByUser.ID

$myUser = $myWeb.AllUsers.GetByID($myUserID)


Now that we have the user ID, we can open the site in the context of this user and do the ReleaseLock:

$impSite = New-Object Microsoft.SharePoint.SPSite($myWeb.Url, $myUser.UserToken)

$impWeb = $impSite.OpenWeb()

$fileURL = “the path to your document”

$impFile = $impWeb.GetFile($fileURL)



That is it. The file should be released and it can be accessed by other users.


May 23, 2017
by ugrin

SharePoint list with fixed/freezed header

A customer asked if SharePoint has an option to fix/freeze the header with the columns names when you have a really large list. I didn’t know the answer so I told them that I will try and solve the problem for them. The problem is a pretty common one, the SharePoint list can always be opened in Excel and there you can easily fix the header. But what about the SharePoint view for this list.

I came across this  solution called STICKIHEADERS for SharePoint. You can find it here: http://spoodoo.com/products/stickyheaders-for-sharepoint/

So how can we implement it? If you want it only for a single list, you can follow my instructions here. You will first need to download this files:

  1. the stickiheader JQuery solution: you can find it here
  2. the jquery.min.js soluton: you can find it here

You can upload both files to your Site Assets library on your SharePoint Page. Open your site, go to Site Contents and than go to Site Assets. Click on the Files tab and choose Upload Document. Choose both documents and wait for them to upload to your SharePoint library.

After you finish with the upload, you can browse to your list. Click Edit Page and click on Add web part. Choose Media and Content and from the web parts choose Script Editor.

The Script Editor will be added to your site and you can click Edit Snippet on the right.

Paste the following text inside the Edit Snippet windows:

<script src=”http://your_sharepoint_site_link/SiteAssets/jquery.min.js”></script>
<script type=”text/javascript” src=”http://your_sharepoint_site_link/SiteAssets/StickyHeaders_3.1.1.js”></script>

Click Insert and after that click on Stop Editing your page.

After you click it you can try and scroll your list and see that the header is now flowing just as you browse.



May 23, 2017
by ugrin

Free/Busy Information not working in an Exchange hybrid environment

After configuring our hybrid environment and moving a couple of test mailboxes to the Cloud, I found out that none of our migrated mailboxes can see the Free/Busy information for people that have mailboxes on-prem. This is a tricky problem since the Free/Busy information works for both: users that have mailboxes on-prem and when a user that has mailbox on-prem tries to access a Calendar in Outlook for a user that has a mailbox in the Cloud. I’ve tried to solve this problem using Google since this is a very common problem. I’ve even checked Microsoft article https://support.microsoft.com/en-us/help/2555008/how-to-troubleshoot-free-busy-issues-in-a-hybrid-deployment-of-on-premises-exchange-server-and-exchange-online-in-office-365 and made sure that everything works. The funny thing was that even though Outlook had problems retrieving the Free/Busy information, every time I tried the Exchange Connectivity test from the Office365 tab that you can find here https://testconnectivity.microsoft.com/ I received a successful attempt and I could see the appointments for the on-prem user. I’ve also tried the Outlook autodiscover test from the Exchange server tab and this test also completed successfully.

We have a pretty complex Exchange environment. We have 4 Exchange servers on 3 locations. Three of the servers form a DAG where we have 10 Exchange Databases. Three of the servers are also part of an CAS array. All our Exchange servers are Exchange 2010 with SP3 and the latest CU installed. I’ve configured the Hybrid environment using Microsoft’s hybrid configuration wizard and it also completed without reporting any errors. I’ve enabled the hybrid configuration only for two domains from the 10 that are accepted on our Exchange servers. Both domains are of course federated with Office365.

I’ve actually opened a case with Microsoft Support about this problem and they provided an online troubleshooter for this problem. You can find it here:  https://support.microsoft.com/en-us/help/10092/troubleshooting-free-busy-issues-in-exchange-hybrid-environment

I’ve started the troubleshooter and choose the problem I had: My Cloud user can’t see free/busy for an on-premises user.


We tested the free/busy information on-prem and decided it works.


We also verified that the autodiscover is resolving to our on-prem Exchange CAS server. Just to be safe we verified using both methods.

We connected to Exchange Online (you can find the guide here: https://technet.microsoft.com/library/jj984289(v=exchg.160).aspx) and tested the Organization Relationship. There was no need to change everything since everything was set up correctly.

The next steps should be done on all Exchange Servers that are members of the CAS array.


We checked the IIS logs on both CAS servers and searched for the autodiscover part and didn’t find any errors.

We also checked the IIS logs for exchange.asmx/wssecurity.

We’ve checked the EWS external URL and it was already setup correctly and accessible from the internet.

WSSecurity was enabled on our Autodiscover directory and on our EWS directory.

We’ve checked the Handler Mappings on our EWS directory in IIS on all of our CAS servers and svc-Integrated was not missing.

The solution for our problem was on Step 10. We checked all CAS members for the svc-Integrated handler mapping for the Autodiscover endpoint and on one of them a lot of the handler mappings were missing. There is a link in the troubleshooter for resolving this error by doing a re-register of the dlls for .NET 3.0, but we chose a different method. We knew that there is nothing wrong with our other endpoints so we decided to re-create the Autodiscover endpoint on the server that had a problem.

  1. First we made a backup of the settings for this endpoint using this powershell cmdlet:
    Get-AutodiscoverVirtualDirectory -Identity “<name_of_your_exchange_server>\Autodiscover (Default Web Site)” | FL
    The parameters you need to write down are: BasicAuthentication, WindowsAuthentication, WSSecurityAuthentication, Path, InternalUrl, ExternalUrl and WebSiteName
  2. After that we removed the virtual directory using this powershell cmdlet:
    Remove-AutodiscoverVirtualDirectory -Identity “<name_of_your_exchange_server>\Autodiscover (Default Web Site)” -DomainController <name_of_your_domain_controller>
  3. To create the virtual directory you can use this powershell cmdlet:
    New-AutodiscoverVirtualDirectory -BasicAuthentication $true -WindowsAuthentication $true -WSSecurityAuthentication $true -Path “the_path_to_your_Exchange_Autodiscover_folder_on_your_disk” -InternalUrl “the_url_for_your_autodiscover_service_that_is_reachable_internally” -ExternalUrl “the_url_for_your_autodiscover_service_that_is_reachable_externally” -WebSiteName “Default Web Site” -DomainController <name_of_your_domain_controller>
  4. Do an iisreset on the server you just created the Autodiscover virtual directory.

After we recreated the virtual directory we tried to access the Free/Busy Information from a cloud mailbox for a user that is on-prem and immediately got a success and were able to see the info.

I didn’t reach the end of the troubleshooter since this was my problem but if nothing of the above solves your problem you can try to reach the end of the troubleshooter.

Some of the blogs I’ve found on the internet suggest you do a IIS reset on all your CAS servers but unfortunately that didn’t do the trick for me.



July 15, 2014
by ugrin

Direct Access not working “IPv6 is disabled. Contact your admin for help”

A strange problem started to show up with certain Windows 8 and Windows 8.1 client computers using Direct Access for HQ connection. The client computer is trying to connect through the Direct Access tunnel and the error it shows when you click on the Direct Access connection name is “IPv6 is disabled. Contact your admin for help”. We have not made any changes to the clients IPv6 settings nor have changed any of the Group Policy Objects concerning Direct Access.

After some digging I found out that the IPv6 protocol on the client computer has been Disabled using the registry. You can check it by opening the registry editor and going to the hive:


There should be a DWORD key with the name DisabledComponents that has a value different from 0x00000000 (in my case the value of 0x0000008e was added).

All you have to do is either delete this key or set it to 0x00000000 and restart the computer.


After I set it to 0 and restarted the computer the Direct Access connection started working again.




July 15, 2014
by ugrin

Juniper SRX “Your session has expired” no matter where or what you click

When you log in your Juniper SRX device using the web interface you may experience a strange problem where whatever or wherever you click you get a popup saying “Your Session has expired. Click OK to redirect to login page”.

The problem is that the SRX has no more free space to create new web pages so it just says Your session has expired.


When you check the storage of the device you can see a very strange thing of  Available memory being overused (-25.6 MB in my case and capacity of 108%).

You can check the available storage using this command:

show system storage

To solve the problem you will have to do a system storage clean-up using this command:

request system storage clean-up

It will list a bunch of files that you probably don’t need.

After that the web console or the JWeb interface is working again.



July 11, 2014
by ugrin

UAG 2010, an unknown error occured while processing the certificate

While fixing some other errors on our UAG 2010 server (enabling Windows 8.1 and Internet Explorer 11 support), I came across a strange error about the backend server certificate. The error I got was:

“An unknown error occurred while processing the certificate. Contact the site administrator”

I connected to the backend server (a sharepoint 2010 server) and checked the certificate. It was a certificate issued by my domain CA and nothing was wrong with it. There was no error if I open the site from within my network but the UAG server was still giving me error.

The solution was to disable the certificate validation and CRL validation on the UAG server. This are the steps you need to do on your UAG server:

  1. On the UAG Server, open the Registry Editor (Start –> Run –> Type “regedit” and click OK).
  2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\Von\URLFilter\Comm\SSL.
  3. To cancel the validation check, right-click ValidateRwsCert, select Modify, and change the Value data to 0.
  4. To cancel the CRL check, right-click ValidateRwsCertCRL, select Modify, and change the Value data to 0.
  5. Close the Registry Editor
  6. Activate the UAG configuration to make the change permanent (otherwise, a reboot will revert it)
  7. If this is applied to a UAG array, the registry needs to be edited only on the array manager. The activation will push it to the other server/s
  8. Restart the IIS service on the Forefront UAG server. If this is an array, this needs to be done on all members.

After the restart the webpage was again accessible from all devices (mobile, outside the network, domain computers…)


July 10, 2014
by ugrin

Hyper-V virtual machine not starting, “General access denied error” (0x80070005)

Last night I got a strange error after restoring a vhd from our Data Protection Manager 2012 R2 server. The virtual machine didn’t start and all the error was a General access denied error, like the system cannot read the vhd file.

I started digging and found a KB article from Microsoft with the same description: http://support.microsoft.com/kb/2249906

The actual error you get if you click the job is something like this:

‘VMName’ failed to start.
Microsoft Emulated IDE Controller (Instance ID
{83F8638B-8DCA-4152-9EDA-2CA8B33039B4}): Failed to Power on with Error ‘General
access denied error’

IDE/ATAPI Account does not have sufficient privilege to open attachment
‘E:\VMs\VMName\Disk0.vhd. Error: ‘General access denied error’

Account does not have sufficient privilege to open attachment
‘E:\VMs\VMName\Disk0.vhd. Error: ‘General access denied error’

If you click see details you will see some additional information:

‘VMName’ failed to start. (Virtual machine ID

‘VMName’ Microsoft Emulated IDE Controller (Instance ID
{83F8638B-8DCA-4152-9EDA-2CA8B33039B4}): Failed to Power on with Error ‘General
access denied error’ (0x80070005). (Virtual machine ID

‘VMName’: IDE/ATAPI Account does not have sufficient privilege to open attachment
‘E:\VMs\VMName\Disk0.vhd. Error: ‘General access denied error’ (0x80070005). (Virtual
Machine ID 5FC5C385-BD98-451F-B3F3-1E50E06EE663)

‘VMName’: Account does not have sufficient privilege to open attachment
‘E:\VMs\VMName\Disk0.vhd. Error: ‘General access denied error’ (0x80070005). (Virtual
Machine ID 5FC5C385-BD98-451F-B3F3-1E50E06EE663)

To fix the error follow this steps:

  1. Note the Virtual Machine ID that is listed in the “‘General access denied error’ (0x80070005)” error message.

    For example, consider the following error message:

    ‘VMName’: IDE/ATAPI Account does not have sufficient privilege to open attachment
    ‘E:\VMs\VMName\Disk0.vhd. Error: ‘General access denied error’ (0x80070005). (Virtual
    Machine ID 5FC5C385-BD98-451F-B3F3-1E50E06EE663)

    In this example, the Virtual Machine ID is 5FC5C385-BD98-451F-B3F3-1E50E06EE663.

  2. Open an elevated command prompt.
  3. To give the Virtual Machine ID (SID) access to the .vhd or .avhd file, type the following command, and then press Enter:
    icacls <Path of .vhd or .avhd file> /grant "NT VIRTUAL MACHINE\<Virtual Machine ID from step 1>":(F)

    For example, to use the Virtual Machine ID that you noted in step 1, type the following command, and then press Enter:

    icacls "E:\VMs\VMName\Disk0.vhd" /grant "NT VIRTUAL MACHINE\5FC5C385-BD98-451F-B3F3-1E50E06EE663":(F)
  4. Start the virtual machine.

After this the Virtual Machine starts normally.

July 10, 2014
by ugrin

Installing Forefront Unified Access Gateway 2010 service packs

Recently some of our users started complaining that they get a strange error every time they try to access a sharepoint page published through our UAG 2010 Sp1 server. They all have Windows 8.1 and Internet Explorer 11 so they started getting the mobile access page instead of the usual UAG access page.

I’ve tried to trick the browser using the developer mode in internet explorer and set it to emulate an older version of Internet Explorer but couldn’t make it work.

The only thing left to do was to update our UAG server to the latest service pack (SP4) which supports Windows 8.1 and Internet Explorer 11.

Microsoft claims that if you are doing an in-place update or installation of a service pack for UAG 2010 that the setup process takes care of the export, update and import of the configuration. As I found out 2 hours later after my initial SP installation, that is not true. The first strange thing is that the UAG service packs are not cumulative. If you have Forefront UAG 2010 SP1 update rollup 1 installed you will have to install first SP2, then SP3, then update rollup 1 for SP3 and in the end SP4. And every time you upgrade you will have to do a configuration update using the Config Update utility.

Before you begin the procedure I advice you do either a snapshot if your server is a virtual machine, or a DPM backup of the virtual machine. We are using Data Protection Manager 2012 R2 so I’m going to do a virtual machine backup before I start the procedure.

After you create a backup or a snapshot you need to do an export of your configuration. Open the UAG console and select export from the menu. Save the file and please don’t forget the password 🙂

The installation of all the service packs is pretty straightforward. If your server has UAC enabled you will have to start a CMD in administrator mode and start the update from there.

You should always restart the server after every update. After the restart check if your configuration got imported properly. Mine wasn’t so I had to start the Configuration Update utility (you can find it in Common\Bin directory).

The whole process lasted a little over 2 hours on our UAG server. After that the users with Windows 8.1 had no trouble accessing the sharepoint webpage.


February 22, 2014
by ugrin
1 Comment

Asterisk trace your calls

How to traceroute calls in Asterisk (do a sip trace of your call)

log in to shell

Type asterisk -r to enter the CLI

core set verbose 3

core set debug 3

sip set debug ip X.X.X.X, this is the source or the destination IP address that you want to capture

Place your calls and after you are finished you can disable debugging using:

sip set debug off

February 22, 2014
by ugrin
1 Comment

How to install Linux integration Services on CentOS 6.5 on Microsoft Hyper-V Server

With the new version of CentOS (6.5) and the new version of Microsoft’s Linux Integration Services (LIS) 3.5 we don’t need to add a legacy network adapter first and then change it with a standard network adapter. This is a step by step guide for installing LIS on a Microsfot Hyper-V Server virtual machine running CentOS 6.5.

  1. Create new VM with a standard Network Adapter.
  2. Download CentOS 6.5 minimal if you want to install a server without GUI or CentOS 6.5 if you need the  server with the GUI. You can download it from www.centos.org
  3. Download LinuxICv3.5.iso (http://www.microsoft.com/en-us/download/details.aspx?id=41554)
  4. After the installation of CentOS is finished mount the LinuxICv3.5.iso
  5. To copy and install the Integration Services package type the following commands:

mkdir -p /mnt/cdrom

mount /dev/cdrom /mnt/cdrom

cp -rp /mnt/cdrom /opt/linuxIC

umount /mnt/cdrom

cd /opt/linuxIC/RHEL63


After the installation of the Integration Services is finished you can update your network settings using VI:

vi /etc/sysconfig/network-scripts/ifcfg-eth0

The settings should look something like this. To start typing just click i (insert mode):





HWADDR=(this is where your MAC address will be. You can check if it is the same as the MAC address assigned to the machine in Hyper-V)

IPADDR=(You will enter your static IP address here)

NETMASK=(Type your network mask here)

GATEWAY=(Your default gateway IP)

DNS1=(Primary DNS Server IP)

DNS2=(Secondary DNS Server IP)


You can save your file by clicking ESC and then entering :wq.

After you set up your IP address you have to bring the interface UP:

ifup eth0


ifconfig eth0 (IP) netmask (MASK) up

The last thing you have to do is restart networking:

service network restart

You can enter your DNS servers in the file /etc/resolv.conf. You don’t need to specify them in the ifcfg-eth0 file for your interface.

nameserver (Primary DNS server IP)

nameserver (Secondary DNS server IP)

If you need to add a special route for your network you can add it in a file named /etc/sysconfig/network-scripts/route-eth0

You can add your hostname and gateway in a file named /etc/sysconfig/network like this:


HOSTNAME=(Your hostname)

GATEWAY=(Your Gateway IP)

If you don’t need the firewall on your server you can disable it by using this commands:

service iptables save

service iptables stop

chkconfig iptables off