Microsoft Office 2013 Activation - Error 0x800070005

I have some customers who do not volume license their Microsoft Product and need to activate their Microsoft Office products. This particular customer bought a laptop with Microsoft Office 2013 pre-loaded and purchased a separate Microsoft Office Home and Business 2013 1PC License, however when they tried to activate the license by entering in their product key they kept getting a pop-up error message;

"We're sorry, something went wrong and we can't do this for you right now. Please try again later. ( 0x80070005 )".

The error occurs because the user account does not have appropriate permissions to modify the registry[1]. Thus the activation needs to be run with Administrator privileges[2]. So I right clicked on Word and selected Run as administrator and it activated automatically.

References:

1. http://support.microsoft.com/kb/968003
2. http://techhstuff.blogspot.com.au/2014/01/office-2013-activation-pop-up-with.html

Installing and Configuring OpenVPN 2.3 on Microsoft Windows Small Business Server 2003

My previous posts (http://nkush.blogspot.com.au/2012/08/installing-openvpn-22-on-centos-63-64bit.html and http://nkush.blogspot.com.au/2011/10/installing-openvpn-22-on-centos-57.html) have been on installing OpenVPN on Linux.

This post is slightly different as it installs and configures OpenVPN on a Microsoft Windows Small Business Server (SBS). The SBS installation is also different from the previous write-ups since this configuration uses Ethernet bridging instead of tunneling.

Although SBS comes with Layer2 Tunneling Protocol (L2TP) and Point-to-point Tunelling Protocol (PPTP) for Virtual Private Network (VPN), some users may want to use an Secure Sockets Layer (SSL) based VPN such as OpenVPN. The default installation location, i.e. C:\Program Files\OpenVPN\ is used in the instructions below

Installation:

1. Before downloading and installing OpenVPN, the server needs to have IP forwarding enabled. This is trivial in *nix based systems, but requires a hack in the Windows registry. Edit the parameters and set IPEnableRouter to 1
1. HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter
2. Reboot the server to ensure the changes made above take effect
2. Download and install the OpenVPN application[1] from http://openvpn.net/index.php/open-source/downloads.html
3. Open a command prompt and change to the default installation directory
1. Start> Run> cmd
2. cd C:\Program Files\OpenVPN
4. Ensure that the path C:\Program Files\OpenVPN\bin\ is added to the system environment PATH
1. set PATH=%PATH%;C:\Program Files\OpenVPN\bin\
5. Copy the file C:\Program Files\OpenVPN\easy-rsa\vars.bat.sample to C:\Program Files\OpenVPN\easy-rsa\vars.bat
1. cd C:\Program Files\OpenVPN\easy-rsa\
2. copy vars.bat.sample vars.bat OR run the init-config.bat script
6. Edit the file (edit) and change the following
1. Since key lengths less than 2048 are not recommended[2], change the key size to be 4096
1. set KEY_SIZE=4096
2. Configure the following
1. KEY_COUNTRY
2. KEY_PROVINCE
3. KEY_CITY
4. KEY_ORG
5. KEY_EMAIL
6. KEY_CN
7. KEY_NAME
8. KEY_OU
9. PKCS11_MODULE_PATH
10. PKCS11_PIN
7. Setup environment variables by executing the vars.bat script
8. Initialise the keys directory and empty the keys database and serial number by executing clean-all.bat. WARNING: this will delete any existing keys
9. Create certificate for the certificate authority (CA), this will generate the certificate signing request, the CA certificate (ca.crt) and CA key (ca.key).
1. build-ca.bat
10. Create the Diffie Hellman files. These files are used for the key exchange to ensure the confidentiality over an insecure channel. Based on the length of the key used (KEY_SIZE) it may take a while
1. build-dh.bat
11. Create the server certificate and key and commit them
1. build-key-server.bat <SERVER-NAME>
12. Create user machine certificates and keys and commit them (one for each user/machine)
1. build-key.bat <USER-MACHINE>
2. Note: when generating individual user/machine certificate and keys ensure that the common names are unique and for maintenance reasons, its easier if you match the user/machine and the common name
13. Copy the server configuration file to the configuration directory
1. cd C:\Program Files\OpenVPN\sample-config
2. copy server.ovpn ..\config\
14. Edit the server config file. You may use the full path of the certificates and keys, or copy them into the same directory as your configuration file.
1. cd  C:\Program Files\OpenVPN\config
2. edit server.ovpn
1. port 1194
2. proto udp
3. dev tap
4. dev-node MyTap
6. ca ca.crt
7. cert <SERVER-NAME>.crt
8. key <SERVER-NAME>.key
9. dh dh<KEY_SIZE>.pem
10. ifconfig-pool-persist ipp.txt
11. server-bridge 10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100
12. push "route <LAN-NETWORK> <LAN-NETMASK>"
13. keepalive 10 120
14. comp-lzo
15. max-clients 5
16. status openvpn-status.log
17. log-append  openvpn.log
18. verb 3
19. mute 5
15. Change the TAP adapter 
1. Rename to suit the configured name above, in the case of this example "MyTap"
2. Set a static IPv4 address of 10.8.0.4 (or whatever is specified in 14.11 in the server-bridge setting
16. Start the OpenVPN service and check the logs for any errors

Routing changes:

1. You may also need to make routing changes. Depending on your router the settings may differ, but the basic requirement is to add a static route to the VPN tunnel network, i.e. 10.8.0.0/24 to the OpenVPN server.
2. If the server does not have a WAN IP address and is located behind a router performing NAT, then port forwarding rules should be implemeneted to port formward traffic on UDP port 1194 to the VPN server.

Client Configuration:

1. client
2. dev tap
3. proto udp
4. remote <SERVER-WAN> 1194
5. resolv-retry infinite
6. nobind
7. persist-key
8. persist-tun
9. ca ca.crt
10. cert <USER-MACHINE>.crt
11. key <USER-MACHINE>.key
12. comp-lzo
13. verb 3
14. route-method exe
15. route-delay 5

Note: SBS running as the Domain Controller (DC) only allows Terminal Services to run in Administration mode, i.e. only two concurrent Remote Desktop Protocol (RDP) sessions, and one local console session. It does not run in Application mode, which allows additional licenses to be installed

References:

1. http://openvpn.net/index.php/open-source/downloads.html
2. http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf

Microsoft Windows Server 2003 for Small Business Server Microsoft Exchange Mail Store unmounts

At 08:59hrs this morning I got a call from a customer who was unable to receive e-mail. Logging into their server I discovered that there were indeed messages stuck in the Local Delivery queue. I checked the Application event logs and found the following event log

Event Type: Error

Event Source: MSExchangeSA
Event Category: MAPI Session 
Event ID: 9175
Date: 8/05/2012
Time: 9:12:31 AM
User: N/A
Computer: ***DELETED***
Description:
The MAPI call 'OpenMsgStore' failed with the following error: 
The attempt to log on to the Microsoft Exchange Server computer has failed.
The MAPI provider failed.
Microsoft Exchange Server Information Store
ID no: 8004011d-0512-00000000 


For more information, click http://www.microsoft.com/contentredirect.asp.

Further investigation led to an un-mounted mail store.It was relatively easy to re-mount the store, however the support link at http://support.microsoft.com/kb/896143 leads me to think it may not be so easy all the time. After getting the service back up and running, I re-visited the logs to find that the event started at approximately 23:22hrs last night, and was preceded by the following message;


Event Type: Error
Event Source: MSExchangeSA
Event Category: Monitoring 
Event ID: 1005
Date: 7/05/2012
Time: 11:22:24 PM
User: N/A
Computer: ***DELETED***
Description:
Unexpected error <<0xc1050000 - The attempt to log on to the Microsoft Exchange Server computer has failed. The MAPI provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0512-00000000>> occurred. 


For more information, click http://www.microsoft.com/contentredirect.asp.

The support link at http://support.microsoft.com/kb/888179 did not provide much assistance in resolving the issue permanently, but I did check the allocated space and size of the mail store and the available space on disk and they were all OK.