Install Remote Server Administration Tools (RSAT) on Windows 7 with Service Pack (SP1)

Remote Server Administration Tools (RSAT) for Windows 7 cannot be installed on computers that are running Windows 7 with Service Pack (SP1).  The error message is “This update is not applicable to your computer”.  This is because Service Pack 1 includes updates components for RSAT.

The resolution is to install RSAT tools before installing Service Pack 1 for Windows 7.  If SP1 is already installed, uninstall SP1, install RSAT tools, and then reinstall SP1.

According to RSAT download site, RSAT for Windows 7 with SP1 is scheduled for release in Spring 2011.

Windows Update Scanning Error Fix

If the Windows Update database and manifest corrupted, Windows Update scan can take a long time or crash.  The following may fix this problem.

1. Run the Windows Update troubleshooter
2. Run the System Update Readiness Tool
3. Run the System File Checker (sfc) from Administrator Command Prompt. “sfc /scannow”
4. Rename and recreate the SoftwareDistribution and Catroot2 folders
• Stop the Windows Update service and its related services
• net stop wuauserv
• net stop bits
• net stop cryptsvc
• If the Windows Update service can not be stopped, change its startup type to Disabled, then reboot the computer.
• Rename %windir%\SoftwareDistribution
• Rename %windir%\system32\Catroot2
• Start the Windows Update service and change its startup type to Automatic (Delayed Start).
5. Re-register all the Windows Update DLLs (stop wuauserv, bits, and cryptsvc services first)
• regsvr32 c:\windows\system32\vbscript.dll /s
  regsvr32 c:\windows\system32\mshtml.dll /s
  regsvr32 c:\windows\system32\msjava.dll /s
  regsvr32 c:\windows\system32\jscript.dll /s
  regsvr32 c:\windows\system32\msxml.dll /s
  regsvr32 c:\windows\system32\actxprxy.dll /s
  regsvr32 c:\windows\system32\shdocvw.dll /s
  regsvr32 wuapi.dll /s
  regsvr32 wuaueng1.dll /s
  regsvr32 wuaueng.dll /s
  regsvr32 wucltui.dll /s
  regsvr32 wups2.dll /s
  regsvr32 wups.dll /s
  regsvr32 wuweb.dll /s
  regsvr32 Softpub.dll /s
  regsvr32 Mssip32.dll /s
  regsvr32 Initpki.dll /s
  regsvr32 softpub.dll /s
  regsvr32 wintrust.dll /s
  regsvr32 initpki.dll /s
  regsvr32 dssenh.dll /s
  regsvr32 rsaenh.dll /s
  regsvr32 gpkcsp.dll /s
  regsvr32 sccbase.dll /s
  regsvr32 slbcsp.dll /s
  regsvr32 cryptdlg.dll /s
  regsvr32 Urlmon.dll /s
  regsvr32 Shdocvw.dll /s
  regsvr32 Msjava.dll /s
  regsvr32 Actxprxy.dll /s
  regsvr32 Oleaut32.dll /s
  regsvr32 Mshtml.dll /s
  regsvr32 msxml.dll /s
  regsvr32 msxml2.dll /s
  regsvr32 msxml3.dll /s
  regsvr32 Browseui.dll /s
  regsvr32 shell32.dll /s
  regsvr32 wuapi.dll /s
  regsvr32 wuaueng.dll /s
  regsvr32 wuaueng1.dll /s
  regsvr32 wucltui.dll /s
  regsvr32 wups.dll /s
  regsvr32 wuweb.dll /s
  regsvr32 jscript.dll /s
  regsvr32 atl.dll /s
  regsvr32 Mssip32.dll /s

Juniper SSL-VPN Network Connect Error 23787

When try to launch Network Connect inside Juniper SSL-VPN portal, get an error “cannot start the network connect service, please reinstall network connect, nc.windows.app.23787”.

Uninstalling or reinstalling the Juniper Network Connect works, but the error comes back after restarting the computer.

Solution: verify “Juniper Network Connect Service” service is started on the computer, and the Startup Type is Automatic.

Internet Explorer 9 Tracking Protection Feature

The RTM version of Internet Explorer 9 builds in the tracking protection feature.  This feature is disabled by default.  It can be enabled through Tools, Safety, Tracking Protection.

Once the feature is enabled, you can subscribe the third-party tracking protection lists (TPLs) through http://ie.microsoft.com/testdrive/Browser/TrackingProtectionLists/Default.html

SPF (Sender Policy Framework) Deployment

After testing the outgoing email server, I find my outgoing server is missing the SPF record.  By looking at the Sender Policy Framework site, the deployment is fairly simple if you can edit your DNS records.  The web site provides the wizard to create the SPF record.  Once the SPF record is created, just add it to your domain’s TXT record.  And rerun the outgoing email test to verify the deployment.

Test Outgoing Email Server with Some of the “Best Practices”

While searching the greylisting topic about email delivery problem, I find the “All About Spam” web site offers an outgoing email server test page.  It’s a useful tool to learn about your email server compliance; and its report also provides the information on what you can do to make your email not been blocked by the recipient email server.

All About Spam Email Server Test Page can test your outgoing email server with the following technologies/RFC compliance:

1. HELO Greeting
2. Reverse DNS
3. DNSBL (RBL)
4. SPF
5. Domain Keys
6. SPAMAssassin Content Checks
7. BATV (Bounce Address Tag Validation)
8. Greylisting
9. URIBL

Testing Process

1. Send an Email to test@allaboutspam.com
2. That email will bounce with a URL in the bounce message.
3. Either click on the URL or Copy/paste the URL in a browser.
4. You will see report on your Email Server.

Greylisting – Use Against E-mail Spam

Definition: In name, as well as operation, greylisting is related to whitelisting and blacklisting. What happen is that each time a given mailbox receives an email from an unknown contact (ip), that mail is rejected with a "try again later"-message (This happens at the SMTP layer and is transparent to the end user). This, in the short run, means that all mail gets delayed at least until the sender tries again - but this is where spam loses out! Most spam is not sent out using RFC compliant MTAs; the spamming software will not try again later.

Source: http://www.greylisting.org/

Remove the Backed Up Files After Windows 7 / Windows Server 2008 R2 SP1

dism /online /cleanup-image /spsuperseded

DNS Lookup Tool - DIG

A windows version of dig can be downloaded at http://www.isc.org/downloads.

Example commands:

• dig abc.com
• dig abc.com any
• dig abc.com ns
• dig abc.com mx
• dig abc.com any @dns-server