Monthly Archives: October 2014

Which should I use PCL or PS driver?

First I’ll give my own answer

You should go with PCL 6. Here’s why: You don’t need PostScript. If you did need it you would know it and you wouldn’t be asking this question. PostScript is more problematic than is PCL, so if you don’t need it it’s better avoided. It’s more problematic in these ways and more: harder to find drivers (for a Win ME computer for example), more resource hungry (both on the printer, the workstation, and the network), HP’s PostScript drivers are going to be much buggier than their PCL drivers, the quality of HP’s PostScript emulation (that is, a third-party clone of Adobe’s PostScript program) is highly questionable whereas the PCL is an HP product and therefore a better risk, PostScript tends to throw obscure errors when printing and requires obscure expertise to troubleshoot (very frustrating)-PCL does this less, PostScript tends to run the printer out of memory easier, PostScript drivers offer lots of obscure settings that are useful only to industry pros (like color separations, e.g.) and will only confuse normal people and give them more ways to cause themselves problems, and on difficult prints PostScript will often be slower. All that off the top of my head.

PCL6 is a powerful page description language and will do anything you ever need to do. Quality is not an issue, PCL works fine and can print the same vector graphics and vector fonts as can PostScript. Photos and other bit mapped graphics are outside the realm of PostScript’s power and thus the two languages will print them the same, except that PostScript will render the photo in text and blow up its binary size, thus taking longer to download it to the printer (it has to do this because PostScript is a language of text, there is nothing binary there. Everything is rendered into text characters).

PostScript offers many advantages, but mostly to printing industry pros. An example is that if you want to print something on a super-high resolution image setter at some local high end printing shop they will likely accept the file only in Adobe Photoshop or PostScript formats, thus if you are using the PostScript driver you have a way to make such a file. However, PDF format can be used now in many situations where PostScript was formerly required. PostScript drivers do tend to offer more features than the PCL driver and some may be useful to you (like Booklet printing e.g.) but at this late date and age it’s more likely that the PCL driver offers everything you would ever need, and the PostScript driver may not offer much at all extra that you could use.

SQL User account not found

When mounting a SQL database as the default user and get an error user not found, use the following accounts:

Service/Database Accounts –

NT SERVICE\MSSQLSERVER
NT SERVICE\SQLSERVERAGENT

Error during a paging operation on HyperV guest OS

I started getting this error on the Guest OS.
* Source: Disk
* Event Log: System
* Type: Warning Event
* Event ID: 51
* An error was detected on device \Device\Harddisk0\DR0 during a paging operation.

The HyperV host does not show any errors in any event logs.

Windows guest operating systems that are using virtual disks on non-local datastores might experience unexpected blue screens.

This problem occurs when the responses from the storage array take longer than the guest operating system expects to wait. The default disk timeout period in Windows is too short to handle the longer delays that can occur in a SAN, NFS, or iSCSI environment, and a blue screen error is the result of exceeding this timeout.

Increase the disk timeout to 60 seconds in the Windows virtual machines by editing the Windows registry as described below:

1. In the registry, go to HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Disk.
2. Click Edit/Add value.
3. Set the value name to TimeOutValue.
4. Set the data type to REG_DWORD.
5. Set the data to 0x03c hex (or 60 decimal).
6. Reboot the virtual machine.

Note:

* Contact your Storage vendor to confirm whether a specific TimeOutValue setting has been identified for your particular environment.
* Increasing this disk timeout setting does not affect the performance of the guest operating system or virtual machine under normal operating conditions, but you must verify how the applications you are running in the guest operating system handle disk access delays.

Adobe Reader XI – An internal error occurred

adobe_reader_an_internal_error_occurred

I installed Adobe Reader XI on our Windows Server 2012 R2 RDS servers, and we start to get this error when we started Adobe Reader.

After some time on Google i found out that disabling Adobe Reader XI sandbox protection mode fixed the error.

go to the registry and find this key:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\11.0\FeatureLockDown

Create a new REG_DWORD

Value Name
bProtectedMode

Value Data
0

ASG Remote Desktop Windows 8.1 NLA issue RDP

I have found this issue may not be due to a problem with the Remote Desktop tool but an issue with windows 8.1.

This is with the Windows 8.1 release from MSDN/Technet

• Configure Network Level Authentication
1. Open Regedit.
2. In the navigation pane, locate and then click the following registry
subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
I was left with “” and tspkg
5. In the navigation pane, locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK. (This was already in my config so I didn’t change it)
8. Exit Registry Editor.
9. Restart the computer.

Once done, ASG RD worked fine for all my connections again.

SHA1 Thumbprints for trusted .rdp publishers

Remote Desktop Connection (RDC) has a Group Policy setting that determines which publishers are to be considered trusted when launching connections (typically .rdp files served in various ways).

The publisher is identified by the SHA1 thumbprint of the certificate of the publisher (the certificate used to sign the .rdp file). You get the thumbprint from the certificate:

image8

The setting is located under:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

Setting:
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Description:
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.

If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.

If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.

Notes:

You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.

This policy setting overrides the behavior of the “Allow .rdp files from valid publishers and user’s default .rdp settings” policy setting.

If the list contains a string that is not a certificate thumbprint, it is ignored.

As you can see; no mention of how the thumbprint is to be entered!

I found out the hard way that you have to remove all spaces and convert all letters to uppercase for the thumbprint to be valid. You are not informed if the format you enter is incorrect, it is just silently ignored if not recognized as a valid thumbprint.

This quick PowerShell command will do these two operations:

(“<your thumbprint here>”).ToUpper().Replace(” “,””)

If this Group Policy setting is not in effect, either because you have not set it or the thumbprint is incorrect/invalid, your users will get a warning when connecting, even if the certificate used to sign the .rdp file is trusted:

image9

Error: A website wants to run a RemoteApp program. Make sure that you trust the publisher before you connect to run the program.

It is interesting to note that the rdpsign.exe command line utility that is used to sign .rdp files manually, requires that the thumbprint of the certificate must be provided in just this way: http://technet.microsoft.com/en-us/library/cc753982(WS.10).aspx

More info:

A note on copying the thumbprint

If you look at the highlighted/selected thumbprint in the image above you will see what looks like a leading whitespace. If you select the whole string (not as above), you will get a strange leading character in your thumbprint. Have a look at this zoomed image:

image10

I do not know what character this is, but it invalidates the thumbprint string if you paste it into the SHA1 thumbprint field in your GPO. Even stranger is that it does not show up in the pasted text in the GPO object; it just “looks” right. As I said, I have no explanation, but remember to skip the leading whitespace when you copy your thumbprint.

This is how it should look:

image11