How To Remove The Root Hints from Windows DNS

I ran into a problem while I was locking down a Windows DNS server where I would remove the root hints, but they would keep coming back. I first thought it was because of the "root hints" updates that Microsoft releases every so often. In reality, it was because the root entries were listed in the %windir%\system32\dns\cache.dns file. If you comment out those root hints with a semicolon (including the lines that start with a period (.)), then remove the root hints from your DNS server properties in the DNS Manager MMC snap-in. They should stay away. An example of the cache.dns file after it's been commented out is below.

Faulting application gpresult.exe, version 5.2.3790.3959, faulting module gpresult.exe, version 5.2.3790.3959, fault address 0x000000000001323c.

There is a problem with gpresult on 64 bit servers that can cause it to crash with the following errors.

Event Type:        Error
Event Source:    Application Error
Event Category:                (100)
Event ID:              1000
Date:                     4/11/2013
Time:                     3:01:51 PM
User:                     N/A
Computer:          SERVER
Description:
Faulting application gpresult.exe, version 5.2.3790.3959, faulting module gpresult.exe, version 5.2.3790.3959, fault address 0x000000000001323c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 67 70 72   ure  gpr
0018: 65 73 75 6c 74 2e 65 78   esult.ex
0020: 65 20 35 2e 32 2e 33 37   e 5.2.37
0028: 39 30 2e 33 39 35 39 20   90.3959 
0030: 69 6e 20 67 70 72 65 73   in gpres
0038: 75 6c 74 2e 65 78 65 20   ult.exe 
0040: 35 2e 32 2e 33 37 39 30   5.2.3790
0048: 2e 33 39 35 39 20 61 74   .3959 at
0050: 20 6f 66 66 73 65 74 20    offset 
0058: 30 30 30 30 30 30 30 30   00000000
0060: 30 30 30 31 33 32 33 63   0001323c

How to Disable Credential Caching in ADFS

If you have session problems in ADFS, you may need to disable Local Security Authority (LSA) credential caching on the AD FS server temporarily. This can affect any application that uses claims based authentication including SharePoint, CRM, Office 365, etc. To do this, you need to:

404 Error for Isolated Users in Dynamics CRM

I had an issue recently where one user was getting a 404 error when trying to log into CRM. While troubleshooting this issues I tried everything I could think of, including disabling Local Security Authority (LSA) credential caching on the ADFS server, recreating the user's Active Directory account, disabled/re-enabled her CRM account, purged her kerberos tickets, deleted her cookies, killed her ADFS sessions, rebooted servers, reset passwords, checked her security roles, etc. After trying every perceivable resolution, this is what I had to do to fix the issue.

Resolution: Errors After Installing Update Rollup for Dynamics CRM 2011

After installing an update rollup for Dynamics CRM 2011 ( I was installing UR12, but others have gotten the same error with outher URs), I started getting this error.


Log Name: Application Source: ASP.NET 4.0.30319.0 Date: 3/28/2013 8:40:04 AM Event ID: 1309 Task Category: Web Event Level: Warning Keywords: Classic User: N/A Computer: crm_server.domain.local Description: Event code: 3005 Event message: An unhandled exception has occurred. Event time: 3/28/2013 8:40:04 AM Event time (UTC): 3/28/2013 1:40:04 PM Event ID: 857c1ec3a88c43799878637451e1b3a7 Event sequence: 36389 Event occurrence: 23 Event detail code: 0 Application information: Application domain: /LM/W3SVC/1/ROOT-1-140088322863478416 Trust level: Full Application Virtual Path: / Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\ Machine name: CRM_SERVER Process information: Process ID: 3508 Process name: w3wp.exe Account name: DOMAIN\service_account Exception information: Exception type: CrmException Exception message: Attribute objecttypecode on Entity PrincipalObjectAccessReadSnapshot is of type picklist but has Child Attributes Count 0 at

Filter Security Event Logs by User in Windows 2008 & Windows 7

If you are like me, you probably miss being able to easily filter your security event logs by a specific user like we did in previous versions of Microsoft Windows. Well, it is still possible in Windows 2008 and Windows 7. You just need to use the XML filter option. When you are in the security event logs, click on "Filter Current Log..." from the actions pane. Click the XML tab of the window that opens, and check the box next to "Edit query manually".

Dynamics CRM: Authentication is Required - Timing Out and Prompting for Credentials

If you are running Dynamics CRM 4.0 and 2011 with claims based authentication, by default you get a prompt saying "Authentication is Required" after 20 minutes. If you want to extend this timeout, you need to make some changes to the relying party trust in Active Directory Federation Services (ADFS).