Category Archives: Windows

Windows 10: Can't type in Search field

After I had done some changes in Windows 10 to make it faster and less "chatty" to Microsoft (switch off Telemetry, switch off error reporting etc.) I could not use search any more. Symptoms were:

  • Can't type into Cortana search field
  • Can't type to search in Start Menu
  • Can't type to search in Win 10 App Store
  • Can't type in taskbar search
  • Can't type in Settings search

There are lots people with the same or similar issues as can be seen from a simple Internet search "win 10 taskbar search not working".

Unfortunately, from all the suggestions, nothing worked for me:

  • Re-install Cortana (keyboard search should also work without Cortana, so that did not help)
  • Kill the Cortana/Search process
  • Rebuild the search index
  • Re-install all default apps
  • Restart the "Windows Search" service
  • Run the "Search and Indexing" Troubleshooter
  • Run system file checker (SFC) to search for currupted files
  • Re-install the keyboard driver

After some hours of poking around, I found that I could right-click in the search field and paste the contents of the clipboard! And I saw the correct search results. So the index must have been fine. It looked like a keyboard issue, not a search issue.

But the keyboard worked in any application (e.g. Notepad, Excel etc.) just not in the searches. I started to suspect that it could be a Windows 10 apps issue. As I never use apps, I first had to load one (I chose "Calculator"), and - Bingo! - I could not enter any numbers via the keyboard. I could only click on the numbers, but could not type them.

I found that the keyboard did not work for any Windows 10 apps, just for the traditional desktop apps. Finally I found through some Internet searches how to solve this problem:

  1. Open Task Scheduler
  2. Go to Microsoft > Windows > TextServicesFramework
  3. On MsCtfMonitor, do a right-click and enable the task
  4. Restart your machine

That's it. All the search boxes worked again!

Windows 10: iPad in recovery mode not recognized by iTunes

I had an iPad that was bricked and i brought it into Recovery Mode to Factory Reset it:

  1. Disconnect the USB cable from your iPad, but leave the other side connected to your Mac or PC
  2. Launch iTunes
  3. Press and hold down the Home and Sleep/Power button on the top of the iPad to turn off the iPad
  4. Press and continue to hold the Home button while you reconnect the USB cable to your iPhone, this will cause the iPad to turn on
  5. Continue to hold the Home button until an alert message in iTunes informing you that an iPad in recovery mode has been detected.

The last point did not work for me. While the iPad went into recovery mode (showing the plug to connect to iTunes), iTunes did not recognize the iPad.

iTunes reconizes my un-bricked iPhone, but it does not recognize any device in recovery mode.

The problem was that the recovery mode drivers were not installed. Here is how to fix this.

  1. In Windows 10, go to Device Manager
  2. Go to View > Devices by connection
  3. Expand and search for the entry "Apple Mobile Device (Recovery Mode)"
  4. Right-click on the entry above called "USB Composite Device" and choose Update driver software...
  5. Choose Browse my computer for driver software
  6. Browse to the path "C:\Program Files\Common Files\Apple\Mobile Device Support\Drivers" and click Next
  7. This will install the Apple driver
  8. iTunes should now recognize your device in recovery mode

Internet Explorer: Favorites list is jumpy and loads very slowly

In Internet Explorer, I found that my favorites list loads slowly and when I hover over it with the mouse, the mouse pointer is hanging and jumpy.

I have redirected my favorites to a network folder, so I can have the same favorites on all my Windows machines. The problem does not occur if my favorites are kept on a local drive (but that is not a solution for me).

What helped and made the favorites list (and the favorites bar) quick and snappy again was the following:

  1. Open File Explorer (not Internet Explorer)
  2. Go to Organize > Folder and Search Options > View
  3. Un-tick Show pop-up description for folder and desktop items
  4. Click OK

That's it. Favorites are fast again.

Windows: How to generate a SAN certificate via Web enrollment

In environments where you have a Microsoft PKI Infrastructure (AD CA) setup, you can create new certificates via web enrolment:

https://ca-server/CertSrv

This is straight forward for single-name certificates. If you wish to have multiple names for a certificate (Subject Alternative Names = SAN), you need a certain syntax in the "Atrributes" field of the web page:

san:dns=corpdc1.fabrikam.com&dns=ldap.fabrikam.com

You can add as many names as you want, separated by "&"

Active Directory: Reset Expiry Date of an expired Password

Many companies have a policy that require their users to change their passwords regularly (e.g. every 90 days). In Active Directory, this is normally enforced via Group Policy.

This works well, but can be problematic if the user is out of the office while the password expires. An example: If he or she is using a mobile phone to access company emails via ActiveSync, the access will be blocked once the password has expired. ActiveSync does not support password changes, so the user has no way to get his or her mail working again.

One possible solution is to have the user call the company's service desk and have them reset his or her password to a standard one. On the ActiveSync device this new password would have to be entered and then mail flow would start again. Once back in the office, the user would have to set the password to something secret again.

While possible, this solution has some drawbacks and also some security and compliance implications.

A better solution is to have the service desk do the following:

  • Go to the user object in AD Users and Computers
  • On the "Account" tab, tick "User must change password at next logon"
  • Click "Apply"
  • Un-tick "User must change password at next logon"
  • Click "Apply"

This will un-expire the password and reset the expiry date to the full period (e.g. 90 days).

Windows: Microsoft SQL Server 2008 R2 Setup Support Files cannot be uninstalled

I recently wanted to uninstall SQL Server 2008 R2 completely after I have upgraded to SQL Server 2014. The uninstall of the

"SQL Server 2008 R2 Setup Support Files"

did not work and produced the error:

Microsoft SQL Server 2008 R2 Setup Support Files cannot be uninstalled because the following products are installed:
Microsoft SQL Server 2008 R2 RsFx Driver

Strangely, the "Add/Remove Programs" section did not list the "Microsoft SQL Server 2008 R2 RsFx Driver". To uninstall this "hidden" program, you have to use command line tools. Open a cmd box as Administrator and type the following:

WMIC PRODUCT GET Caption, IdentifyingNumber > c:\info.txt

Look in the info.txt file for the "Microsoft SQL Server 2008 R2 RsFx Driver" and copy the associated IdentifyingNumber. Then type:

msiexec /X {1BA457D4-90F2-4D83-9543-9715849023C8}

Your IdentifyingNumber can vary, of course. It is now possible to uninstall "SQL Server 2008 R2 Setup Support Files" from "Add/Remove Programs"

This trick can be used for any "hidden" program you wish to uninstall.

Windows Time service doesn't start automatically on a workgroup computer

On a workgroup computer that's running Windows 7/8.1, Windows Server 2008 R2/2012 R2, the Windows Time service stops immediately after system startup. This issue occurs even after the Startup Type is changed from Manual to Automatic. Additionally, the following event is logged in the System log:

Log Name: System
Source: Service Control Manager
Event ID: 7036
Level: Information
The Windows Time service entered the running state.

Log Name: System
Source: Service Control Manager
Event ID: 7042
Level: Information
The Windows Time service was successfully sent a stop control. The reason specified was: 0x40030011 [Operating system: Network connection (Planned)]

Log Name: System
Source: Service Control Manager
Event ID: 7036 Task Category: None
Level: Information
The Windows Time service entered the stop state.


Cause

This issue occurs because the Windows Time service is configured as the Trigger-Start service. and this has been implemented as the default setting in Windows 7 and Windows Server 2008 R2 and later operating systems.

Services and background processes have a significant effect on the performance of the system. The Trigger-Start service has been implemented in Windows 7 and Windows Service 2008 R2 in order to reduce the total number of auto-start services on the system. The goal is to improve the stability of the whole system, and this includes improving performance and reducing power consumption. Under this implementation, the Service Control Manager has been enhanced to handle starting and stopping services by using specific system events.

For more information, see Service trigger events.

Whether or not the Windows Time service starts automatically depends on whether the computer is joined to an Active Directory Domain Services (AD DS) domain environment or is configured as a workgroup computer. The Windows Time service on domain-joined computers starts when a trigger event occurs. On workgroup computers that are not joined to an AD DS domain, the startup value for the Windows Time service is Manual, and the service status is Stopped.

You can check the Trigger-Start service settings by running the following sc qtriggerinfo command:

sc qtriggerinfo w32time

Service Name: w32time

Start Service

DOMAIN JOINED STATUS : 1ce20aba-9851-4421-9430-1ddeb766e809 [DOMAIN JOINED]

Stop Service

DOMAIN JOINED STATUS : ddaf516e-58c2-4866-9574-c3b615d42ea1 [NOT DOMAIN JOINED]

Workaround

To start the Windows Time service at system startup, use any of the following methods.

Method 1

Run the following command to delete the trigger event that's registered as the default setting and to change the Startup Type setting for the Windows Time service from Manual to Automatic:

sc triggerinfo w32time delete

 

Method 2

Run the following command to define a trigger event that suits your environment. In this example, the command determines whether an IP address is given to a host, and then it starts or stops the service.

sc triggerinfo w32time start/networkon stop/networkoff

 

Method 3

Change the Startup Type of the Windows Time service from Manual to Automatic (Delayed Start).

Note If the Startup Type of the Windows Time service is set to Automatic (Delayed Start), the Windows Time service may be started by the "Time Synchronization before the Service Control Manager starts the Windows Time service" task. (This depends on the startup timing of the Windows operating system in question.)

In this situation, the service triggers an automatic stop after the success of the Time Synchronization task. Therefore, if you use Method 3, you must disable the "Time Synchronization to avoid the task to start the Windows Time service" task. To do this, follow these steps:

  1. Start the Task Scheduler.
  2. Under Task Scheduler Library / Microsoft / Windows / Time Synchronization, click Synchronize Time.
  3. Right-click, and then click Disabled on the shortcut menu.

More information

The Windows Time service on a workgroup computer is not started automatically at system startup by the Trigger-Start service. However, the Windows Time service is started by the Time Synchronization setting that's registered on the Task Scheduler Library at 01:00 a.m. every Sunday for Time Synchronization. Therefore, the default setting can be kept as is.

But if you run your workgroup computer as a time server, you must use one of the above 3 workarounds as the time service needs to be running all the time fot the time server to be contactable.

IIS 7.5: How to enable TLS 1.1 and TLS 1.2

In IIS 7.5, which is installed on Windows 2008 R2 servers, only SSL 3.0 and TLS 1.0 are enabled for HTTPS encryption by default. To enable TLS 1.1 and TLS 1.2 and disable the insecure SSL 3.0 protocol, add the following keys to the Registry of the server:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"Enabled"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:ffffffff

After a reboot, IIS should be accepting TLS 1.2 connections.

Malicious Software Removal Tool (MRT): How to disable the monthly download and run via Windows Update

The Microsoft Windows Malicious Software Removal Tool (MRT) is downloaded and run with the monthly Windows Update cycle on many Windows versions (e.g. Windows 7, 8.1, 10, Windows Server 2012 R2 and others). It always uses the same KB/Patch number:

KB890830

You can disable this in Windows Update by hiding the update, but it will be re-offered next month. To permanantly disable the offering via Windows Update, change this registry key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]
"DontOfferThroughWUAU"=dword:00000001

It's possible that the MRT folder does not exist. Just create it and then create the dword(32) entry.

Then start "Check for updates" in Windows Update. After it finishes, MRT should not be there any more.

Side note: It is still possible to run MRT manually:

Press Windows-R

Type "MRT.exe" in the Run box.