Wednesday, March 16, 2016

Microsoft Word Performance Issues - KB3114717

A customer contacted me mid-February complaining of significant performance issues with Microsoft Word 2013 SP1 (32bit).  When users copied and pasted text, scrolled up and down a document or changed formatting Microsoft Word continuously hung and entered a not responding state.  In addition users sometimes experienced up a 60 second delay when typing from when characters appeared on the screen.

We did significant troubleshooting on the issue including
  • Disabled Anti-Virus products
  • Full malware scan using multiple AV engines
  • Disabled all non Microsoft services and applications from System Startup
  • Disabled all Microsoft Word Add-ins
  • Disabled graphics acceleration in Microsoft Word
None of these troubleshooting steps resolved the issue.

After talking to Microsoft, it turns out that Microsoft released a bad Windows Update KB3114717.  This update was released on the 9th of February and caused numerous performance issues with Microsoft Office.  After removing this update from all workstations, it resolved the issue.

Tuesday, March 15, 2016

Searching RBL Agent Logs on Microsoft Exchange

In this blog post I will show you a quick way to search through large amounts of Real Time Blacklists logs on an Exchange Server.  This article assumes you have RBL Providers in place on an Exchange server which can be enabled as per the following article:

http://clintboessen.blogspot.com.au/2014/05/rbl-providers-and-exchange-2013.html

Once RBL listing is turned on, you will have a bunch of log files under the following directory (provided Exchange was installed to the default C:\ directory):

C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\AgentLog


We want to track down which RBL provider blocked an email from a spammer with the from address of bqmppf@apremiertravel.com but we first need to identify what log file contains the entry.  To do this open a command prompt and navigate to the FrontEnd\AgentLogs directory.

Run the following command:

find /c "bqmppf@apremiertravel.com" *.log | find ":" | find /v ": 0"

After running this command we can see that it found one entry for bqmppf@apremiertravel.com in the file AGENTLOG20160313-1.LOG.


Open the log and search for the email in question.


We can see this email was blocked by zen.spamhaus.org RBL provider.


Hope this post was helpful. 

Wednesday, March 9, 2016

Remove Run menu from Start Menu - Policy Bug

Today I stumbled across a bug with Windows 8.1 / 2012 R2 with the Group Policy setting:

User Configuration ->Policies -> Administrative Templates -> Start Menu and Taskbar-> Remove Run menu from Start Menu

I had this policy applied to a Remote Desktop Session Host through Loopback in a user session lockdown policy.

When this policy was applied, I could not access any network share on my 2012 R2 file servers and received the following error message:

Accessing the resource \\fileserver\share has been disallowed.


I could received the same error when attempting to access the file server shares through a DFS namespace.

After removing this policy setting from my RD Session Hosts, the issue was resolved.