Microsoft SQL and ”Auto Close” option

MS SQL database properties have an option called Auto Close. Microsoft describes this option:

When set to ON, the database is shut down cleanly and its resources are freed after the last user exits. The database automatically reopens when a user tries to use the database again.

This can be nice in some occasions, but it’s also quite annoying when you look at the logs on the server. There can be hundreds or thousands of lines related to opening a database, just because this setting is ON by default. In Windows Server 2012 when using ADFS services with WID (Windows Internal Database) this option should be switched to FALSE.

The change in pretty simple in all. Just open your Microsoft SQL Management Studio as Administrator and connect to:


Then open your database properties and modify the Auto Close option to False.


SQL Server best practice states that it should be switched off.

Kategoriat:ADFS, Microsoft, Server 2012, SQL Server Avainsanat: , , ,

Synchronize DSRM password with a domain account

Directory Services Restore Mode (DSRM) password is one of the most critical logins in Windows environments. With this password a user can restart a domain controller, copy or change the Active Directory database and many other actions completely anonymously. This is why this password should be protected efficiently.

The password can be change using ntdsutil.exe and the credential is server based, so you have to change the password to every server if you wish to keep the status somewhat organized.

Since Windows Server 2008 SP3 (hotfix) there has been a chance to sync this DSRM password with a Domain User account’s password. This is very useful because managing the password policy of a domain user is much more easier than DSRM password.

The sync can be implemented using ntdsutil.exe by running the tool with the following arguments where dsrmuser is the account name of the desired user:

“set dsrm password” “sync from domain account dsrmuser” q q

To further expand the possibilities you can automate the process using Task Scheduler to schedule the sync on every DC. You can also implement this scheduled task via Group Policy Preferences.

Kategoriat:Microsoft, Palvelin, Server 2012 Avainsanat: , , ,

Limiting memory allocation of Windows Internal Database

Windows Internal Database is a feature used byt Windows Server to provide database capability to features such as Sharepoint, WSUS and ADFS. It is an embedded variant of Microsoft SQL Server (Wiki). You can manage the SQL server with Management Studio or by using the command line.

Open command prompt:

osql -E -S \\.\pipe\Microsoft##WID\tsql\query

Enter the following commands:

exec sp_configure ’show advanced option’, ’1’;


exec sp_configure; go

You will get a print from the server settings. To modify the memory limit to something that makes some sense type the following commands and specify the memory amount suitable for your system. I’m using 1024MB in the example:

exec sp_configure ’max server memory’, 1024;

reconfigure with override;


To quit the console type quit.

Kategoriat:ADFS, Server 2012 Avainsanat: , , , ,

Workaround: AD Federation and Office 365 problems on Windows Server 2012

When configuring Office 365 and running Set-MsolADFSContext command on Windows Server 2012 you are most likely to receive the following type error:

Set-MsolADFSContext : The ’Microsoft.Adfs.PowerShell’ Active Directory Federation Services 2.0 snap-in for Windows PowerShell could not register on ’xxxx’ computer.  Make sure that you either specify the name of the Active Directory Federation Services 2.0 server using the -Computer parameter or that you are running the installation on the AD FS 2.0 server.

This is a result of the fact that ADFS is now builtin to Windows Server 2012 and Microsoft.ADFS.PowerShell snap-in is no longer required or registered with Windows Server 2012. Microsoft Online Services Module for Windows PowerShell is not aware that this has happened and is still searching the required Snap-In and resulting to the error when it is not found.

The problem can be circumvented with the following registry entry.

Windows Registry Editor Version 5.00

”AssemblyName”=”Microsoft.IdentityServer.PowerShell, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35”
”Description”=”This powershell snap-in contains cmdlets used to manage Microsoft Identity Server resources.”

Java suffers yet another security hole

Researchers at Security Explorations have discovered a critical flaw in Oracle Java. The recently found vulnerability is affecting all the latest versions of Java SE software. The research team verified with the PoC that Java SE version 5, 6, 7 are vulnerable.

More on the issue:

Kategoriat:Security Avainsanat: , ,

RSAT for Windows 8

Microsoft has released Remote Server Administration Tools (RSAT) for Windows 8. The package can be downloaded from Microsoft Download Center:

Supported operating systems: Windows 8, Windows 8 Pro

Remote Server Administration Tools for Windows 8 can be installed ONLY on computers that are running Windows 8. Remote Server Administration Tools cannot be installed on computers with an Advanced RISC Machine (ARM) architecture, or other system-on-chip devices.

Kategoriat:Windows 8 Avainsanat: ,

The Hotkey in Windows 8 part 2

I wanted to get back to this issue since I saw this tweet from @akipekka just few minutes after my previous post. Here’s a complete list of shortcuts in Windows 8.

Kategoriat:Windows 8 Avainsanat: , ,