Ricky in Melbourne - Enjoy Learning

Fix Windows Phone 8.1 Project My Screen USB connection issue

I’m so excited on Microsoft Windows Phone 8.1 release, which added so many user expecting features.

One of them is now everybody can project my phone screen to the computer or any Miracast supported devices (need phone hardware support)

Unfortunately My Nokia Lumia 920 doesn’t support Miracast, so the only game I can play is the USB project my screen feature

Microsoft just released the Project My Screen App on Windows platform, which currently is only a legacy Windows software, not a Windows Store app, hopefully they will add a Windows Store app later on.

Anyway, back to my problem

Once I installed the Windows client, plug in my phone, go to settings->project my screen, and nothing shown up there, the phone is keep searching for ages


I tried to restart the phone and reboot my computer, still the same

After some digging, I found the way to fix it, which is your Windows driver related issue

Let’s get started

Plug your phone

Navigate to device manger by Start->Run->devmgmt.msc

Located the “Universal Serial Bus devices”


Uninstall all of them,


Then unplug your phone and plug back in again, Windows will re-install the phone driver automatically

Now try project your phone again



Tips on the “Project My Screen App”

Full screen by default, if you don’t like full screen, hit ESC

ESC Quit to windowed mode
B Toggle background image on or off
E Toggle expanded screen mode
F or Alt-Enter Toggle full screen mode
R Display current frame rate
Left arrow key Force device orientation to landscape left
Right arrow key Force device orientation to landscape right
Up/Down arrow key Force device orientation to portrait up
Spacebar Reset device orientation (automatically follows phone)


By Ricky Gao (高俊) on April 21, 2014 | Tech, Windows Phone | A comment?

Troubleshooting PKIView error

Last time, I had revoked the previews sub ordinated enterprise CA due to DC migration in my lab

But after a few days, I noticed some errors shown up in pkiview.msc as below


This is due to the clean up process I followed didn’t clean up the old sub CA server hyperv1

The issue cost me a few times to figure it out

The first thing I checked was my CDP and AIA configuration in my root CA server, I suspected the hyperv1 was still configured there

Switch to my offline root CA server


All looks right, only new sub CA server called "dc" left, no hyperv1 at all

Then Google told me this might be the CA exchange certificate not expired yet, which is usually a week to expired

But after a whole month waiting, I still got the same result, and I even tried to force re-publish a new CA exchange certificate followed by the command "certutil -cainfo xchg"

It looks like I couldn’t force a CA exchange certificate on my new sub CA server


The permission on the certificate template do not allow the current user to enroll for this type of certificate. 0×80094012 (-2146877422 CERTSRV_E_TEMPLATE_DENIED)

Requested by the new CA server "RickyGao\DC$", which is for a CA exchange certificate

I know the CA exchange certificate was issued by the certificate template called "CA Exchange", so let’s fix this first


As I can see the "Enroll" permission for "Authenticated Users" was lost for some reason. and after I tick this box and hit apply, I can now force a new CA exchange certificate


Let’s check the pkiview again, unfortunately, pkiview still shown the same error. anyway, at least I fixed some other potential issue

After check the old sub CA certificate details


I can see looks like the AIA information came with the sub CA certificate when the certificate had been generated

So to fix this I think I need to revoke the new sub CA certificate and re-generate a new one (I know I did this when last time, but I fixed the CA exchange error, which maybe the root cause of the whole issue)

After I re-issued a new sub CA certificate, cleaned it up (followed by here), make sure the new AIA container and CDP container is the new sub CA certificate


Finally, I got everything fixed up, the old sub CA was version 0.5, new is 1.1, which means I start using the new sub CA and pkiview shows good as well

If you want to learn more with pkiview, a really good post on TechNet blog can help you.




By Ricky Gao (高俊) on April 9, 2014 | PKI, Tech | A comment?

How to reset enforced EAS security policies in Windows 8

BYOD (Bring Your Own Device) is becoming more and more popular these years, and that’s why MDM (Mobile Device Management) comes into consideration in lots of enterprise environment.

Email is always the most security concern in an enterprise environment.

So basically If out of your company network, you have 3 ways to get the company email

1. Outlook Web Access

This is what people called OWA, a web page based company email portal

2. Outlook Anywhere

This is the traditional protocol which outlook client is using, HTTPS and need SSL certificate

3. Exchange ActiveSync (EAS)

This is the light version email protocol used for portable devices

For some reason, most of time is security concern, some company blocked the first and second way, only left the last way for BYOD devices

So in this case, we will need to configure our phone/tablet email client for EAS access

The thing is once the company allows you to get email from BYOD devices, another security concern may raisin.

Luckily Microsoft added some security policy from exchange server 2007, a basic one is to enforce a password policy on the portable devices


I’ve been using Windows 8.1 tablet for a while, and really enjoying it so far

As a tablet, getting the company email is one of the important feature most people needed.

It is not that necessary to install outlook client on my Windows 8.1 tablet, although the X86 Full version tablet can do it, but the outlook client is not great with fat finger at the moment.

Windows 8 comes with Windows Store and lots of other native metro finger friendly app, one of them is the mail app, which is just a light version of outlook


The Mail App support EAS as well, like other portable devices, once you configure your company EAS email settings, you will be prompt to enforce some security policies


Once you accept it, you will start getting the company emails

But as a home computer, getting a password prompt is really annoying sometimes, so maybe one day you don’t like this password, or even don’t want get company email anymore

You may think about that just remove the email account and the password policy will go away

Unfortunately, that’s not the case for Windows 8.1 tablet, when you remove the company email account, the password policy is still there. From MDM(Mobile Device Management) prospective, this is not a fully enterprise wipe(remove all the enterprise information and settings and only left personal data)


Luckily, Microsoft allow us to reset the password policy manually which you cannot find in the metro system settings interface but only available in the traditional control panel->User Account->Reset Security Policies





I think Microsoft will definitely add more enterprise management functionalities to Windows 8.1 in future, hopefully we can see some improvement from MDM propective