Use WMI to retreive Server Serial Numbers in table format
Posted by brendon in Uncategorized on August 11, 2011
This is old news but still handy if you need to get a list of serial numbers and model numbers:
“wmic /node:@serverlist.txt/output:serialnumbers.htm bios get
serialnumber /format:htable”
….where serverlist.txt and serialnumbers.htm is your html table output file.
You can do the following to get the model names:
“wmic /node:@serverlist.txt/output:model.htm csproduct get name
/format:htable”
Error 193 0xc1 when trying to start a service
Posted by brendon in Technology on August 8, 2011
We had this recently on our MailMarshal Array manager where the service would not start.
No errors were logged in the system or application log. The only error was a popup “Error 193 0xc1″
My friend and colleague found the following article with his google skills:
http://answers.microsoft.com/en-us/windows/forum/windows_7-hardware/error-193-0xc1-when-trying-to-start-windows-audio/77795eee-56c3-468d-b32c-be5987797dec
The article suggested that the path to the service executable in the registry was incorrect.
We checked the path in the registry
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesServiceName
The path was correct but it was not in inverted commas and the spaces were causing issues.
After putting the path into inverted commas the service started correctly. We can’t figure out why the inverted commas dissappeared but this was the workaround.
How to do a non-interactive MX lookup for scripting purposes
I have searched on how to do this many times and then end up forgetting as it is not something I use often enough.
What if you want to run an MX lookup for a list of domains and output this to a text file?
The non-interactive syntax is as follows:
nslookup -query=mx domain1.com
nslookup -query=mx domain2.com
nslookup -query=mx domain3.com
Exchange 2003 abnormal/accelerated database growth
Over the years we have had a number of occasions where databases have started growing out of control to the point where they would run the possibility of filling a drive etc.
We have always battled to determine the cause and have even logged calls with Microsoft to try and assist.
The past couple of times we have managed to solve these issues ourselves using the following processes:
Exchange UserMon
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=9A49C22E-E0C7-4B7C-ACEF-729D48AF7BC9&displaylang=en
Run this stool against the store and then sort by Bytes. Generally you will be able to see the culprit user straight away by their large margin over other users.
Wireshark
http://www.wireshark.org/
Running wireshark on the exchange server and then using the “Conversations” tool and sorting by Bytes again, often picks up the top talker. Be sure to run the traces for a couple of minutes at a time and make sure there is a trend.
Using the Wireshark method, we even traced a rogue IPad which was connecting through our front-end servers and syncing the same calendar entry repeatedly.
Another strange one we picked up was where the user’s mailbox was over the size limit and had sent a large mail. The Outlook client was looping the submission of the large mail because of the limit being hit.
One thing to take note of is that your database may continue to grow after you have fixed the problem (albeit at a lesser rate). The reason for this is that the whitespace is only re-used after the online defragmentation of your database runs during your maintenance schedule. This can lead you to believe that the problem is still happening and has led to a couple of sleepless nights on my part.
BackupPC NT_STATUS_ACCESS_DENIED
I use BackupPC for remote backup of certain windows shares to my linux box at home:
http://backuppc.sourceforge.net/
Since around Fedora 9, the installation does not work without some intervention. (This is still the case after my latest upgrade to Fedora 14)
When you attempt to run a normal smb backup after default installation and configuration, you get the following error in the logs:
tree connect failed: NT_STATUS_ACCESS_DENIED
When I first came across this, it took me ages to find a solution and the following link was very low down on the list of possible explanations:
http://www.adsm.org/lists/html/BackupPC-users/2008-11/msg00076.html
This link still fixes the issue. Basically you have to edit /etc/backuppc/config.pl so that the smbclient commands are run without the “-N” parameter which is meant to request a password (which obviously won’t work)
Simply search the file for all “-N” arguments found for the below 3 sections and restart the backuppc service and everything works.
$Conf{SmbClientFullCmd}
$Conf{SmbClientIncrCmd}
$Conf{SmbClientRestoreCmd}
I duplicated this information mainly for my own convenience but hoping it might help pop up if people miss the other posts.
Problems importing a certificate with certreq
Posted by brendon in Active Directory on March 24, 2011
Recently we were trying to get Secure LDAP working using a certificate from our internal CA.
We were following the process documented here:
How to enable LDAP over SSL with a third-party certification authority
http://support.microsoft.com/kb/321051 (This due to our CA being in a seperate domain – 3rd party)
Everything worked fine until accepting the certificate with this command:
certreq -accept certnew.cer
On this step we got the following error:
The data is invalid. 0x8007000d
If we used the certstore MMC we were able to import the cert but this meant that the Private key was not present which is required.
Eventually stumbled across this post:
http://forums.techarena.in/active-directory/753882.htm
The key to the whole problem was that when we were using the certstore website on our CA to save the certificate response, we were selecting the default export option and not “Base-64 encoded”. Once we did this, the accept command completed successfully
How to get the Column names from a SQL table in MS SQL
So I often have to pull information out of random MS SQL databases we have. I can generally come up with a SELECT statement which gets the required info, but I have been struggling with how to get the column names or table headers to put at the top of my results.
I eventually asked one of our DBA’s here and he gave me the following MS SQL statement which does this:
SP_Help “TableName”;
This outputs a whole lot of info about the table design.
It displays the column names in one column which is quickly resolved by a “Paste Special” into Excel and selecting “Transpose” which puts this in one row.
Problems with a samba mount to a Windows 2008 Server
Hi Everyone
I was struggling with this for a while. I was trying to mount a share on a windows 2008 server with the following command:
“mount –t cifs –o username=whatever,workgroup=workgroup,password=password //ipaddress/sharename /mnt/mountpoint”
This has always worked with Windows 2003 but failed on every Windows 2008 server I tried with the following event:
“mount error(112): Host is down”
I also saw the below logged in /var/log/messages:
“kernel: CIFS VFS: No response for cmd 114 mid 1″
“kernel: CIFS VFS: cifs_mount failed w/return code = -112″
After much searching and reading, I began to go through the different options for mount.cifs from the manual file. Eventually it worked by adding the “servern” function which is used to specify the netbios name of the server. I can’t understand why this should work as this is an option which was generally used for Windows 2000 and 98. Full command below:
“mount –t cifs –o username=whatever,workgroup=workgroup,password=password,servern=servername //ipaddress/sharename /mnt/mountpoint”
VMware guests blue-screen at startup
Posted by brendon in Virtualisation, Windows 2008 on July 29, 2009
During the time we were building the lab mentioned in my previous post, we ran into some issues where certain guests would bluescreen on startup and then reboot.
The blue screen said the following:
A problem has been detected and windows has been shut down to prevent damage to your computer:
WORKER_THREAD_RETURNED_AT_BAD_IRQL
Strangely this only seemed to happen on our Windows 2008 host and when I booted the same image on a Windows 2003 Vmware host, it worked fine.
No amount of searching revealed any results and eventually we were forced to ask our VMWare vendors what the issue could be.
They had an answer straight away – IBM Director on the guest machine.
Sure enough – after rebooting into safe mode and uninstalling IBM Directory (Which is for another post) the VM booted with no issues.
Hopefully this will come up in searches and save some people a few hairs from being pulled out.
Replicating your live Active Directory into a Virtual Lab Environment
Posted by brendon in Active Directory, Virtualisation on June 4, 2009
Recently we were tasked with some implementation tasks which required that we do more stringent lab testing than normal. Since our lab was out of date, and basically out of order, we decided to try and pull some replicas of servers in our live environment into a virtual environment.
This would ensure that the lab was as up to date as possible as well as giving you the added benefit of the ease of backing up or snapshotting when doing a change.
We decided to use Vmware Server and Vmware Converter for this task. This decision was made because of the ease of using Vmware Converter. I won’t go into detail on the processes of conversion but Vmware Converter allows you to create a virtual machine from a live machine without any reboots or interference. Some colleagues have actually used this tool to virtualise a production MS SQL box while it was servicing requests. Not only did the virtual work, but there was no performance impact to the server during the process.
Now onto the main reason for this post – what needs to be done once the virtual servers are running?
- Give the domain controllers static IP addresses.
- Fix DNS
- Create a reverse zone for the lab IP range and update the PTR records for the domain controllers in this zone
- Point the servers to themselves as DNS servers or DNS will not start correctly.
- Fix any stubzones for child domains in the lab.
- Create or modify a site in “Sites and Services” to include the new IP range in the lab.
- Run a cleanup for all the other domain controllers which were not virtualised.
-
This is done using ntdsutil scripted in the following fashion for each DC:
Ntdsuti; “metadata cleanup” “remove selected server DNFoundUsingAdsiEdit” quit quit
- Repeat the above line in a batch file for each Domain Controller DN found under your Configuration container in AdsiEdit.
This brings me to the biggest problem experienced:
Obviously the process of virtualising Domain Controllers results in 1 or more (Depending on how many you virtualise) being out of date from a replication point of view. You might think that this would not be a problem and the domain controller should just replicate once they are able to communicate. The problem is that the domain controllers keep a set of USN (Update Sequence Numbers) which allow them to keep track of changes on domain controllers. Each DC stores a USN for each of the other DCs in the domain. So – when a DC tries to replicate with another DC and that DC believes that the USN number for the DC is out of date, it forces the DC with the older USN to go into a USN Rollback state and basically shuts it down from partaking in replication and other functions. This is actually a good thing and is there to protect your domain from bad restores etc.
A USN rollback is evident by the following errors in your DS log:
Message 1
Event Type: Error
Event Source: NTDS Replication
Event Category: Replication
Event ID: 2095
Date:
Time:
User:
Computer:
Description: During an Active Directory replication request, the local domain controller (DC) identified a remote DC which has received replication data from the local DC using already-acknowledged USN tracking numbers. Because the remote DC believes it is has a more up-to-date Active Directory database than the local DC, the remote DC will not apply future changes to its copy of the Active Directory database or replicate them to its direct and transitive replication partners that originate from this local DC. If not resolved immediately, this scenario will result in inconsistencies in the Active Directory databases of this source DC and one or more direct and transitive replication partners. Specifically the consistency of users, computers and trust relationships, their passwords, security groups, security group memberships and other Active Directory configuration data may vary, affecting the ability to log on, find objects of interest and perform other critical operations. To determine if this misconfiguration exists, query this event ID using http://support.microsoft.com or contact your Microsoft product support. The most probable cause of this situation is the improper restore of Active Directory on the local domain controller. User Actions: If this situation occurred because of an improper or unintended restore, forcibly demote the DC. Remote DC: GUID Partition: CN=Configuration,DC=usn,DC=loc USN reported by Remote DC: 24707 USN reported by Local DC: 20485 For more information, see Help and Support Center at http://support.microsoft.com.
Message 2
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1113
Date:
Time:
User:
Computer:
Description: Inbound replication has been disabled by the user. For more information, see Help and Support Center at http://support.microsoft.com.
Message 3
Event Type: Warning
Event Source: NTDS General
Event Category: Replication
Event ID: 1115
Date: 3/10/2005
Time:
User:
Computer:
Description: Outbound replication has been disabled by the user. For more information, see Help and Support Center at http://support.microsoft.com
Message 4
Event Type: Error
Event Source: NTDS General
Event Category: Service Control
Event ID: 2103
Date: 3/10/2005
Time:
User:
Computer:
Description: The Active Directory database has been restored using an unsupported restoration procedure. Active Directory will be unable to log on users while this condition persists. As a result, the Net Logon service has paused. User Action See previous event logs for details. For more information, see Help and Support Center at http://support.microsoft.com.
So how to get around this in the lab when we know it is not a problem? Much reading and posting had me thinking that it wasn’t possible, when finally I stumbled on something which showed that if you did a restore, it would overwrite this feature and allow you to force replication to the out of date DC.
So basically what you do is to reboot the virtual DC into Directory Recovery Mode (by pressing F8 during the boot sequence) and then use NTBackup to restore an older system state backup to the server. Once you reboot, the server will again try to replicate.
You may still have another problem (Depending on the date of your backup) and this is lingering objects. The server won’t replicate as it believe it has some out of date information. Now because this is a lab, you can safely ignore this error and enable the replication of lingering objects using the following registry key on all of the domain controllers in the lab after restarting the netlogon service.
-
Locate and click the following registry key:
HKEY_LOCAL_MACHINESystemCurrentControlSetServicesNTDSParameters
- Click Add Value on the Edit menu.
-
Add the following value:
Value Name: Strict Replication Consistency
Data type: REG_DWORD
Value data: If the value is 1, change it to 0.
You may also need to re-enable inbound and outbound replication using repadmin:
repadmin /options DC_Name -disable_inbound_repl -disable_outbound_repl
Now you should see that replication starts to take place as normal – it will obviously take some time to get all changes replicated.
Hope this helps somebody – lab testing is one of the most important things!