Friday, December 28, 2012

How to find COM+ application from process id

In my case Windows Server 2003 R2 SP2 was hosting a lot of in-house made COM+ applications. One of the COM+ applications was utilizing a lot of CPU power and Task Manager will not be of great help since it will show dllhost as process name. But, using Process Explorer will help to find the process id and service (for example I'll show how to find COM+ System Application, but the procedure can be used for any in-house made COM+ applications) :

 

The process id is : {02D4B3F1-FD88-11D1-960D-00805FC79235}. Using PowerShell we can find which COM+ application is running behind this process id :

$coma = New-Object -ComObject COMAdmin.COMAdminCatalog
$comapps = $coma.GetCollection("Applications")
$comapps.Populate()

Now $comapss has all com+ applications, and the output looks like this:

 
 
If your server is hosting a lot of COM+ like it was in my case, searching for particular process id can be done using (for example):
 
$comapps | ? { $_.key -like "*02D4B3F1-FD88-11D1-960D-00805FC79235*"}
 
I hope this procedure will help some else who is desperate to find out which COM+ application is not behaving as should.

Monday, December 3, 2012

Lync 2010 client setup failed

In my case I wanted to reinstall the Lync client 2010 from Windows 7 x86 workstation. After successfully uninstalling the Lync 2010 client from Programs and Feature, I've tried to run LyncSetup.exe again to install the client, but setup was failing with following message:
Files in Use Check Failed.
 
Rebooting the workstation didn't help the setup to continue, but running the lyncsetup.exe /uninstall first and starting the setup LyncSetup.exe again, enable to install the Lync 2010 client successfully.

Thursday, November 22, 2012

Group Policy Error Events 1085 & 8194

In my case few client XP machines were having problems with applying group policy settings. Following events were logged in Application event log from Source Userenv and Event ID 1085:

The Group Policy client-side extension Group Policy Local Users and Groups failed to execute. Please look for any errors reported earlier by that extension.
 
Earlier events related with applying group policy client side extension from Source Group Policy Local Users and Groups and Event ID 8194 were:

The client-side extension could not remove computer policy settings for 'GPO name and ID' because it failed with error code '0x8007000d The data is invalid.' See trace file for more details.
Easiest way to fix this behavior is to delete client's group policy cache. Because the client is XP, delete all folders from %ALLUSERSPROFILE%\Application Data\Microsoft\Group Policy\History and run gpupdate /force to refresh policy settings. Error events from Application log regarding event ids 1085 & 8194 should be solved.

Thursday, November 8, 2012

Extracting .key and .crt from .pfx

In order to create .crt and .key from .pfx you can use OpenSSL, which can be downloaded from http://www.openssl.org/related/binaries.html .

Syntax for extracting the private key part is :
openssl.exe pkcs12 -in "Pathtofile\file.pfx" -nocerts -nodes -out "Pathtofile\server.key"
Syntax for extracting the certificate part is :
openssl.exe pkcs12 -in "Pathtofile\file.pfx" -clcerts -nokeys -out "Pathtofile\server.crt"
 
This procedure can be usefully when creating two part certificate files from .pfx for assigning SSL certificate for Lotus Protector for Mail Security (previously known as Proventia Mail Filter) .

Tuesday, November 6, 2012

AD RMS client problems

In this article I will present (from my experience) the most common errors for ad rms client and xp for operating system with SP3.
First one that user can experience is when Microsoft Office will return the following error message:
One or more of your system components has been tampered with or is unsigned and Information Rights Management is unable to function. Contact a system administrator for more information.
 
IRMCheck.exe will report the following error:


Reinstalling the adrms client resolved the error message successfully, because there was a problem with RMS client dll.

Second type of error message with adrms client is:

Microsoft Office has detected problem with your Information Rights Management configuration. Contact your administrator for more information.
 
IRMCheck.exe will report the following error:


I tried to copy the dll from another location (where the rms client is working), but without success the user was receiving same error message. I ran sfc.exe (system file check), also without success (same error message). After repairing the OS, the problem has been solved successfully.

Monday, November 5, 2012

Install SSL certificate on Lotus Protector for Mail Security

Installing SSL certificate on Lotus Protector for Mail Security (previously known as Proventia Mail Filter) is based on copying the obtained certificate files server.crt and server.key in two new folders, for example: /etc/apache2/ssl.crt.new/server.crt and /etc/apache2/ssl.key.new/server.key.
Edit the file /etc/apache2/vhosts.d/mailsec_vhosts.conf, and find and replace the old location of the certificate files with new one.

More detailed steps are published on http://www-01.ibm.com/support/docview.wss?uid=swg21437206 .

More details on how to create .crt and .key files from .pfx check my article http://vstepic.blogspot.com/2012/11/extracting-key-and-crt-from-pfx.html .

Lotus Protector for Mail Security not responding

You may experience problems with Lotus Protector for Mail Security (previously known as Proventia Mail Filter), if you're updating the product automatically. There was corrupted update file that was preventing the Lotus Protector Mail Security from working properly.
According to IBM, the update file has been removed from circulation. There is publicly available article how to delete this update file, if Lotus Protector for Mail Security is not working as should on http://www-01.ibm.com/support/docview.wss?uid=swg21615980 .

Thursday, October 18, 2012

Delete client from WSUS by accident

If you accidentally delete client from WSUS, you can bring it back by using wuauclt. From client computer you can force registration on WSUS using:
wuauclt /resetauthorization /detectnow

After running this command accidentally deleted client from WSUS, will register again on WSUS and can be located in unassigned computers.

Monday, October 15, 2012

How to search Exchange Admin Log in Exchange 2010?

In my case there was a situation when one of the exchange admins has created a mailbox for a user. Team group leader wanted to know who was responsible for a user's mailbox creation.
Microsoft Exchange 2010 has enabled administrator audit logging entries for each cmdlet that is run in EMC or Exchange Management Shell. Searching the the log is easy using Search-AdminAuditLog cmdlet. In my case, I was searching for user mailbox creation and the syntax for it is:

Search-AdminAuditLog -StartDate 09/01/2012 -EndDate 09/09/2012 -ObjectID domain.name/Users/user.name
 
You can dump all log entries using Search-AdminAuditLog > c:\temp\adminlog.txt .

More on Adminsitrator Audit Logging on http://technet.microsoft.com/en-us/library/dd335144.aspx

Friday, October 12, 2012

Microsoft Vizija 10


 
 
Vizija 10 http://msvizija.net is one of the biggest IT events in Macedona organized by Microsoft. This year it will be held in Alexandar Palace Hotel on 24-25 October 2012.
Meet me there, I have two slots : Ask the experts boot and presentation of Windows server 2012: Direct Access & IPv6 on 25th October 2012.
 
 

 

Wednesday, October 3, 2012

Generate random alphabetic password with powershell

Following script will generate 15 alphabetic character random string using powershell :

$r = New-Object System.Random
1..15 | % { $pass += [char]$r.next(97,122) }
$pass

 

Tuesday, October 2, 2012

Windows Server 2012 Direct Access - Teredo missing

Requirement for installing Teredo is two consecutive static public IPv4 on Internet facing interface. But, even though you add two consecutive ipv4 static addresses on your Internet facing interface, if you configure Direct Access using "Getting Started Wizard", Teredo server will not be configured. You can enable it using elevated PowerShell prompt and execute Set-DAServer -Teredo Enabled, or clear (remove) the configuration created with "Getting Started Wizard" and run the "Setup Wizard".

When creating the configuration using "Setup Wizard", it will detect the two consecutive static IPv4 on Internet facing interface and automatically configure the Teredo server. "Setup Wizard" will also configure the Direct Access Client Settings GPO with installed Teredo server on your Direct Access Server.

 

Virus Buster engine for Forefront Protection retired

Microsoft has announced that is retiring one of the engines that are used in Forefront Protection. 30 of September 2012 is the last date for receiving updates for this malware engine. Forefront Security for Exchange 2010 is generating event log with event id 2109 from source GetEngineFiles:The
VBuster scan engine is no longer supported. Updates are no longer available for this engine, and therefore the update check for this engine has been disabled. Please review the scan engines chosen for your scan jobs and make another selection to ensure up-to-date protection.


It is recommended to disable this engine for updating and scanning, more on how this can be achieved on http://support.microsoft.com/kb/2758276 .

Thursday, September 20, 2012

KMS activation of Windows 8 and Windows Server 2012


Microsoft has published hotfix for Key Management Service (KMS) for Windows 7 and Windows Server 2008 R2 to allow enterprise activation of Windows 8 and Windows Server 2012. This update is publish under article id 2691586 or http://support.microsoft.com/kb/2691586/en-us .
After installation of this hotfix, and rebooting when prompted you can install new KMS host key for Windows 8 or Windows Server 2012 using slmgr :
cscript slmgr.vbs /ipk <KMS Host key>
 
and activate :
cscript slmgr.vbs /ato
 
After successful activation of KMS host key, you can activate machines with installed Windows 8 or Windows Server 2012.
 

Thursday, August 30, 2012

How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

san:dns=dns.name&dns=dns.name2&dns=dnn.name3&dns=....

For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:
san:dns=server.name&dns=aliasserver.name.

Tuesday, August 7, 2012

Quickly archive log files on daily basis

In this case server was creating log files few in a second and by the end of the day there were tons of logs in the folder, and manipulations with those files was painful. So, I decided to make a scheduled task which will archive log files older then one day, and delete them after they were added to the archive. I was using rar as archiving solution, and here is the command for the task:

"C:\Program Files\winrar\rar.exe" a -ag -df -to1d -x*.rar  destinationfolder\archivename- sourcefolder\*.*
  • a will add files to archive
  • -ag will stamp archive name with current date
  • -df will delete files after archiving
  • -to1d will process files older than 1 day
  • -x*.rar will exclude rar files in archive if any

Archive name will look like: archivename-YYYYMMddhhmmss.rar .

Wednesday, August 1, 2012

How to find disabled user accounts in AD with attributes for proxy address, phones or sip set

Here are simple ldap queries for finding user accounts using active directory user and computers, which are disabled and have following attributes set:

  • Proxy address
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(proxyAddresses=*)))

  • SIP
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(msRTCSIP-PrimaryUserAddress=*)))

  • Phone numbers
(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(|(mobile=*)(telephoneNumber=*))))

Tuesday, July 31, 2012

Event ID 27 from W32time in sytem event log

In this case XP client machine was member of domain, and its system event log was filling up with warning event id 27 :


Time Provider NtpClient: The response received from domain controller dcname.domain.name is missing the signature. The response may have been tampered with and will be ignored.
The client machine was configured manually with one of the domain controllers as ntp server, and type parameter in HKLM\SYSTEM\CurentControlSet\Services\W32Time\Parameters\Type was AllSync. After changing type into NT5DS as should be ( since client machine was member of domain ) , and restarting windows time service, there was no warning event anymore in system event log. After restarting the time service there was informational event 35 that time service is synchronizing with one of the domain controllers (and it was not the one that was added manually).

Friday, July 27, 2012

Error event 12293 in application log for Security-SPP on KMS server

In my case KMS was activated on windows server 2008 R2, with dns publishing option enabled, and server started to log event 12293 in its application log:

Publishing the Key Management Service (KMS) to DNS in the 'domain.name' domain failed.
Info:0x80072338
This server didn't register its SRV dns record. In same domain there was already another KMS server, and reason for this event and behavior was that this new kms server didn't have the permission to update already existing _VLMCS srv record. Resolution for this kind behavior was to add permission for _vlmcs dns record for the newly activated KMS server. There is also microsoft KB for this event http://support.microsoft.com/kb/2553863 .

Monday, July 16, 2012

Check disk running on every reboot

In my case server was running on Windows Server 2003, and on every reboot check disk was triggered. The reason for this kind of behaviour was that disk drive D: was marked as dirty, and chkdsk was never ending the tests on restart. You can check if the drive is marked as dirty using fsutil :

D:\>fsutil dirty query d:
Volume - d: is Dirty

Marking the drive as NOT dirty, can be done using chkdsk /r.

Email stuck in submission queue

In my case there were Exchange 2010 servers with mailbox, cas and hub roles installed with Forefront Protection for exchange 2010, and there was one email message that was stuck in submission queue and quarantined in forefront for exchange due to a realtime timeout error for archives. In order to remove this message from submission queue I have used remove-message cmdlet :

Get-Message -Filter {Fromaddress -eq "email address"} -Server name.of.server | Remove-Message


If you have stuck messages without sender, in a filter for fromaddress add "<>" .

How to delete all volume shadow copies ?

In my case server was running out of free space on system partition, and in order to free some space I wanted to delete volume shadow copies. Server was running on Windows Server 2003. One way to delete all volume shadow copies with confirmation is using vshadow.exe:

vshadow.exe -da
More on how to use vshadow.exe on http://msdn.microsoft.com/en-us/library/windows/desktop/bb530725(v=vs.85).aspx . 

Thursday, June 21, 2012

Can't add users in message delivery restrictions for distribution group on Exchange 2010

In my case there were active directory and mailbox disabled users, that were listed as allowed senders for distribution group. When tried to add new users as allowed senders for distribution group, there was error message:

Error: Couldn't find object "domain/ou/disabled user". Please make sure that it was spelled correctly or specify a different object.
Resolution for this problem is to remove disabled users as allowed senders, which can't be seen from Exchange Management Console 2010. One way to do that is to enable advanced feature in active directory users and computer console and edit the authOrig attribute from Attribute Editor. Remove all disabled accounts, refresh Exchange Management Console and you will be able to add new users as allowed senders for distribution group.

Tuesday, June 5, 2012

Enabling ipv6 on Windows Server 2003 DNS

IPv6 is not by default enabled on Windows Server 2003, installing ipv6 can be done from control panel (Network Connections -> Properties -> Install -> Protocol -> Add -> Microsoft TCP/IP version 6) . Assigning manual IPv6 address is not possible via GUI, so we'll use netsh :

netsh interface ipv6 add address [interface=]string [address=]ipv6address
for example: netsh interface ipv6 add address interface="Local Area Connection" address=2001:520:432:cafe::543

You can view ipv6 routing table using :
netsh interface ipv6 show routes
Adding gateway for this network interface can be done also with netsh, for example:
netsh interface ipv6 add route ::/0 "Local Area Connection" 2001:520:432:cafe::1

To configure DNS to listen over IPv6, install Windows Support Tools from installation cd rom from \Support\Tools\suptools.msi. Execute:
dnscmd /config /EnableIPv6 1
and restart the DNS service.

Using nslookup you can test the functionality of the DNS

Wednesday, May 30, 2012

Unable to delete printer driver from Windows 7

In my case user was running on windows 7 x86 sp1, and was complaining that he can't print because printers doesn't exists on his computer. Printers should be installed using group policy preferences, so I have started to troubleshoot the problem. Printer spooler was stopped, and that was the reason why the user doesn't see printers in control panel. Printer spooler was stopping whenever group policy for installing printers was applying. So, I wanted to delete all unnecessary printer drivers that were installed. After opening Print Management mmc there were a lot of printers drivers that were not in use, and I started to remove drivers packages that were not in use. For the most of them removing was running smoothly, but there was one that was refusing to delete complaining that :

"The specified printer driver is currently in use. Failed to remove package ..."
I have tried a lot of the suggested solutions, but none of them helped me to delete the driver package. The only way that I have succeeded to delete the driver package was to rename the print processor from registry in my case HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Print Processors\ , and then delete the driver package from print management console.
Printers defined in GPO have successfully installed, and user was able to print documents.

Tuesday, May 8, 2012

Unable to reboot remote system

In my case remote workstation was XP and a user was unable to connect using remote desktop client, after disconnecting from the same computer couple of minutes ago. I have decided to initiate reboot of the client workstation using:
shutdown /f /r /m \\computername,
but the machine was hung up, and I tried to initiate same command again but the response was :
A system shutdown is in progress.(1115)
 
After waiting few more minutes the client workstation was not rebooted.
Because there was no one around the client machine to see what's happening on the monitor, and the user desperately needed to establish remote connection to the client workstation I have decided to kill the winlogon process. Using PSKill from PSTools suite I have executed:
pskill -t \\computername winlogon

and the remote workstation was rebooted. Note that killing winlogon process is nearly the same as pulling the plug on the machine.

Thursday, April 26, 2012

Scripting Games 2012 Advanced Event 10

Advanced Event 10 :

<#
.DESCRIPTION
    This script creates csv log file for Processor counter set every 2 seconds (10 snapshots).
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/13/the-2012-scripting-games-advanced-event-10-create-a-csv-log-file.aspx
#>
param (
[string[]]$Computers=$env:computername
)
foreach ($computer in $computers)
{
    $filepath = $env:userprofile + "\Documents\" + $Computer + "_processorCounters.csv"
        Get-Counter -ListSet processor -ComputerName $Computer |
        Get-Counter -ComputerName $Computer -SampleInterval 2 -MaxSamples 10 |
        Export-Counter -path $filepath -FileFormat CSV -Force
}

Scripting Games 2012 Advanced Event 9

Advanced Event 9 :


<#
.DESCRIPTION
    This script perform inventory and export data to xml.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/12/the-2012-scripting-games-advanced-event-9-perform-an-inventory.aspx
#>

function Create-XML
{
Param ([Parameter(Mandatory=$true,
   ValueFromPipeline=$true)]$object)

@"
<ComputerInfo>
"@
    foreach ($p in $object |Get-Member -type *Property )
    {
        $Name  = $p.Name
        $Value = $Object.$Name   
@"
`t<$Name>$Value</$Name>`n
"@
     }
@"
</ComputerInfo>
"@
}

function HumanReadSize
{
    Param ([long]$Size)
if ($Size -ge 1Gb )
{
return ("{0:N2}" -f ($Size / 1Gb) + " GigaBytes")
}
elseif ($Size -ge 1Mb )
{
return ("{0:N2}" -f ($Size / 1Mb ) + " MegaBytes")
}
elseif ($Size -ge 1Kb )
{
return ("{0:N2}" -f ($Size / 1Kb ) + " KiloBytes")
}
elseif (($Size -ge 0 ) -and ($Size -lt 1Kb))
{
return ("{0:N0}" -f ($Size) + " Bytes")
}
}

$sum=0
$os= Get-WmiObject Win32_OperatingSystem
$comp = Get-WmiObject win32_ComputerSystem
$procs = Get-WmiObject win32_Processor
$nets = Get-WmiObject  win32_networkadapter -Filter "netenabled = true"
Get-WmiObject win32_physicalmemory | where {( $_.typedetail -ne 4096 )} | foreach {$sum += $_.capacity }

    $output = New-Object PSObject
    $output | Add-Member noteproperty ComputerName ($comp.Name)
    $output | Add-Member noteproperty DomainName ($comp.Domain)
    $output | Add-Member noteproperty Manufacturer ($comp.Manufacturer)
    $output | Add-Member noteproperty ComputerModel ($comp.Model)
    $output | Add-Member noteproperty NumberofProcessors ($comp.NumberOfProcessors)
    $output | Add-Member noteproperty Numberofcores ($comp.NumberOfLogicalProcessors)
$i=1
foreach ($proc in $procs)
{
   
    $output | Add-Member noteproperty "Speedofprocessors$i"  ($proc.MaxClockSpeed)
    $output | Add-Member noteproperty "ProcessorID$i" ($proc.ProcessorID)
    $i +=1   
}
$b=1
foreach ($net in $nets)
{
    $output | Add-Member noteproperty "MACAddress$b" ($net.MACAddress)
    $b += 1
}

    $output | Add-Member noteproperty Version ($os.Version)
    $output | Add-Member noteproperty Memory (HumanReadSize $sum)

$filepath = $env:userprofile + "\Documents\" + ($comp.Name) + "." + ($comp.Domain) + "." + (Get-date).tostring("yyyyMMdd") + ".xml"
$output | create-xml | Out-file $filepath

Scripting Games 2012 Advanced Event 8

Advanced Event 8 :

<#
.DESCRIPTION
    This script can enable and (or) disable wireless or ethernet adapter to prevent bridging on laptop computers.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/11/the-2012-scripting-games-advanced-event-8-enable-network-adapters.aspx
#>

function get-netadapter
{
  param ([string]$nettype= "%", $isEnabled=$null)
    if ($isenabled -eq $null)
    {
      $filter ="name like '$nettype'"
    }
    else
    {
      $filter ="name like '$nettype' and netenabled=$isenabled"
    }   
   return Get-WmiObject win32_networkadapter -Filter $filter
}

function enableadapter
{
  param ($enable=$true, $neta, $prev=$false)
    #enable adapters
    if ($enable)
    {
      if ($neta.count -gt 1)
      {
     
         foreach ($adapter in $neta)
         {
            do
            {
                $choice = Read-Host $adapter.description  " Enable Yes/No ?"
            }
            until ($choice -eq "yes" -or $choice -eq "no")
           
             If ($Choice -eq "yes")
             {
                if (!($prev))
                {
                    $adapter.enable()
                }
                else
                {
                    # for pre-vista os, even though netsh is working on post vista oss,
                    #it is fun using new method for these oss .enable() or .disable()
                    netsh interface set interface "$($adapter.netconnectionID)" ENABLED
                }
               
                return
             }   
          }
       }
       else
       {
          if (!($prev))
          {
             $neta.enable()
          }
          else
          {
                   
              netsh interface set interface "$($neta.netconnectionID)" ENABLED
           }
       }
   
    }
    #disable adpaters
    else
    {
      foreach ($adapter in $neta)
      {
     
                if (!($prev))
                {
                    $adapter.disable()
                }
                else
                {
                    netsh interface set interface "$($adapter.netconnectionID)" DISABLED
                }
      }
     }
}

    $identity  = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    $principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
   
        if (!($principal.IsInRole( [System.Security.Principal.WindowsBuiltInRole]::Administrator )))
        {
            write-host "Warning: You're not running this script using elevated shell. You will not be able to run this script without administrative permission."
            exit
   
        }
       
   $os = Get-WmiObject Win32_OperatingSystem
    if ($os.version -match "5.")
    {
        $prevista=$true
    }
    else
    {
        $prevista=$false
    }
   
    $comp = Get-WmiObject win32_ComputerSystem
    #It is a laptop   
     if ($comp.PCSystemType -eq 2)
     {
         #check for enabled wireless and ethernet adapters
         $wless=@()
         $wless = @(get-netadapter "%wireless%" $true)
         $ether=@()
         $ether = @(get-netadapter "%ethernet%" $True)
            #wireless adapters not enabled and ethernet adpaters enabled
            if ($wless.Count -eq 0 -and $ether.Count -gt 0)
            { 
                #disable ethernet adapters
                enableadapter $false $ether $prevista
                #enable wireless adapter
                enableadapter $True (get-netadapter "%wireless%" $false) $prevista
   
            }
            #wireless adapter(s) enabled and ethernet adpaters disabled
            elseif ($wless.Count -gt 0 -and $ether.Count -eq 0)
            {
               #disable wireless adapters
                enableadapter $false $wless $prevista
                #enable ethernet adapter
                enableadapter $True (get-netadapter "%ethernet%" $false) $prevista
            }
            # no ethernet or wireless enabled
            elseif ($wless.Count -eq 0 -and $ether.Count -eq 0)
            {
                do
                {
                    $choice = Read-Host "Ethernet and Wireless adapters are disabled.Enable Wireless adapter Yes/No ?"
                }
                until ($choice -eq "yes" -or $choice -eq "no")
           
                If  ($choice -eq "yes")
                {
                    Write-Host "Enabling wireless adapters ..."
                    enableadapter $True (get-netadapter "%wireless%" $false) $prevista
                }
                else
                {
                    Write-Host "Enabling ethernet adapters ..."
                    enableadapter $True (get-netadapter "%ethernet%" $false) $prevista
                }
      
            }
            # ethernet and wireless enabled
            elseif ($wless.Count -gt 0 -and $ether.Count -gt 0)
            {
                do
                {
                    $choice = Read-Host "Ethernet and Wireless adapters are enabled.Disable Wireless adapter Yes/No ?"
                }
                until ($choice -eq "yes" -or $choice -eq "no")
           
                If  ($choice -eq "yes")
                {
                    Write-Host "Disabling wireless adapters ..."
                    enableadapter $false (get-netadapter "%wireless%" $true) $prevista
                }
                else
                {
                    Write-Host "Disabling ethernet adapters ..."
                    enableadapter $false (get-netadapter "%ethernet%" $true) $prevista
                }
      
            }
        }
        else
        {
            Write-Host "This script is only for laptops !"
        }

Scripting Games 2012 Advanced Event 7

Advanced Event 7 :

<#
.DESCRIPTION
    This script reports latest events from all event logs.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/10/the-2012-scripting-games-advanced-event-7-search-windows-logs.aspx
#>
$obj=@()
Get-WinEvent -ea silentlycontinue -ListLog * -Force | where { $_.isEnabled -eq $true } `
         | foreach {
                        if (!(($_.logtype -eq "analytical") -or ($_.logtype -eq "debug")))
                        {
                          
                            $obj += (Get-WinEvent -ea silentlycontinue -LogName $_.logname -MaxEvents 1 `
                                                     | Select-Object TimeCreated,Logname,ID,Message)  
                           
                        }
                        else
                        {
                            $debevents=@()
                            $debevents = (Get-WinEvent -ea silentlycontinue -LogName $_.logname -Force -Oldest `
                                                    | Select-Object TimeCreated,Logname,ID,Message )
                            $obj += $debevents[-1]
                        }
                  
                   }
         
Write-Output $obj | Sort-Object timecreated -Descending | Fl *
               

Scripting Games 2012 Advanced Event 6

Advanced Event 6 :

<#
.DESCRIPTION
    This script reports information about multiple servers uptime.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/09/2012-scripting-games-advanced-event-6-compute-uptime-for-multiple-servers.aspx
.PARAMETER Computers
    Name of the remote computer, if omitted localhost will be used.
.EXAMPLE
    event6.ps1
    To collect information about error events from local computer, run the script without parameters.
.EXAMPLE
    event6.ps1 "computer1","computer2"
    To collect information about error events on remote computers.
#>

param (
[string[]]$Computers=$env:computername
)
[datetime]$Reptime=(Get-Date -UFormat %D).tostring() + " 08:00:00"
Foreach ($server in $computers)
{
    $os= Get-WmiObject -ea silentlycontinue Win32_OperatingSystem -ComputerName $server
    #check if $os is not null
    if (!($os -eq $null))
    {
       $reboot =$os.ConvertToDateTime($os.LastBootUpTime)
       
        $obj  = New-Object -TypeName PSObject
            if ( $Reptime -ge $reboot )
            {
                $dif = $reptime.Subtract($reboot)
                $obj | Add-Member NoteProperty Computername $server
                $obj | Add-Member NoteProperty Days $dif.days
                $obj | Add-Member NoteProperty Hours $dif.hours
                $obj | Add-Member NoteProperty Minutes $dif.minutes
                $obj | Add-Member NoteProperty Seconds $dif.seconds
                $obj | Add-Member NoteProperty Date $reboot.ToShortDateString()
       
            }
            else
            {
                $obj | Add-Member NoteProperty Computername $server
                $obj | Add-Member NoteProperty Days 0
                $obj | Add-Member NoteProperty Hours 0
                $obj | Add-Member NoteProperty Minutes 0
                $obj | Add-Member NoteProperty Seconds 0
                $obj | Add-Member NoteProperty Date $null
            }

            $filepath = $env:userprofile + "\Documents\" + $Reptime.ToString("yyyyMMdd") + "_Uptime.csv"
                If (Test-Path($filepath))
                {
                    $obj |ConvertTo-Csv -OutVariable OutData -NoTypeInformation
                    $OutData[1..($OutData.count - 1)]  | ForEach-Object {Add-Content -Value $_ -Path $filepath}
                }
                else
                {
                    $obj | Export-Csv -NoTypeInformation -Path $filepath
                }
     }  
}

Scripting Games 2012 Advanced Event 5

Advanced Event 5:

<#
.DESCRIPTION
    This script reports information about error events on local and remote computers.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/06/2012-scripting-games-advanced-event-5-list-errors.aspx
.PARAMETER Computers
    Name of the remote computer, if omitted localhost will be used.
.EXAMPLE
    event5.ps1
    To collect information about error events from local computer, run the script without parameters.
.EXAMPLE
    event5.ps1 "computer1","computer2"
    To collect information about error events on remote computers.
#>
param (
[string[]]$Computers=$env:computername
)
   
    $identity  = [System.Security.Principal.WindowsIdentity]::GetCurrent()
    $principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
if (!($principal.IsInRole( [System.Security.Principal.WindowsBuiltInRole]::Administrator )))
{
    write-host "Warning: You're not running this script using elevated shell. You will not be able to access event logs that require Administrator permission."
}
Foreach ($server in $computers)
{
    Write-Host ""
    Get-WinEvent -listlog * -ea SilentlyContinue -ComputerName $server| Where-Object { $_.IsClassicLog -eq $true } | foreach {   
           
            write-host ($server + "  " + $_.logname) -BackgroundColor darkGray
           
            Get-WinEvent -ea silentlycontinue -ComputerName $Server -FilterHashtable @{logname = $_.logname ; level=2 } | `
                                              Group-Object Providername -NoElement | `
                                              Sort-Object Count -descending
    }
   
}

Scripting Games 2012 Advanced Event 4

Advanced Event 4:


function HumanReadSize
{
    Param ([long]$Size)
if ($Size -ge 1Gb )
{
return ("{0:N2}" -f ($Size / 1Gb) + " GigaBytes")
}
elseif ($Size -ge 1Mb )
{
return ("{0:N2}" -f ($Size / 1Mb ) + " MegaBytes")
}
elseif ($Size -ge 1Kb )
{
return ("{0:N2}" -f ($Size / 1Kb ) + " KiloBytes")
}
elseif (($Size -ge 0 ) -and ($Size -lt 1Kb))
{
return ("{0:N0}" -f ($Size) + " Bytes")
}
}

function Get-FolderSize {
<#
.SYNOPSIS
    This script reports information about folder space.
.DESCRIPTION
    This script reports information about folder space.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/05/the-2012-scripting-games-advanced-event-4-determine-folder-space.aspx 
.PARAMETER Path
    Path of the root folder.
.EXAMPLE
    "c:\windows"| get-foldersize 
.EXAMPLE
    get-foldersize "c:\windows" | Sort-Object Folder
#>

[CmdletBinding()]
param([Parameter(Mandatory = $true, ValueFromPipeline = $true)][string]$path)

BEGIN {}

PROCESS {
if (!(test-path $path))
{
Write-Output "Folder does not exist"
return
}
$f=@()
    #Calculating the root folder size
     $rootItems = (Get-ChildItem $path -recurse -Force | Measure-Object -property length -sum)
     $sumroot = HumanReadSize $rootItems.sum
    
        $obj  = New-Object -TypeName PSObject
        $obj | Add-Member -MemberType NoteProperty -Name Folder -Value $path
        $obj | Add-Member -MemberType NoteProperty -Name "Size of Folder" -value $sumroot
        $f +=$obj
    #Calculating the root subfolders size
$colItems = (Get-ChildItem $path -recurse | Where-Object {$_.PSIsContainer -eq $True} )
foreach ($i in $colItems)
    {
        $subFolItems = (Get-ChildItem $i.FullName -recurse -Force | Measure-Object -property length -sum)
        $sumsubfol = HumanReadSize $subFolItems.sum
     
        $obj  = New-Object -TypeName PSObject
        $obj | Add-Member -MemberType NoteProperty -Name Folder -Value $i.FullName
        $obj | Add-Member -MemberType NoteProperty -Name "Size of Folder" -value $sumsubfol
        $f +=$obj
    }
   
           Write-Output $f
}
END {}
}

Scripting Games 2012 Advanced Event 3

Advanced Event 3:

<#
.DESCRIPTION
    This script create log information that updates information about OS,User ...
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/04/2012-scripting-games-advanced-event-3-create-a-log-that-updates.aspx  
#>
$os= Get-WmiObject Win32_OperatingSystem
$comp = Get-WmiObject win32_ComputerSystem
$net = Get-WmiObject Win32_NetworkLoginProfile | sort -descending LastLogon | select * -first 1
$prn = Get-WmiObject win32_printer -Filter "Default=True"
$mappeddrives=Get-WmiObject win32_logicaldisk -filter "DriveType=4" | `
              Select-Object @{Name="Drive Letter";Expression={$_.DeviceID}}, `
                            @{Name="Resource Path";Expression= {$_.ProviderName}}
$output = New-Object PSObject
$output | Add-Member noteproperty LastReboot ($os.ConvertToDateTime($os.LastBootUpTime))
$output | Add-Member noteproperty ComputerName (($comp.DNSHostname) + "." + ($comp.Domain))
$output | Add-Member noteproperty Username ($comp.Username)
$output | Add-Member noteproperty OperatingSystemVersion ($os.Version)
$output | Add-Member noteproperty CurrentLog ($os.ConvertToDateTime($net.LastLogon))
$output | Add-Member noteproperty OperatingSystemServicePack ([string]($os.ServicePackMajorVersion) + "." + `
                                                              [string]($os.ServicePackMinorVersion))
$output | Add-Member noteproperty DefaultPrinter ($prn.Name)
$output | Add-Member noteproperty Drive $mappeddrives
$output | Add-Member noteproperty TypeofBoot ($comp.bootupstate)

$output| Out-File -append ($os.Systemdrive + "\logonlog\logonstatus.txt")

Scripting Games 2012 Advanced Event 2

Advanced Event 2:

<#
.DESCRIPTION
    This script reports information about remote and local services.
.LINK
    http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/03/2012-scripting-games-advanced-event-2-find-information-about-remote-and-local-services.aspx 
.PARAMETER Computername
    Name of the remote computer, if omitted localhost will be used.
.PARAMETER User
    User account in form of "domain\user" with administrative permissions.
.EXAMPLE
    event2.ps1
    To collect information about local services from local computer, run the script without parameters.
.EXAMPLE
    event2.ps1 computer1 domain1\administrator
    To collect information about services running on remote computer, run the script with remote comuter name ex.Computer1 and username with administrative credential
#>
##
# Start of Script
##
param (
[string]$Computername=$env:computername,
[string]$User
)
try
{
    If (($Computername -match $env:computername) -or ($Computername -match "localhost"))
{
        Get-WmiObject -ErrorAction Stop win32_service -ComputerName $Computername | Select-Object __Server,name,Startmode,State,Startname | Export-Csv myservicestatus.csv -NoTypeInformation
}
    else
{
       
        Get-WmiObject -ErrorAction Stop win32_service -ComputerName $Computername -Credential $user | Select-Object __Server,name,Startmode,State,Startname | Export-Csv myservicestatus.csv -NoTypeInformation
}
}
catch [Exception]
{
  if ($Error[0].Exception.Message -match "Access denied.")
    {
        Write-host "Current windows credential do not allow for access to WMI on $computername. Please run with administrative credentials." 
 
    }
}

Scripting Games 2012 Advanced Event 1

Scripting Games 2012 are almost over, only waiting for judges to grade submitted scripts. I'll publish all of mine scripts for advanced events. Here is my script for advanced event 1:

http://blogs.technet.com/b/heyscriptingguy/archive/2012/04/02/the-2012-scripting-games-advanced-event-1-review-a-coworker-s-script.aspx

for ($i = 1 ; $i -le 10 ; $i++)

{
start-sleep 1
$notepad = Get-Process notepad -erroraction silentlycontinue
$notepad
}

Tuesday, April 10, 2012

The processing of Group Policy failed. Event ID 1096

In my case there was a machine with bad sectors on hard disk and group policy settings were failing to apply. In System Event Log there was error event id 1096 :

The processing of Group Policy failed. Windows could not apply the registry-based policy settings for the Group Policy object LocalGPO. Group Policy settings will not be resolved until this event is resolved. View the event details for more information on the file name and path that caused the failure.
After imaging the hard disk with new one (bad sector free), group policy settings were still failing to apply. Since this machine had bad sectors, there was a problem with local policy file. So, after renaming registry.pol into registry.bak from c:\Windows\System32\GroupPolicy\Machine, and refreshing the policy with gpupdate /force, group policy settings started to apply and error event 1096 was history from System event log.

Monday, April 9, 2012

2012 Scripting Games


If you missed the first week, there is one more week left for submitting scripts. Join the fun !

2012 Scripting Games

Monday, March 26, 2012

Tcpsvcs.exe process memory usage continuously growing

In my case Wndows Server 2003 DC with dhcp server and DNS dynamic update enabled, tcpsvcs.exe process memory usage was continuously growing. Here are the counters for handle count and private bytes for tcpsvsc.exe, after reboot of the server:


After 30+ days, tcpsvcs.exe has occupied around 500MB:


After applying microsoft hotfix for this issue kb 939928 http://support.microsoft.com/kb/939928/en-us , tcpsvcs.exe memory leak was fixed. After 30+ days, tcpsvcs.exe process has occupied only ~ 13MB :

Tuesday, March 20, 2012

How to debug IIS 7.5 application pool (w3wp.exe) crashes

In my case IIS 7.5 was hosting a faulty application (framework 4) that was causing it's application pool to crash. Developers were unable to find out what was causing the application pool to crash. Two error event messages were logged, one in application and one in system log.

Application Log error event with event id 1000 from source Application Error :
Faulting application name: w3wp.exe, version: 7.5.7601.17514, time stamp: 0x4ce7afa2
Faulting module name: oci.dll, version: 11.2.0.1, time stamp: 0x4bb1da76
Exception code: 0xc00000fd
Fault offset: 0x000000000006f837
Faulting process id: 0x11a4
Faulting application start time: 0x01cd02af9bce5a0e
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: c:\<oracle client installation path>\oci.dll
Report Id: d8925b5a-6ea9-11e1-906a-00215e63edd4

System Log warning event with event id 5011 from source WAS:
A process serving application pool 'name of the application pool' suffered a fatal communication error with the Windows Process Activation Service. The process id was '4084'. The data field contains the error number.

After the error event 1000 in application log there is information event containing minidump files for debugging from source Windows error reporting:

Fault bucket , type 0
Event Name: APPCRASH
Response: Not available
Cab Id: 0
Problem signature:
P1: w3wp.exe
P2: 7.5.7601.17514
P3: 4ce7afa2
P4: oci.dll
P5: 11.2.0.1
P6: 4bb1da76
P7: c00000fd
P8: 000000000006f837
P9:
P10:

Attached files:

These files may be available here:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_w3wp.exe_....

To debug with wndbg x64 download and install windows sdk from http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=8442

After installing windbg, open the crash dump file. First, you can setup symbol path files (local and internet):

.sympath SRV*C:\localsymbols*http://msdl.microsoft.com/download/symbols

Load SOS debugging extension

.loadby sos clr
----------------------------------------------------------------------------
The user dump currently examined is a minidump. Consequently, only a subset
of sos.dll functionality will be available. If needed, attaching to the live
process or debugging a full dump will allow access to sos.dll's full feature
set.
To create a full user dump use the command: .dump /ma <filename>
----------------------------------------------------------------------------


Few commands are available when debugging minidump. CLRstack and PrintException are available for executing. After running !CLRstack in windbg there were couple of functions that were executing in loop. Two of them were :
System.Net.Mail.SmtpConnection.GetConnection(System.Net.ServicePoint)
System.Net.Mail.SmtpClient.Send(System.Net.Mail.MailMessage)

From the event log, faulting module is oci.dll, suggesting that application is trying to run something using installed oracle client. To get clearer picture what has happened I have run !PrintException -nested. There were multiple nested exceptions from function to send email when something is wrong with application :

Exception type:   System.Net.Mail.SmtpException
Message:          Failure sending mail.
InnerException:   System.Net.WebException

and, one exception that triggered send email function :
Exception object: 00000001c0925e70
Exception type:   <Unknown>
Message:          could not insert : [....][SQL: INSERT INTO ...]InnerException:  System.Data.OracleClient.OracleException, Use !PrintException 00000001c0923aa0 to see more

After running !PrintException 00000001c0923aa0 :

Exception object: 00000001c0923aa0
Exception type:   System.Data.OracleClient.OracleException
Message:          ORA-00001: unique constraint (....) violated

So, application pool crashing was caused by badly written recursion function to send notification email message to the developer when something was wrong with IIS application. SQL statement Insert Into using oracle client has failed, and called send email function to notify developer, but email server was unreachable. Email sending function has entered into endless loop causing IIS application to crash.

Thursday, March 15, 2012

Error Event ID 11852 SMSClient

In my case XP client with installed Forefront Endpoint Protection 2010 client and SCCM 2007 client was notified that is not reporting to the configured FEP 2010 server. In the client's application event log there were error events with event id 11852 from smsclient source:

Failed to evaluate baseline content
1. Error executing discovery transform. The SDM model may be bad. Exception :System.Xml.Xsl.XslTransformException: An error occurred during a call to extension function 'query'. See InnerException for a complete description of the error. ---> System.TypeInitializationException: The type initializer for 'System.Management.MTAHelper' threw an exception. ---> System.Runtime.InteropServices.COMException (0x80131701): Retrieving the COM class factory for component with CLSID {A8F03BE3-EDB7-4972-821F-AF6F8EA34884} failed due to the following error: 80131701.
Also, in the client's system event log there were error events with event id 59,58 from SideBySide source:
Generate Activation Context failed for C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll. Reference error message: The operation completed successfully.
and

Syntax error in manifest or policy file "C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll" on line 0.

XP client had already installed framework 3.5 sp1. After repairing framework installation, fep 2010 client (SCCM) started reporting to fep2010 (SCCM) server and error events in event logs were gone.

Friday, March 9, 2012

Installing Windows Server 2008 R2 on HP DL 360 G4

Installing Windows Server 2008 R2 on HP DL 360 G4p is not supported, but Windows 2008 Server x64 is on the list of supported operating systems, so using the information in this post is at your own risk. If you try to install the OS using SmartStart, Windows Server 2008 R2 will not be on the list of operating systems that can be installed, but this does not prevent you to install Windows Server 2008 R2 from installation CD of this operating system and after successful OS installation to install latest PSP (Proliant Support Pack). But, if you try to install PSP there will be critical message: iLO Management Controller Driver is missing.

Installation for “HP Insight Management Agents for Windows Server 2003/2008 x64 Editions” requires one or more of the following that is not currently installed or in the install set:
- HP ProLiant Advanced System Management Controller Driver for Windows
- HP ProLiant iLO Advanced and Enhanced System Management Controller Driver for Windows
- HP ProLiant iLO 2 Management Controller Driver for Windows
- HP ProLiant iLO 3 Management Controller Driver for Windows
- HP ProLiant 100-Series Management Controller Driver for Windows

You can download HP ProLiant ILO Advanced controller driver for Windows Server 2008 x64 editions and run the setup using compatibility mode (Windows Server 2008 Service Pack 1). After installing iLO Management Controller Driver successfully and SNMP feature, you will be able to install latest PSP without errors.

Tuesday, March 6, 2012

Userenv Event ID 1053 "Windows cannot determine the user or computer name"

In my case system was running on Windows Server 2003 R2 with latest patches installed. Network interfaces ware teamed with default settings using hp network utility. The machine was member of domain and following event was logged in application event log :

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date:  3/5/2012
Time:  5:20:09 PM
User:  NT AUTHORITY\SYSTEM
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Network interface settings for DNS were correct and servers reachable. Server was connected on two manageable cisco switches. After enabling portfast on both interfaces, problem was resolved and error event disappeared.

Friday, March 2, 2012

The task sequence execution engine failed execution of a task sequence (Message ID 11141, 11170,11141)

In my case I was unable to deploy operating system (Windows 7) using SCCM 2007 OSD on machine (A) and following error events were logged :

The task sequence execution engine failed executing the action (Apply Operating System) in the group (Install Operating System) with the error code 2148077575
The task sequence execution engine failed execution of a task sequence. The operating system reported error 2148077575: The hash value is not correct.
The task sequence manager could not successfully complete execution of the task sequence. A failure exit code of 16389 was returned. The operating system reported error 2148077575: The hash value is not correct.
After refreshing package's distribution point, operating system was still failing to install with same errors logged. Since there were no changes on SCCM, since last successful deployment of the same Windows 7 image, I tried to install the same image on other box. Windows 7 was successfully deployed using same task sequence on machine (B). So, there was some problem with hardware on that machine (A). I've checked BIOS time settings and it was current. I've upgraded BIOS to latest version, and still no luck with OSD. Machine (A) had 2 memory modules (1GB each). After removing one memory module from slot, and leaving the machine with 1GB, task sequence completed successfully and Windows 7 was deployed. So, the problem with SCMM 2007 task sequenced OS deployment, was with faulty memory module on client machine (A).

Monday, February 20, 2012

How to turn off IPv6 router discovery?

My recommendation for servers and workstations that do not need "Stateless Autoconfiguration" is to turn off Router Discovery. You can turn of Router Discovery using netsh. For example, if you want to turn off Router Discovery on Local Area Connection you can type in the following statement from elevated command prompt:
netsh int ipv6 set int "Local Area Connection" routerdiscovery=disabled
To check other interface parameters including Router Discovery type in:
netsh int ipv6 show int "Local Area Connection"
And you'll have to receive something like this:




Monday, February 13, 2012

Upgrade Kemp VLM (hyper v) firmware from 5.1.74 to 6.0.28

If you try to upgrade Hyper-V hosted Kemp nlb vm from firmware version 5.1.74 to 6.0.28, you may experience system hung during reboot :


In order to fix this you'll have to offer Hyper V integration services to the nlb vm, since default hyper v configuration for the VLM with firmware 5 none of the integration services were offered to the VLM. In my case after offering all of the integration services, problem was successfully closed.

Friday, February 3, 2012

The 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine

In my case the server hosting the web application was IIS 7.5, and this application was trying to collect some data from excel spreadsheet, but there was an exception message:
The 'Microsoft.Jet.OLEDB.4.0' provider is not registered on the local machine.
In order to fix this error I have opened advanced setting of the IIS application pool of affected web application and changed the property of "Enable 32-bit Applications" to True.


 After changing this property, problem has been successfully solved.

Wednesday, February 1, 2012

Restart is required for installation of Forefront Endpoint Protection 2010 to continue

You may experience following error messages when you try to install Microsoft Forefront Endpoint Protection 2010 :



After rebooting the server, installation of FEP 2010 will not continue and will request from you to reboot the server again in endless loop. You can avoid this behavior by first copying the content of the PendingFileRenameOperations key from HKLM\SYSTEM\CurrentControlSet\Control\Session Manager and then remove the content of the suggested PendingFileRenameOperations key. Save the key, and restart the setup of the FEP 2010, it should continue with installation.

EMC Networker backup client failed to backup data on server installed with Microsoft Forefront Endpoint Protection 2010

You may experience following error when you try to backup server with EMC Networker and installed Microsoft Forefront Endpoint Protection 2010 :

ERROR: VSS failed to initialize for directives, error=0x80042308: The specified object does not exist.
The reason for this error is that Forefront VSS writer is missing some of the VSS components that Networker queries before starting backup. Solution for this behavior is to disable FEP 2010 VSS writer. This can be done by commenting FepWriterManager part in AgentComponents.xml used by FEP 2010. More on how this can be accomplished on http://support.microsoft.com/kb/2570654/en-us .

Friday, January 27, 2012

SCCM server with SQL db installed was unable to register service principal name (spn)

In my case SCCM server with SQL server 2005 service running under local system (not recommended from SQL Server best practice) was unable to register it's spn in AD. Also, there is event for this behaviour in application log ID 26037 and source MSSQLSERVER :

The SQL Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. Error: 0x2098, state: 15. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies.

The reason for this behavior is that someone (or somehow) has removed permission from the computer account where SCCM and SQL were installed to register spn :



From the properties of the computer account you can see that permissions for Validated write to service principal name is missing. After allowing (setting) the permission for Validated write to service principal name, spn for the SQL server was successfully registered in AD.

How to change multivalued properties on Exchange 2010 (SP1,SP2) ?

In my case I wanted to change (add) trusted domains (senders) of Junk mail filter settings for members of distribution group. Set-MailboxJunkEmailconfiguration is the cmdlet for adding (changing) trusted senders and domain for user's outlook safe senders list. TrustedSendersAndDomains is multivalued property and values can be added or removed using following simple syntax without overwriting already populated values:

get-DistributionGroupMember -identity "alias" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Add='emailaddress@domain.name','domain2.name', ...}

get-DistributionGroupMember -identity "alias" | Set-MailboxJunkEmailConfiguration -TrustedSendersAndDomains @{Remove='emailaddress@domain.name','domain2.name',....}

This syntax can be used for changing any multivalued properties not just TrustedSendersAndDomains property.

Friday, January 20, 2012

How to allow access to certificate private key on IIS 7.5 application ?

In older days of IIS typically access to the private key of the certificate for web application was granted using winhttpcertcfg. But, for IIS 7.5 permission for accessing certificate private key can be granted using mmc console :


Clicking on Manage Private Keys will open standard security dialog where permission can be delegated to iis application pool identity (IIS apppool\"app pool name").

File is locked for editing by 'another user'

In my case, end user was unable to edit excel file located on network share :


In searching for 'another user', I confirmed that no other user was having this document opened and antivirus real time scanners were disabled on both local and server machines. There is Microsoft KB http://support.microsoft.com/kb/814112 suggesting to avoid setting full control on share and ntfs permission. Unfortunately, the suggested KB didn't change the behavior that the file is locked for editing.
In quest for 'another user' I've ended up that sharing violation was causing Windows Explorer trying to collect file info like size,author,date etc ... So, after turning off :
  • Details Pane (Organize -> Layout -> Details Pane)
  • "Show pop-up description for folder and desktop items" (Tools -> Folder Options -> View tab)
  • Preview Pane (Organize -> Layout -> Preview Pane)
the end user was able to open the document for editing.