Domain Controller keeps starting in Directory Service Restore mode


After installing the latest batch of Microsoft updates on one of my virtualized domain controllers. I needed to restart the virtual machine. Nothing interesting so far but when the virtual machine was started I logged on with the correct credentials and noticed that the virtual machine was started in

Check the safeboot parameter via bcdedit:

image

if the safeboot contains DsRepair the domain controller will start in Directory Services repair mode. I don’t know why or who changed the safeboot parameter. But I know how you can delete this value so the VM will start normally. Just run the following command to delete the DsRepair value: bcdedit /deletevalue safeboot and shutdown –r –t 10 to restart the virtual machine.

More information about Directory Services Restore mode can be found here.

How to easily read the username instead of SID on a TS/Citrix server


image

I found this little trick in my RSS feeds and I must say this is really a KISS (keep it simple stupid) solution that everybody in a TS / Citrix environment can use.

I wanted to walk through the registry of a specific terminal server user. So I logged onto that terminal server too (using my own credentials) and opened up regedit… And then it hit me (again). I need to know the SID of the user to open his part of the registry.

To prevent having to get a SID ever again I implemented the earlier mentioned trick. I launched the RES PowerFuse console, went to Powerlaunch; User Registry and added a new String Value directly under HKEY_CURRENT_USER. I named the String "Username" and entered "%username%" as the value.

In the original blog post this will be done with PowerFuse. If you don’t use PowerFuse you can set this registry setting via your logon script.

If you’re running a logon script via Kix, you can add the following line:

WriteValue("HKEY_CURRENT_USER","UserID","@Userid","REG_SZ")   

Or if you’re running a batch script, you can add the following line:

REG ADD "HKCU" /v "UserID"  /d "%Username%" /t REG_SZ /f 

When the user runs the logon script, the registry setting will be imported and you can browse through the registry without knowing the SID of al your users.

image

Source: http://resinside.blogspot.com/2009_05_01_archive.html#6904219593671371315

Event ID: 7001 VSS


image

After extending a VMDK file from a Windows file server. The following Event ID entered the Application log:

image

In the print screen above, you see a VSSVolumeGUID. You can check with the vssadmin command which volumes are active.

Open a command prompt en run the commando: vssadmin list volumes

image

As you can see in the previous print screen, the volume \\?\Volume{df695619-3a35-11de-a195-806e6f6e6963}\ doesn’t exist anymore.

So how can I remove this error? The solution is simple, open the Scheduled Tasks folder in the Control Panel and remove the ShadowCopyVolume task with the VSSVolumeGUID that doesn’t exist anymore.

image

Source: KB833779

Windows: Export and Analyze the Windows Eventlog


 

Aleks over at http://www.virtualistic.nl has posted a nice article about exporting the Windows eventlogs to a central share on the network via a scheduled job.

Since I reboot my Terminal Servers every day, I’ve made saving the eventlogs a part of my daily reboot script.

First off, download the tools DUMPEVT, LOGEVENT  and PSLOGLIST (=optional, you can also use DUMPEVT to clear the logs). These tools will help us save the logfiles, clear the logfiles and tell the eventlog what we’re doing.

My rebootscript is written in kixscript but this is up to you. (use cmd, vbscript or powershell if you know how).

A little chunk of the script looks like this (click).

The following things happen in this example:
1) A directory is created to save the logfiles (YEAR-MONTH-DAY)
2) We then use DUMPEVT to save the System, Application and the Security logs and save that to the location specified in step 1
3) PSLogList is used to clear the eventlogs we saved in step 2
4) Then we use LogEvent to log that we cleared the logs (are u still there?)
If everything went smoothly you should see this list at the fileserver location where the eventlogs have been stored.

I asked Aleks which tool he used for analyzing his evelogs.csv files. He came up with the tool Ultraedit and I must say, it works fantastic but I wanted to see if there where more options. First I wanted to analyze the logfiles with Powershell but this was too heavy for me (at the moment 😉 ). A couple of days ago I saw the tool called BareGrep.exe. This is grep (linux command) with a Windows gui. Baregrep is a single executable, so you don’t have to install anything.

After downloaden BareGrep.exe just double click to start the tool. Select the options you want to use, enter the folder/path and the final step, enter your keyword(s) and press return.

image 

After a couple of seconds, depends on how much logfiles you want to search in. You’ll see the following output in BareGrep:

image

You can open the specific file with a double click on the line.

Conclusion: you can build a central store for al the eventlogs and analyze these files with different tools. I like BareGrep for this job, because it’s free, a single file, and easy to use.

Microsoft: Download Windows Server 2008 R2 (betá)


The new beta of Windows Server 2008 R2 can be downloaded for free:

This software is for evaluation and testing purposes. Evaluating any version of Windows Server 2008 R2 Beta software does not require product activation or entering a product key. Any edition of Windows Server 2008 R2 Beta may be installed without activation and evaluated for an initial 30 days. If you need more time to evaluate Windows Server 2008 R2 Beta, the initial 30 day evaluation can be extended to August 1st (at which time the OS will become inoperable) by entering the product key below for your selected edition.
Windows Server 2008 R2 Beta Product Keys for Evaluation
Windows Server 2008 R2 Beta Enterprise (7000.0.081212-1400_server_en-us-GB1SXFRE_EN_DVD.iso)

  • TFGPQ-J9267-T3R9G-99P7B-HXG47
    Windows Server 2008 R2 Beta Standard (7000.0.081212-1400_server_en-us-GB1SXFRE_EN_DVD.iso)
  • 2T88R-MBH2C-M7V97-9HVDW-VXTGF
    Windows Server 2008 R2 Beta Datacenter (7000.0.081212-1400_server_en-us-GB1SXFRE_EN_DVD.iso)
  • GQJJW-4RPC9-VGW22-6VTKV-7MCC6
    Windows Server 2008 R2 Beta for Itanium Based Systems (7000.0.081212-1400_serverenterprise64_en-us-GB1SIAIFRE_EN_DVD.iso)
  • CQ936-9K2T8-6GPRX-3JR9T-JF4CJ
    Windows Web Server 2008 R2 Beta (7000.0.081212-1400_serverweb_en-us-GB1WXFRE_EN_DVD.iso)
  • GT8BY-FRKHB-7PB8W-GQ7YF-3DXJ6
  • Download your copy overhere: http://www.microsoft.com/downloads/details.aspx?FamilyID=85cfe4c9-34de-477c-b5ca-75edae3d57c5&displaylang=en

    Windows: Terminal Server and connected Terminal Services clients pause when a Terminal Services client logs on or logs off


    De laatste weken ben ik samen met Aleks Nikolić van Virtualistic.nl bezig met het troubleshooten van verschilende TS problemen. Tijdens de zoektocht naar mogelijke oplossingen kwamen uit op KB324446.

    In KB324446 wordt het volgende geschreven:

    When a Terminal Services client logs on or logs off (either in a session or on the console of the Terminal server), the Microsoft Windows Server 2003-based or the Microsoft Windows 2000-based Terminal server together with the connected Terminal Services client computers may stop responding or may pause for several seconds. Users may also experience one or more of the follow symptoms:

    • When a user types in a document, characters do not appear on the screen until this pause has ended.
    • Keyboard input and mouse input are queued, but they are not processed until this pause has ended.
    • Live performance monitoring (Perfmon) graphs have missing data points during this pause.
    • All running programs appear to stop responding, or “hang,” during this pause.
    • When Spooler is under a load from a large number of users, a high CPU usage is displayed for it.

    Als je een Terminal server hebt met twee voedingen (wat wel gebruikelijk is volgens mij) dan moet je zeker de volgende change doorvoeren: Deze optie moet je alleen instellen als je raidcontroller een battery-backup cache module heeft (thanks Sven).

    Zet het vinkje aan bij “Enable advanced performance”

    image

    Nadat de bovenstaande settings zijn doorgevoerd, moeten er ook nog een aantal registry keys aangepast worden. Namelijk de volgende:

    Note This section applies to both Windows Server 2003 and to Windows 2000.

    • In the HKLM\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters subkey,
    • configure the following entries:
      • Name: MaxWorkItems
        Data Type: REG_DWORD
        Value data: 8192 (decimal)
      • Name: MaxMpxCt
        Data Type: REG_DWORD
        Value data: 2048 (decimal)
      • Name: MaxRawWorkItems
        Data Type: REG_DWORD
        Value data: 512 (decimal)
      • Name: MaxFreeConnections
        Data Type: REG_DWORD
        Value data: 100 (decimal)
      • Name: MinFreeConnections
        Data Type: REG_DWORD
        Value data: 32 (decimal)
    • In the HKLM\SYSTEM\CurrentControlSet\Services\Lanmanworkstation\Parameters subkey, configure the following entry:
      • Name: MaxCmds
        Data Type: REG_DWORD
        Value data: 2048 (decimal)
    • By default, your registry does not have a Configuration Manager subkey. To create the key, locate and then right-click the following subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session ManagerPoint to New, and then click Key. Type Configuration Manager, and then press ENTER.
      In the new HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Configuration Manager subkey, configure the following entry:
    • Name: RegistryLazyFlushInterval
      Data Type: REG_DWORD
      Value data: 60 (decimal)

    Ik heb deze registry keys even uitgewerkt in de volgende twee files:

    LanManServerTuning_KB32446.reg

    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
    “MaxWorkitems”=dword:00002000
    “MaxMpxCt”=dword:00000800
    “MaxRawWorkItems”=dword:00000200
    “MaxFreeConnections”=dword:00000064
    “MinFreeConnections”=dword:00000020

    KB32446_Extra.reg

    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager]
    “RegistryLazyFlushInterval “=dword:0000003c

    Nadat je alle changes hebt doorgevoerd, moet je de server opnieuw op starten.

    Event ID 1003: Error Code 00000019, parameter1 00000020


    Vandaag klapte er een Citrix Terminal server uit ons farm met een BSOD als gevolg. Na een herstart van de server vond ik de onderstaande eventlog entry:

    image

    Nadat de server opnieuw was opgestart kwam er ook een melding, dat er een mini-dump was aangemaakt. Deze wilde ik gaan debuggen en kwam toen uit op de volgende site: http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

    Op de pagina staan ook de download links voor de debug tools. Je kunt ze ook hier vinden:

    Nadat je de software hebt geïnstalleerd, open  een commandprompt en blader naar de onderstaande directory:

    C:\Program Files\Debugging Tools for Windows (x86)>

    Voer daarna het volgende commando uit:

    windbg -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386
    -z C:\dump11112008_1150\Mini111108-01.dmp achter de –z optie zet je het pad naar je dmp file.

    Het volgende scherm word gestart:

    image

    Even later zie je de Bugcheck Analysis:

    image

    Uit CTX115626 haal ik de volgende quote:

    This hotfix rollup pack also contains all fixes included in Hotfix Rollup Pack 1, Hotfix Rollup Pack 2 , plus the following fixes that shipped since the release of Hotfix Rollup Pack 2:

    1. Servers might experience a fatal exception on vdtw30.dll.

      [From PSE450R02W2K3001][#170153]

    Dat word dus Hotfix Rollup pack 3 installeren. Nu hopen dat dit zonder al te grote gevolgen blijft.