Archive for the ‘Windows Server’ Category

Useful links for MS6423 (Implementing and Managing Windows Server 2008 Clustering) Students

Thursday, November 29th, 2012

What’s New in Failover Clustering

http://technet.microsoft.com/en-us/library/hh831414.aspx

Requirements and Recommendations for a Multi-Site Failover Cluster

http://technet.microsoft.com/en-us/library/dd197575(v=WS.10).aspx

Microsoft Support Policy for Windows Server 2008 Failover Clusters http://support.microsoft.com/kb/943984/en-us

Failover Cluster Step-by-Step Guide: Validating Hardware for a Failover Cluster

http://technet.microsoft.com/en-us/library/b153c638-ff53-4470-8b72-010046b8dcc6

Microsoft support policy for server clusters, the Hardware Compatibility List, and the Windows Server Catalog http://support.microsoft.com/kb/309395

Step-by-Step Guide for Configuring a Two-Node File Server Failover Cluster in Windows Server 2008.doc

Step-by-Step Guide for Configuring a Two-Node Print Server Failover Cluster in Windows Server 2008.doc

2 Whitepapers located at http://www.microsoft.com/en-us/download/details.aspx?id=17157

Setup for Failover Clustering with VMWare

Location for this document:  pubs.vmware.com/vsphere-50/topic/com.vmwareICbsaae/PDF/vsphere-esxi-vcenter-server-50-mscs-guide.pdf

Windows Server 2008 R2 Failover Clustering – Best Practice Guide

http://blogs.technet.com/b/aevalshah/archive/2012/05/15/windows-server-2008-r2-failover-clustering-best-practice-guide.aspx

Failover Cluster Step-by-Step Guide: Configuring Accounts in Active Directory

http://technet.microsoft.com/en-us/library/cc731002(v=ws.10).aspx

How to disable IP version 6 or its specific components in Windows

http://support.microsoft.com/kb/929852

How to Alleviate Disk Space Pressure Caused By a Large Windows Component Store (WinSxS) Directory

http://support.microsoft.com/kb/2592038

Microsoft iSCSI Software Target 3.3

http://www.microsoft.com/en-us/download/details.aspx?id=19867

Stopping the SBS 2003 licensing check

Tuesday, June 7th, 2011

One of the most annoying things about Small Business Server 2003 is that it does a licensing check on a regular basis to make sure it is still a domain controller and hold the Operations Master roles.  After seven days (or twenty-one days if you installed the update that is part of the SBS 2008 or SBS 2011 migration tools), the server will start shutting itself down.

Unfortunately Microsoft does not document any way to avoid this.  I have found a workaround, but all the standard disclaimers apply:  This is not supported by Microsoft, you may be in violation of your licensing agreement, this may not work in your environment, we cannot be responsible for any side effects of this change, and are no way liable for any damage that may result.

To disable the SBS licensing check, you will first need to suspend the SBS Core Services (SBCore) service.  You will not be able to stop it from the Services MMC, and if you kill the sbscrexe.exe process, it will automatically restart itself.  To suspend the process, you will need to download a copy of Process Explorer from the Sysinternals website (http://technet.microsoft.com/en-us/sysinternals/bb896653) or a similar utility.   Run the utility, find the sbscrexe.exe process, and suspend the process.

Next, open the Registry Editor.  You are looking for the HKLM\System\CurrentControlSet\Services\SBCore key.  Right-click on SBCore and go to Permissions.  Add the Administrators group into the Access Control List and give the Administrators group Full Control permission and have the Registry Editor replace all permissions on child nodes.  Once this is complete, press F5 to Refresh and you should see a value under SBCore called Start.  Change the value of Start from 2 to 4 (4 is the code for Disabled in the service’s properties).

Once this is done you can kill the sbscrexe.exe process and it should not automatically restart.  If you ever patch your SBS 2003 server after this, it may attempt to reenable the licensing and restart the service.  You can stop this from happening by navigating to C:\Windows\System32\sbscrexe.exe in the file system and setting the Everyone group so that it is denied all permissions.  However, if you do this, certain SBS patches and services packs will fail to apply.

Good luck, and I hope this helps someone;

James

Exchange 2007 OWA Virtual Directory Authentication Issues

Tuesday, November 3rd, 2009

I ran into an interesting issue a couple of weeks ago with Outlook Web Access authentication.  A good friend of mine (who shall remain nameless) called me to get some help getting OWA working properly on Exchange 2007.

 After some testing and questioning, I discovered that they attempted to rename the OWA virtual directory to Exchange without deleting the existing Exchange virtual directory.  Step 1 was to convince them it was easier to get their users to type the new URL than re-purpose the Exchange virtual directory.

 Once we resolved that issue, we started working on getting the OWA virtual directory up and running.  We kept getting a 401 error, which really didn’t make sense since the OWA virtual directory was set in Exchange to employ Forms-Based Authentication.  So in the interest of time, we decided to delete and recreate the OWA virtual directory.  Same error message.

I started digging into IIS Manager, and discovered that the OWA virtual directory was set to Forms-Based Authentication.  So, tried changing it through the GUI to Windows.  It just reset itself back to Forms-Based. 

So I started digging into the web.config file.  Turns out the web.config file had the authentication type set to Forms-Based, and for some reason, the GUI change was not being written to the web.config file.  We edited the web.config file manually to use Windows Authentication, and it started working.

 Right about now, you are probably saying “Huh?”  That’s pretty much what I said too.  Here’s a quick summation of the lessons learned:

1.  With IIS 7 and IIS 7.5, it pretty much doesn’t matter if have a GUI, to do real work, you are going to have to edit text (XML) files. I thought we gave that up when we left DOS, Novell, and Linux/Unix behind, but I was apparently wrong.

2.  For forms-based OWA authentication to work, the virtual directory has to be set to use Windows Authentication.  (That one left me scratching my head for a while….)

3.  It is much easier to accept defaults and retrain users than it is to decide you don’t like Microsoft’s changes and set things up so the users don’t notice as many changes.

 Hope this helps;

James

Book Review–Windows Powershell Scripting Guide

Thursday, July 9th, 2009

 It’s not often I give a book rave reviews, but I only have one small nitpicky complaint about the Windows Powershell Scripting Guide.  That is that the title doesn’t truely convey the usefulness of this book for Windows administrators.

A better title, in my humble opinion, would be:  Powershell Scripts That Do Everything In Windows.

 The first two chapters give a nice basic overview of the Powershell environment, its configuration, and basic language elements (flow control, conditionals, etc.).

 After that, all the rest of the book is about scripts to accomplish many of the day to day Windows administration tasks in Powershell.  Need to read event logs, manage your failover cluster, or configure Server Core?  Scripts to accomplish those tasks and many more are in this book.

 If you want or need to script in Windows, you should have this book for the amazing number of scripts the author includes, if nothing else.

 Thanks;

James

Disabling Services on a Non-Responsive Computer

Tuesday, April 21st, 2009

I was faced with a client that had a server rendered unresponsive but somewhat functional by malfunctioning anti-virus software.  The services would either hang upon being stopped, or automatically restart themselves.

 I could not get remote desktop to respond, and was not in a position to go to the client location to investigate.  Thankfully some remote administration utilities were working, and RegEdit was one of them.

 Remember that each service in Windows lives in the Registry under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<shortservicename>

 The shortservicename is that same name that you would use with the NET START or NET STOP commands, and can be found by opening the Services Administrative Tool and going to the properties of the service and reading the Service Name Property off the General tab.

 To disable a service from starting, navigate to its key as described above and change the Start value to 4.  4 is the numerical value for the Disabled status.  Then you can reboot the computer and the problematic services will not start.

Hope this helps someone;

James

Symantec BackupExec 12.5 Unknown Errors on HP Server

Wednesday, April 1st, 2009

After installing Symantec BackupExec 12.5 on an HP DL380 running Windows Server 2008, the backups at one client were failing partway through the backup with this error message: 
Backup started on 3/22/2009 at 3:18:16 PM.
Backup Set Detail Information
Storage device “HP 1” reported an error on a request to write data to media.

Error reported:
A device attached to the system is not functioning.

V-79-57344-34036 – An unknown error has occurred.

Normally I would suspect hardware, but the same tape drive and SCSI controller worked the night before running BackupExec 11.0 and Windows Server 2003 prior to the upgrade.

The client called Symantec, and he was escalated to Level 3 support without a resolution before I had a chance to look at it.  Thankfully, my “Google-Fu” was strong that day, because I found this:  http://seer.entsupport.symantec.com/docs/305233.htm

Turns out there is a known conflict between the HP Server Management Agent and BackupExec.  Funny thing is, it does not appear to be consistent.  Some combinations of BackupExec and HP Agent versions work, some don’t, and I haven’t been able to figure out any rhyme or reason to which ones may or may not work, or why.

 Hope this helps;

James

Authentication Oddities after a Windows Server 2008 Upgrade

Wednesday, April 1st, 2009

Here’s an “interesting” feature I ran into after upgrading one of a client’s domain controllers to Windows Server 2008.  (All DCs were on Windows Server 2003, and all except this one remain on Windows Server 2003 for the time being.)

I got a call the next day stating that three things were broken:  Backup Exec would error out in the middle of a backup job, you could not use RDP to log in to the Windows Server 2008 DC, and the client’s Websense Admin Console would not let the domain administrator login.  (We’ll save the BackupExec issue for another time.)

When investigating the login issues, I noticed that when you tried to use the domain administrator account to log into the server from the server console, it worked fine.  When you attempted to use RDP to log in, it failed.  When looking at the security event log, it reported that the domain administrator account was disabled.

Even though I knew the domain admin account was NOT disabled, I took a look at its properties anyway, and discovered that the Pre-Windows 2000 Login Name (SAMAccountName for those of your who script or program) was populated, but for some reason, the Login Name field and UPN Suffix was not.  Simply filling out those two fields made the login work, and fixed the Websense Admin Console login problem as well.

 Hope this helps someone else;

James

Save Money by Buying New Hardware and Upgrading Your Operating System

Monday, March 23rd, 2009

In today’s economy, companies are looking for any way possible to save money.  One way to save money is with server consolidation. 

Many companies have deployed server hardware to support individual applications.  This can be an expensive way to allow applications to have their own server for vendor and user segregation.

Using virtualization technologies such as Microsoft’s Hyper-V and VMware’s various virtualization products can allow you to consolidate multiple physical servers onto one physical server running all the applications as virtual machines.

If you don’t need all the features that VMWare provides, you should take a close look at Hyper-V and how it can save your company money.  If you purchase Windows Server 2008 Enterprise Edition, it includes the right not only to load Windows Server 2008 on the physical hardware with Hyper-V, but also the right to load Windows Server 2008 Enterprise Edition on four virtual machines running on the same host.

You can also take advantage of downgrade rights to downgrade those virtual machines to older server operating systems, as long as you still have install media and license keys to allow you to install them.

Buy one high-end 64-bit Intel or AMD-based server, one copy of Windows Server 2008 Enterprise Edition, and get one physical computer running Windows Server 2008, and four virtual computers running Windows Server 2008 or an earlier version of Windows Server. 

Sound too good to be true?  Check out Microsoft’s Licensing FAQ at http://www.microsoft.com/windowsserver2008/en/us/licensing-faq.aspx#virt

 James

One Way to Save Money on your IT Budget

Monday, March 23rd, 2009

One area most businesses struggle with is support of remote users.  While commerical products exist that help solve this problem, they are not inexpensive, especially if you have a large number of remote users.

Free products such as VNC can be used as well, but if your users are protected by firewalls, configuring the network appropriately to allow access can be a hassle, and increase your security exposure.

We have found a free tool that takes VNC, an industry-accepted remote control tool, and adds a web-based proxy as a conduit for remote control of hosts from anywhere, with the permission of the end user.  It is available at http://www.zolved.com/remote_control.

I have personally tested the application while supporting our clients running operating systems ranging from Windows 98 to Windows Server 2008 with no issues.  If you need a way to reduce your travel expenses to remote computers or want to ditch expensive subscriptions to other tools, take a look at Zolved.  It may meet all your needs, and you certainly cannot argue with the cost.

Windows Update Error Code Listing

Monday, February 9th, 2009

It never seems to fail that I always run into at least one PC a month that has problems with Windows or Microsoft Update, and like most people, I do a very poor job of translating psuedo-random hexadecimal error codes into useful information.

Thanks to this website http://inetexplorer.mvps.org/, I found a very comprehensive listing of the Windows Update Error Codes that makes for a great starting point for researching those pesky WU/MU issues.  You can go directly to the error code listing here:  http://inetexplorer.mvps.org/archive/wuc.htm

 Hope this helps;

James