Sharing the various little things I have learned to do with Microsoft Windows. Such as:
When fixing a corporate or personal laptop, I sometimes like to do little extra tweaks. Often it is the little, yet visible things that can make a good impression. A good example is the User / Organization Microsoft Windows remembers from initial installtion and uses going forward.
Sometimes employees purchase their laptops from their employer when they leave or company's sell of their outdated equipment to employees, friends and family. So I like to reset that registered User and Organization value in Windows to something more friendly. You can find the registry key to update here:
HKLM\Software\Microsoft\Windows NT\CurrentVersion
Just update the RegisteredOwner and RegisteredOrganization key values to something more personal, or more generic depending on the situation.
I have had a very busy time consulting of late and have not been able to update much on the blog. However I did want to document this one issue that drove me BERSERK for so long.
Deploying a Virtualized Exchange 2010 Testing Environment. I installed all the pre-requisites but the install failed. An error similar to this may be shown...
Error:It had issues starting some of the services. The Exchange Services would just hang. I found entries like the following in the Event Viewer...
Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=1348). Topology discovery failed, error 0x80040a02 (DSC_E_NO_SUITABLE_CDC). Look up the Lightweight Directory Access Protocol (LDAP) error code specified in the event description. To do this, use Microsoft Knowledge Base article 218185, "Microsoft LDAP Error Codes." Use the information in that article to learn more about the cause and resolution to this error. Use the Ping or PathPing command-line tools to test network connectivity to local domain controllers.I found numerous articles about disabling IPv6 via the registry, or if you un-checked IPv6 on the network adapter properties to re-enable it. That seemed to help me get my first Front-End and Back-End servers installed. However I was adding a second Front-End and Back-End server when this same fix did not help.
After uninstalling and reinstalling, or at least attempting to install, Exchange 2010 numerous times I noticed my original servers also stopped working and the Event Viewer had errors like above indicating it could not talk to AcitveDirectory. I really dug into the network connectivity piece but could not find and issue.
I eventually found one person who mentioned GPO objects that preventing some access to AD. One of the Exchange services requires the right to manage the security and audit log, obstensibly to be able to write to it. If you have the following group policy setting using a specific user/group it fails. In the Default Domain Policy, the GPO Object is:
Computer Configuration>Windows Settings>Security Settings>Local Policy>User Rights Assignment>Manage auditing and security log.
The author of the post mentioned setting it back to "not defined", but in my environment I added the computer accounts of my new virtual Exchange 2010 servers. I ran "gppdate /force" on each host and rebooted. That seemed to correct all my issues for now.
Thanks to Clint Boessen's Blog article, I saved quite a bit of time in configuring Public Folders to replicate from the Exchange 2003 environment to the Exchange 2010 Public Folder Databases. Microsoft has a handy powershell script just for this purpose. You can replicate an entire folder heirachry to another server database.
Command Syntax:
C:\path\AddReplicaToPFRecursive.ps1' -TopPublicFolder "\" -ServerToAdd ServernameQuick note that you will receive an error about the "top level" which cannot be replicated which is to be expected. Hopefully MS will design a better DAG / Replication for Public Folders in the future.
Had a very odd issue with GotoMeeting client on a Laptop PC. The client refused to connect so the user could attend an online meeting. It was acting like it had no network connection.
However, the system clearly had a working network connection. Browsers pulled up webpages, email clients worked, and I could ping/nslookup various sites. Later I noticed the system complaining about the AV being out of date, but the definitions listed were the most recent ones.
I looked for signs of a virus and/or spyware and found none. Then I noticed the clock was slightly off so I thought maybe a CMOS battery. Voila... the clock was set nearly one year ahead. Once I adjusted the date to the correct time, some of the odd systems behaviours went away and GotoMeeting connected without issue.
With the release of Google's Outlook AppSync Connector, many users and organizations have used this tool to connect Microsoft Outlook to GoogleApps email. One of the most painful parts of the AppSync Connector is the initial synchronization process. Having a large mailbox means this process could take quite a long time.
Recently, a user with a 6+ GB mailbox had a major system crash. The harddrive was fine but the system was not bootable. It was important to get the user restored ASAP. It was also critical to retrieve the data in Outlook "notes" and "tasks" . Unfortunately that data is NOT sync'd via the AppSync Connector to GoogleApps so it was not available via the GoogleApps Gmail interface.
I grabbed a freshly built laptop and created a new profile. I then rebooted in safe mode and logged in as Administrator. Using a USB sled, I connected the old harddrive and copied the profile data over from the original harddrive.
I thought I was golden when I saw the mail profile for GoogleApps listed there, but when I launched Outlook it complained it could not open my default folders. Next I used the GoogleAppSync "Setup a New User" Start Menu item to create a new mail profile. There is no need to "import" any data from any existing profile or PST. After launching Outlook and watching it start the synchronizationprocess, I shutdown Outlook.
I then opened the "C:\Documents and Settings\username\Local Settings\Application Data\Google\Google Apps Sync" folder and created a "backup" folder. Sorting by date, you should see the "sets" of data files for each mail profile, one "new" set created a few minutes ago and the older set with larger file sizes. Move the "new" data files in backup folder and you may also want to create a "copy" of the old files to put into the folder as well.
Now the trick... Copy the magic ID code that is part of the NEW file names. Then replace the old ID code in the OLD files with this new code. The file names will look like one of these...
Just replace the "01ca17ad-a586e986" string from the old files with the string from the NEW files. Essentially renaming the old files to the new file names.
Now simply cross your fingers and open the appropriate Outlook profile. The old profile will have to synchronize the latest updates, but that is 6GB less of data to download from GoogleApps. I verified the task and note data from old profile is present.
End result was ~1 hour to get the mail profile back to good working order instead of several days of synchronizing 6GB of mail and importing tasks and notes from the PST file and/or restoring from backup.
Recently I have had several laptops deployed that have experienced severe lag and performance issues as well as application hangs/crashes. Upon investigation, it seemed to consitantly relate to the following two executables:
Both files have info relating them to the "MacroVision Software Manager". In the Start Menu, there was a shortcut to "Software Manager". It periodically pops up the "water droplet" icon asking users to update some software. On our DELL laptops in house, I believe this is tied into the Roxio software package that comes with the DVD burner on our standard laptops. Annoyingly there is no Add/Remove Software option for this software via the Control Panel.
From doing a little research:
FLEXnet Connect is a solution that Acresso sells to software vendors that is designed to help you stay connected with your customers after they install your applications. Keeping software updated is one of the many benefits of FLEXnet Connect, but Acresso also recommends that software vendors build in an option to disable automatic update checking. If you are using an application that uses FLEXnet Connect, your application may have a configuration option to disable update checking. Please check your application’s menu options. If your application does not have this option, Acresso has created a tool called the Software Manager that can disable automatic update checking. The Software Manager utility lists all applications currently using FLEXnet Connect on your computer and the FLEXnet Connect's status with that application.You can disable the service's autorun key:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Look for the ISUSPM.exe entry and simply rename/modify the key to ISUSPM.ex_ (I'm a fan of disabling / intentional breaking vs. deleting keys). Alternatively export the key to make a backup. Also remove the shortcut from the program menu as it will recreate the key if you launch the program.
Note that this could conceivably break certain software applications from updating.
There are alot of reasons to use Active Directory (AD) for your central authentication needs. On a corporate AD network though, there may be some non-windows users that will not get the friendly password expiration reminders when they login to their systems. Subsequently these users will get locked out when their password exipres.
Obviously this is a pain for IT Support and can prevent users from accessing all those AD integrated services (VPN, web-portals, etc). I found this nice little perl script that will query AD and can email the users who have passwords that are about to expire. Those users then can RDP into a dummy little system I built to easily reset their password.
I tweaked the script a little to fit our specific needs. Besides the actual password checks, it can easily be tweaked to do alot more. I will attach my default script and configuration file so others can have some fun.
| Attachment | Size |
|---|---|
| Perl_AD_PasswdExpire.txt | 9.6 KB |
| Perl_AD_PasswdExpire_ini.txt | 1.56 KB |
I finally got around to rebuilding my primary desktop PC. In addition to adding the second harddrive and creating a RAID1 configuration, I took the leap to Windows7. Now my main desktop and my new Aspire Aspire Nettop media PC (review to come) run Windows7 on my home LAN.
After completing the upgrade, everything seemed to work out of the box fine. Mind you, my hardware is about 2.5yo so there shouldn't have been much issues or so I thought. I noticed one item in device manager that was "unknown", but a Windows Update with the optional hardware updates resolved that.
Then I decided to setup my new Hauppauge HD PVR (review to come) and do some test recordings. That's when I noticed I had no sound. Windows7 told me there were no speakers connected, even though I did have a simple pair of Harmon Kardon's connected until I get my Logitech Surround system wired.
So I tried removing and reinstalling the hardware without success. Then I decided to search for specific drivers for the Realtek HD Audio that is built into my Asus motherboard. I found the manufacturer website and HD codecs here: http://www.realtek.com.tw/downloads
However multiple attempts to download files just timed out or were crawling at a few K/sec. Eventually one finally did download. I installed it, rebooted, and VOILA! Sound restored.
I have also attached a link to download the 32bit Vista/Windows7 driver from my server to spare other people the pain of downloading it from overseas.
After pushing some registry tweaks via GPO, it turned out I needed to restart the service on every host. Rebooting and/or logging into each host was not a convenient option. I figured there must be a way to do it. This is the solution I came up...
Uses the "net view" command to get a list of available servers. Then the "psservice" command is used to connect to each system and execute the action for the service specified. It also creates a log file in C:\TEMP
Usage: <filename.bat> <servicename> <action>
<servicename> = The name of the serivce as it appears in the properties of the Services Control Panel.
<action> = any action that is supported by psservice (see "psserivce /?")
@echo off REM Created by MWalker@Techadre.com - 20090402 REM -- initialize global variables -- set Tnow=0 set Today=0 set DEBUG=1 set Service=%1 set Action=%2 set Server=0 REM *** DISCLAIMER *** echo Are you sure you %Action% %Sevice% on ALL servers? CTRL-C now to bail. pause REM *** Pre-Execution Stuff *** for /f "tokens=1,2,3 delims=,-/" %%a in ("%date:~4%") do set Today=%%c%%a%%b set Tnow=%time::=% set logfile=C:\temp\service_restart_script_%Today%-%Tnow%.log echo Logfile for this script is... %logfile% REM *** Cleanup Old List File *** if exist "C:\TEMP\SERVER.LIST" ( ECHO *** DEBUG *** Deleting Old SERVER.LIST file >> %logfile% del /F "C:\TEMP\SERVER.LIST" ) REM *** Create the Server List *** IF %DEBUG% EQU 1 net view |find "\\" >> C:\TEMP\SERVER.LIST.%Today%-%Tnow% ECHO - Getting Server List >>%logfile% net view |find "\\" >> C:\TEMP\SERVER.LIST REM *** For Each Server Listed, Do Something *** ECHO - Starting process at %Today%-%Tnow% >> %logfile% for /f "tokens=1 delims= " %%i in (SERVER.LIST) do ( IF %DEBUG% EQU 1 ECHO *** DEBUG *** Processing %%i ECHO - Processing "%%i" >>%logfile% IF %DEBUG% EQU 1 ECHO *** DEBUG *** Executing - psservice %%i %Action% %Service% >>%logfile% psservice %%i %Action% %Service% ) ECHO - Ending process at %Today%-%Tnow% >> %logfile%
An idea for tweaking this script would be to add more command line options to pass server names or patterns to be found in names. For example if you have a server name convention for SQL servers that use "sql" in the servername, you could restart a service on only SQL servers.
Also one could right a more complex script to issue commands and track the status and report if any server fails to restart correctly. Feel free to comment and submit your ideas and tweaks.
Adding a large group of new Active Directory (AD) users and add them to a group.
Using DSADD and DSMOD command line options in a batch script.
Knowing the command syntax and having a Excel Spreadsheet of the User information, I created a bulk list of commands I executed by "batch" script.
Using the following single command line, you may add users to your AD environment.
dsadd user "CN=Firstname Lastname,CN=Users,DC=domain,DC=local" -samid userid -upn "userid@domain.local" -fn "Firstname" -ln "Lastname" -display "Firstname Lastname" -pwd password123 -email "username@domain.com"Using the following single command line, you may add a user to a group.
dsmod group "CN=GroupName,CN=Users,DC=domain,DC=local" -addmbr "CN=Firstname Lastname,CN=Users,DC=domain,DC=local"Note - There additional command line parameters that may be available to meet your needs, so take a look yourself.
I was recently reminded of an issue we had with our small office LAN. Periodically, the small server we had serving basic network services like DHCP and DNS would crawl to a halt or crash. Upon investigation, I discovered it was due to the system running out of memory. After rebooting, the system seemed to run just fine.
To help diagnose, I added NSClient++ to the system and monitored system resources via Nagios. Sure enough, over time you could see the memory usage slowly increase. I discovered it was the DHCP server process causing the issue. A little googling led me to the "A Windows Server 2008-based DHCP server that is configured in a workgroup environment may consume too much memory" Microsoft KB article.
Sure enough, after performing the suggested registry change we have not seem the same memory utilization issue that lead to the server crashing. To spoil the lovely KB article, you just need to execute the following command (one-line):
reg add HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DHCPServer\Parameters /v DisableRogueDetection /t REG_DWORD /d 1
Recently I had to rebuild several desktops for redeployment for some summer interns. I grabbed the manufacturer OS install CD and booted up, hit any key to boot from the CD, started initializing and ... Black Screen.
Well, I thought it was maybe a video issue since I had a pretty new LCD hooked up to a older desktop. I pulled an older monitor down from the shelf and tried again. Same behaviour when starting the WindowsXP install I ended up in a black screen. I rebooted again and missed the "hit any key" and then I saw GRUB appear.
Grub is a linux bootloader. So the previous incarnation of this system was apparently a CentOS linux OS. I pulled out one of my handy boot utility CDs and booted into a prompt and used an FDISK tool to reset the MBR and define a single primary/active NTFS partition. Rebooted off the XP install CD and all was good.