Tech Notes

Tuesday, November 10, 2009

Windows icons

I always forgot:

The icons located in \system32\shell32.dll and imageres.dll

Tuesday, October 27, 2009

DCDiag results

configuration: 3 DC - 2003, 2008, 2008

run dcdiag: test services did not pass on 2003 DC

message: it should be WIN32_SHARE_PROCESS not WIN32_OWN_PROCESS

found fix: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/aaee7dec-d1a9-4f8a-a1c1-ee24ff08f074

Go to registry :- HKLM-system-CCS-Services-RpcSs . Select RPCSS .

look at the right side you will see a Binary value as "Type" its value is set to 10 . 10 is for WIN32_OWN_PROCESS

If you will change it to 20 in decimal it will be WIN32_SHARE_PROCESS .

Did it on 2003 DC.

GPO processing 1006 1030 errors on terminal server.

issue: Some users accounts randomly stop process GPO.
solution:

Make the user account memeber of "domain admin" group.
Login to TS with the account.
From CMD run "rundll32.exe keymgr.dll,KRShowKeyMgr" command.
Delete everything from "Stored User Names and Passwordds" GUI.
Remove the user from "domain admin" group.

Friday, October 02, 2009

Backup VM on Hyper-V Cluster

First: Backup Exec 12.5 agent for Hyper-V does not work for the cluster configuration! So, you will spend $1000 for nothing.

Here how you can backup VMs with Microsoft Windows Backup. I did configure it for Windows 2008 sp2 Hyper-V cluster.

Enable Windows backup on each cluster node.
Create a batch what will include backup of all VMs and Quorum in the cluster.
Using Windows Scheduler run the batch (with high privileges).

The script example:

echo off

wbadmin start backup -backupTarget:\\hvbackup\hvvms\dc01 -include:N: -vssFull -noVerify -quiet

if %errorlevel% equ -2 echo skipped dc01

if %errorlevel% equ -2 goto quorum

:quorum

wbadmin start backup -backupTarget:\\hvbackup\hvvms\quorum -include:Q: -vssFull -noVerify -quiet

if %errorlevel% equ -2 echo skipped quorum

if %errorlevel% equ -2 goto ts02

:ts02

wbadmin start backup -backupTarget:\\hvbackup\hvvms\ts02 -include:S: -vssFull -noVerify -quiet

if %errorlevel% equ -2 echo skipped ts02

if %errorlevel% equ -2 goto util01

:util01

wbadmin start backup -backupTarget:\\hvbackup\hvvms\util01 -include:P: -vssFull -noVerify -quiet

if %errorlevel% equ -2 echo skipped util01

if %errorlevel% equ -2 goto util02

:util02

wbadmin start backup -backupTarget:\\hvbackup\hvvms\util02 -include:O: -vssFull -noVerify -quiet

if %errorlevel% equ -2 echo skipped util02

exit

The script you will need to run on each node and it will skip VM currently on other node. In my configuration I have separate LUN for each VM it is not R2 yet.

Do not forget to apply Microsoft fix on each Hyper-V host: http://support.microsoft.com/kb/958662

Thursday, September 24, 2009

Microsoft FTP 7.5

The task was to create a FTP service for non-active directory users:

Users have rights for all directories from the root down.
Users have access only isolated directories under root.

Solution:

Use windows 2008 sp 2 VM on Hyper-V
IIS 7.0
FTP 7.5
IIS Manager Authentication
FTP Virtual Host Names
FTP User Isolation - "User Name directory (disable global virtual directories)

Notes:

Do not forget to change security for "Network services" account (ref.3)
Created 3 FTP sites - one for global access (ref.5) needed to enable IE connection, second for non separated FTP and third for isolated users.
In IE7 and 8 you can use "Open FTP site in Windows Explorer" option under "Page", but you will need authenticate second time.
To authenticate you need to type user name as pointed in (ref.4) - "ftpheader.yourdomain.com|username" or with (ref.4) "ftpheader.yourdomain.com\username". The authentiacation will take place after connection to the global FTP site (ref.5).
Regular FTP clients can connect directly using "Virtual host names".

FTP certificate should be chosen on IIS 7.0 server level:

references:

Wednesday, August 19, 2009

AD object restore utility

It save my day and it is free:

ObjectRestoreforActiveDirectory_10

from Quest.

Tuesday, August 18, 2009

Terminal server - Symantec anti-virus and office

You need to disable smc.exe process running by default for each user, the key is:

LaunchSmcGui dword should be 0

You need to prevent ctfmon.exe pro.cess to run too (reference to office installation on the terminal server).

Monday, July 20, 2009

Powershell Hyper-V

This is from: http://pshyperv.codeplex.com/Thread/View.aspx?ThreadId=62355

"these 2 links should help.

http://blogs.technet.com/softienerd/default.aspx
http://pshyperv.codeplex.com/Thread/View.aspx?ThreadId=35417

you can set the reg to unrestricted but set it back later..

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\powershell\1\ShellIds\Microsoft.powershell]
"ExecutionPolicy"="Unrestricted"

unzip the file.. say to z:\
the open powershell command
cd z:\
PS Z:\>
type . .\hyperv.ps1

notice the dot+space+dot+slash.

snippets.. from the links..

try to call . .\hyperv.ps1 ftom the folder the zip was extraced to. notice the dot+space+dot+slash.

Powershell Tip #1

In Powershell, type $profile.

PS C:\Program Files\Microsoft\AxFuzzer> $profile
C:\Users\mengli\Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1

That points to where your profile is stored at. This is a powershell script that executes upon the start up of any powershell prompt for the current user. Go ahead and make the file. In my case, I made a new file at the location by typing this:

new-item $profile -itemtype file -force

Now, open the file and you can put in things like this:
set-executionpolicy unrestricted
. \\meng\shared\powershell\hyperv.ps1
set-executionpolicy remotesigned

Every new powershell prompt that you"