Browse by Tags

Related Posts
  • Blog Post: Great tool for Windows 2003: Server Performance Advisor (SPA)

    First off you can download SPA 2.0 here . I'm going to explain how to quickly use SPA, and then what type of data is returned in this post. What is SPA? So what is SPA and how can you use it? Well the official overview is: Microsoft ® Windows Server ™ 2003 Performance Advisor is the latest version of...
  • Blog Post: Interacting with Data Collector Sets via Powershell

    Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One of those new features that is often overlooked are the data collector sets (DCS).  One particular role that leverages data collector sets is active directory.  Active directory has put “hooks...
  • Blog Post: Debugging Terminal Service not listening. (Isolating an instance of SVCHOST)

    Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service. Here is the easiest way of doing so: 1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\ 2) Open regedit and go to HKLM...
  • Blog Post: Display warning text when someone logs onto your servers

    This works for Windows 2003 and Windows 2008. We use it during our reliability study to let the server owners know that they shouldn't reboot their boxes without a good reason. You can use it for whatever you’d like. :) The two keys to set: reg add " \\brad-dc-01\HKLM\SOFTWARE\Microsoft\Windows...
  • Blog Post: These are a few of my favorite things... (Part 2)

    sl.exe Download Now It’s just like portqry but with some things that make it beneficial for scripts… Much faster, multiple ports input and output via file. My syntax would be something like this for checking the ports for multiple DCs... sl.exe -f ips.txt -jops -t 88,389,3268,445 Procmon Download Now...
  • Blog Post: \SystemRoot\System32\RDPDD.dll failed to load

    This is an FYI post for an issue we've seen on a couple of Windows 2003 SP2 servers internally. Hopefully if someone hits this in the wild they'll be able to find this post on the intertubes. Symptom: When attempting to connect from the client via RDP, you would click “connect” and then soon after...
  • Blog Post: Supported upgrades for domain controllers to Windows 2008 (Melting Pot in CorpNet)

    Currently we are running Win2k3 SP1, R2, SP2, Win2k8 Beta3, RC0, RC1, and RTM Escrow idomain controllers in production...  Since we're running some downlevel servers in the environment and I was interested in what is supported to be upgraded to Windows 2008 when we sign off and the the DVDs start...
  • Blog Post: Vista SP1 and Windows 2008: No /console switch with MSTSC

    I've ran into this a few times here and each time I stare at my screen for some time (depends on how much coffee I've had) and then remember this change. When you install Vista SP1 or install Win2k8 the console switch for MSTSC will be ignored (it's gone). They've made a change that requires the use...
  • Blog Post: Vista and 2k8: Enabling Debug mode on boot up.

    Pre-Vista it could be an issue if you didn't have debugging turned on via the boot.ini file and your system stopped booting. Well in Vista and 2k8 you can enable "Debugging mode" on boot by hitting F8 after POST. You can also turn off driver signing verification on x64 systems, so if you REALLY wanted...
  • Blog Post: SET-ACL on registry key

    Man it was hard to find info on using set-acl on a registry key!   I was looking for a way to set an ACL that once set would be inherited by child keys and values.    We needed to give “Local Service” full control on the registry key below and have the subkeys inherit the permission...
  • Blog Post: Domain doesn't know about my computer account? I vouch for my computer, you can trust me...

    Had an issue where a server would not allow logon via termian services each time you attempted to logon it would return this:     Soooooooooo, what to do here?  First, we made sure the account existed in the directory since that's why it appeared to be complaining.  So I opened LDP...
  • Blog Post: Find out who pings on a subnet quick and easy

    So i know there are tools out there to do this but figured some would be interested on how to do this real quick with stuff that's already in the OS. 1) Turn off echos to make the out put clean (don’t forget to turn it back on when its done via “echo on”). 2) The set is a sequence of numbers from...
  • Blog Post: The case of sidebar.exe not starting. Oh Snap!

    Ran into a case today where each time we tried to start sidebar.exe it would fail silently. No crash to investigate, no error, so where to next? First I set an IFEO for sidebar.exe to launch windbg.exe when started, by doing this it stops at the initial breakpoint. Secondly I enabled loader snaps...
  • Blog Post: NTDS performance counters missing

    Thought I’d doc this for any others who run into this issue.  I had to demote/promote a machine this morning and when it finished promoting I found it was missing all the NTDS\* counters in perfmon.  I ran LODCTR /Q and saw that it looked wrong:   C:\Windows\system32>lodctr /q:NTDS...
  • Blog Post: These are a few of my favorite things... (Part 1)

    Just wanted to list out some of the tools I use on a daily basis and some of the more common parameters I use with each. I've been doing enterprise wide administrative support for a while so these should come in handy to someone in the same role. EventcombMT.exe Download eventcomb here . This tool has...
  • Blog Post: Windows Update fails with 8000FFFF (E_UNEXPECTED)

    Quick Solution:   Check the permissions on  the root of C: and ensure that BUILTIN\Users have Read access. Long Story: 8000FFFF == E_UNEXPECTED, not very helpful… Had a client where windows update was continually failing with the error code 8000FFFF.  When looking in the Windows Update...
  • Blog Post: Booting a DC into DSRM without touching it locally.

    Short answer: /safeboot:DSRepair Long answer: So you will run into it often when being an AD admin that you need to boot a DC into DSRM (Directory Service Restore Mode), so what is the easiest way of doing this without having someone stand at the console and hit F8 on reboot and select DSRM...
  • Blog Post: Hey I forgot to turn on RDP on my server!

    Ever find yourself away from your server after building it out and forgot to turn on RDP so you could TS onto the machine? Well in XP and 2k3, you can just toggle a reg key and most of the time (pending firewall issues) you can then TS into the box. Doesn't work in Windows 2000 as you need to install...
  • Blog Post: Hey where did /3GB go in Longhorn and Vista?

    If you did not already know there is no boot.ini in Vista/LH. So how do you set usermode space to 3GBs? If you recall on x86 platforms there is 4GBs of addressable VM space. So by default that is split up equally. 2GBs for kernel mode and 2GBs for use mode. Now this is usually fine, but if you have...
  • Blog Post: Dial in your debugging skills with this book.

    So this book has been getting mentioned around by a lot of reputable contacts internally so my teammate picked up a couple copies and I've been browsing it since. Browsing? Like all books in this category (Windows Internals, C++ Programming, etc) I don't read it cover to cover, if you do you should earn...
  • Blog Post: Hey Admins! Gathering information from remote machines using WMI (the easy way).

      Those who are just getting into scripting might be wondering how to query info from remote machines using WMI and how to find useful information to query.  When I started out trying to learn some of the WMI syntax and gathering info,  I started with ScriptoMatic .  I found this...
  • Blog Post: Using Natural Language Search to find files in Vista

    Saw this on http://on10.net/Blogs/jesse/natural-language-search-in-vista/ and found it very cool. Hard to find details though, but found some information on http://windowshelp.microsoft.com/Windows/en-US/help/73106209-6df0-432a-8cb7-df5d8ce02ec61033.mspx See below for an excerpt from that page...
  • Blog Post: Kernel stack not resident (Using .pagein)

    You might find yourself debugging an issue and a thread you are interested in is paged out. Here's the steps to use to page in the stack for the kernel side and user side... Be careful when doing this on a live machine that you want to release after debugging as paging in certain section of memory can...
  • Blog Post: How to frisk a DC when people are complaining of "Authentication Issues".

    At Microsoft we do quite a bit of dogfooding (imagine that) and in doing so we run into issues in the infrastructure and a lot of the time they crop up as "authentication issues". For example, users can't get to a website, a share, e-mail, etc. The symptoms can be varied and the outcome is the same,...
  • Blog Post: Are there pending operations waiting for a reboot?

    Sometimes you might log onto a server and wonder if there have been patches installed and thing needs to be rebooted. Well if the patch wanted to replace a file that was in use by the system (like NTFS for example) then it populates a certain key in the registry, you could check this key to determine...