I posted on how you can use Wevtutil to enumerate the event logs on server core or LH. Someone left a comment asking how could they just return the errors from the System log instead of all the events. Seems like a reasonable question and with a bit of...

At Microsoft we do quite a bit of dogfooding (imagine that) and in doing so we run into issues in the infrastructure and a lot of the time they crop up as "authentication issues". For example, users can't get to a website, a share, e-mail, etc. The symptoms...

Just wanted to list out some of the tools I use on a daily basis and some of the more common parameters I use with each. I've been doing enterprise wide administrative support for a while so these should come in handy to someone in the same role. EventcombMT...

I've been seeing a lot of churn internally and externally about installing a role on a server core machine and then trying to connect to it remotely only to find that the remote server core machine won't allow you to connect. Remote Management: To allow...

Background: In an earlier post I talked about some new features for Windows 2008 and Vista.  One of those new features that is often overlooked are the data collector sets (DCS).  One particular role that leverages data collector sets is active...

Windows System state analyzer tool Helps create snapshots of the computer—some of which include fixed drives, services, drivers and the registry. Users can create two snapshots at different points in time and compare them to view differences. A detailed...

This is more of a proof of concept, but I've used it with success internally. Take it and do with it what you want. Many thx to Brandon who did the "heavy lifting" when I got stuck! Overview: Ever run into cluster issues and wanted to see if the...

You would think that its just the same, and in a sense it is. In Vista though they hide the menu by default, so when you go to Control Panel\Network Connections you wont see the familiar menu where you can click advanced. By pressing the ALT key the file...

Well in short, your system could be unusable. Raymond Chen mentions it here how 3GB and PAE conflict with each other somewhat. I'm not going to dive into the subject too much as it was covered extensively by Raymond (link at bottom of post), but I...

Ran into an issue this week that was strange.  When you TS’d to the box it would just show a blank background and nothing else.  If you tried to launch task manager it would just fail silently to the user (actually access denied in the debugger...

Performance Analysis of Logs (PAL) tool Project Description: Ever have a performance problem, but don't know what performance counters to collect or how to analyze them? The PAL (Performance Analysis of Logs) tool is a new and powerful tool that reads...

All of these are for kernel mode, these are just commands I use often that don't troubleshoot a particular problem, but are helpful in getting a general picture of the system. If you have a specific issue you're trying to understand, drop a note and I...

Reliability Monitor will show you what is crashing on your machine, but how do we find the status of those crashes or capture the data ourselves to analyze? WERCON: Go to start:run and type WERCON, this will bring you into the world of crash analysis...

Pre-Vista it could be an issue if you didn't have debugging turned on via the boot.ini file and your system stopped booting. Well in Vista and 2k8 you can enable "Debugging mode" on boot by hitting F8 after POST. You can also turn off driver signing verification...

You've probably heard that netmon3.1 is out , but you might not know that you can easily launch a capture at the command prompt.  I find this useful when we're waiting on a repro, we want a capture, but we don’t know when that's going to happen...

POWERCFG has the answer to that question and many others, like -LASTWAKE will tell you why your machine resumed form sleep or hibernate. I used to run into an issue where I'd wake up in the morning and find my laptop was at perfect temperature to cook...

I see this questions come up quite a bit about the interoperability of x86 and x64 domain controllers. Does replication work? Do the tools cross over well? Any gotchas that we should know about? Etc. Well I'm here to tell you that here at Microsoft we...

Ever find yourself away from your server after building it out and forgot to turn on RDP so you could TS onto the machine? Well in XP and 2k3, you can just toggle a reg key and most of the time (pending firewall issues) you can then TS into the box. Doesn...

Currently we are running Win2k3 SP1, R2, SP2, Win2k8 Beta3, RC0, RC1, and RTM Escrow idomain controllers in production...  Since we're running some downlevel servers in the environment and I was interested in what is supported to be upgraded to Windows...

Want to find out who is in the admin group on a box in your domain and don't have privileges to logon? So I've found myself in a spot where I need to find out who owns a box and I don't have administrators privileges to logon and find out whose in the...

This is an FYI post so others on the intertubes can find the answer quickly. If you get this error: Log Name: Application Source: Application Error Date: 4.11.2008 07:20:41 Event ID: 1000 Task Category: (100) Level: Error Keywords...

Backstory: With the advent of Windows Vista there are changes made in how the operating system determines if it can take a kernel memory dump or not. Starting in Vista the amount of memory allocated for kernel mode could vary dynamically . If the pagefile...

Ran into a case today where each time we tried to start sidebar.exe it would fail silently. No crash to investigate, no error, so where to next? First I set an IFEO for sidebar.exe to launch windbg.exe when started, by doing this it stops at the initial...

I found that there were a few solutions out there on the internet but still didn’t really get me what I was after.  I wanted to find out my total SID count that could be created, and then find the current rid pool high water mark so I could track...

Ran into a case today where NLTEST was returning RPC_S_UNKNOWN_IF. C:\Users\Administrator>nltest /sc_query:bradforest I_NetLogonControl failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF C:\Users\Administrator>nltest /sc_reset:bradforest I_NetLogonControl...