-
I see this when using Robocopy.exe version XP027 and trying to copy inherited permissions. In the XP026 and earlier versions inherited permissions from the source would be copied to the destination. This is no longer the case in XP027.
Why Does this Happen?
This is the result of a design change to prevent another bug. It looks like there are no plans to change this at this time.
How to Workaround:
You can use the /MIR switch to get a similar behavior and in my tests it did work with the inherited permissions but realize that this will delete anything on the destination that isn’t on the source. There is also some odd behavior with this switch. I’ve seen a few references to this blog here that spells it out
How to Repro:
Make 2 directories
Md a
Md b
On c:\a add a textfile
On c:\b uncheck “Include inheritance permissions from this object’s parent” and remove the inherited permissions and grant yourself full control
Use robocopy.exe XP027
Robocopy.exe c:\a c:\b /copyall
View the permissions on c:\b they will remain unchanged
Delete the textfile from c:\b
Use robocopy.exe XP026
View the security settings on c:\a and c:\b and they will match
-
I’ve found another case where having UAC enabled will have some interesting results on what an administrator can do.
Symptoms;
UAC in enabled on my WS2008 machine. I am in the local administrators group but the local drive doesn’t have any security permissions for the local users group [Users (Server\Users)].
When I view the properties of the local drive there is 0 Used Space and 0 Free Space.
When I try to open a command prompt as an administrator it fails with “Parameter is incorrect”
The local Disk in my computer will have blank entries in total size and free space
Why does this happen?
When an administrator is logs onto a computer there are two tokens created, a full administrator and a standard user token. With UAC enabled the standard user token is used to view the disk info and since the Users group has no permissions on the disk it fails.
Here is a Doc
How to fix:
Grant the local users group permissions to the root of the local drive. Right click on the drive in explorer and select properties. Go to the security tab and click edit. Add the local users group and grant them at least “read” and “list folder contents” permissions.
Here is an old Doc about Permissions
-
I had a system that would try to boot into the Operating system then power itself off. In safe mode I could see it load a bunch of drivers then it would just hang on one dll (WLDAP32.dll). I wanted to verify that the dll I saw safe mode hang on was indeed causing the fatal system error. I attached a kernel debugger (the server was configured for kernel debugging) and restarted the server with the kernel debugger break on first module load CTRL+K and stepped through the boot up until I hit the stop code.
*** Fatal System Error: 0xc000021a
(0xFFFFF8A002A45760,0xFFFFFFFFC000012F,0xFFFFF8A0003D37C0,0x0000000000000000)
STOP: c000021a {Fatal System Error}
The Verification of a KnownDLL failed. system process terminated unexpectedly with a status of 0xc000012f (0x003d37c0 0x00000000)
The system has been shut down.
Break instruction exception - code 80000003 (first chance)
A fatal system error has occurred.
Debugger entered on first try; Bugcheck callbacks have not been invoked.
A fatal system error has occurred.
Connected to Windows 7 7000 x64 target at (Tue Apr 21 17:54:06.970 2009 (UTC + 1:00)), ptr64 TRUE
Loading Kernel Symbols
...............................................................
...........................................
Loading User Symbols
Loading unloaded module list
...
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck C000021A, {fffff8a002a45760, ffffffffc000012f, fffff8a0003cd3d0, 0}
Probably caused by : Unknown_Image
Followup: kitt
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
WINLOGON_FATAL_ERROR (c000021a)
The Winlogon process terminated unexpectedly.
Arguments:
Arg1: fffff8a002a45760, String that identifies the problem.
Arg2: ffffffffc000012f, Error Code.
Arg3: fffff8a0003cd3d0
Arg4: 0000000000000000
Debugging Details:
------------------
ERROR_CODE: (NTSTATUS) 0xc000021a - {Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x%08x
0x%08x 0x%08x). The system has been shut down.
EXCEPTION_CODE: (NTSTATUS) 0xc000021a - {Fatal System Error} The %hs system process terminated unexpectedly with a status of 0x
8x (0x%08x 0x%08x). The system has been shut down.
EXCEPTION_PARAMETER1: fffff8a002a45760
EXCEPTION_PARAMETER2: ffffffffc000012f
EXCEPTION_PARAMETER3: fffff8a0003cd3d0
EXCEPTION_PARAMETER4: 0
ADDITIONAL_DEBUG_TEXT: Verification of a KnownDLL failed.
BUGCHECK_STR: 0xc000021a_c000012f
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
PROCESS_NAME: System
CURRENT_IRQL: 0
FOLLOWUP_NAME: kitt
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: kb
FAILURE_BUCKET_ID: X64_0xc000021a_c000012f
BUCKET_ID: X64_0xc000021a_c000012f
OK now I know that a fatal system error occurred, I couldn’t see that from safe mode but what caused it?
ADDITIONAL_DEBUG_TEXT: Verification of a KnownDLL failed.
Good but what dll?
MODULE_NAME: Unknown_Module
IMAGE_NAME: Unknown_Image
Dump the string that identifies the problem fffff8a002a45760
1: kd> db fffff8a002a45760
fffff8a0`02a45760 56 65 72 69 66 69 63 61-74 69 6f 6e 20 6f 66 20 Verification of
fffff8a0`02a45770 61 20 4b 6e 6f 77 6e 44-4c 4c 20 66 61 69 6c 65 a KnownDLL faile
fffff8a0`02a45780 64 2e 00 43 46 30 43 35-43 39 36 42 41 46 42 7d d..CF0C5C96BAFB}
fffff8a0`02a45790 04 01 11 03 63 64 72 6f-5c 00 34 00 26 00 31 00 ....cdro\.4.&.1.
fffff8a0`02a457a0 a0 57 a4 02 a0 f8 ff ff-40 a7 e8 01 80 fa ff ff .W......@.......
fffff8a0`02a457b0 5c 00 3f 00 3f 00 5c 00-49 00 44 00 45 00 23 00 \.?.?.\.I.D.E.#.
fffff8a0`02a457c0 43 00 64 00 52 00 6f 00-6d 00 50 00 48 00 49 00 C.d.R.o.m.P.H.I.
fffff8a0`02a457d0 4c 00 49 00 50 00 53 00-5f 00 44 00 56 00 44 00 L.I.P.S._.D.V.D.
OK tells us what we have already figured out the verification of a known dll failed
Dump the 3rd argument
1: kd> da fffff8a0003cd3d0
fffff8a0`003cd3d0 "WLDAP32.dll"
There we go, the same dll I saw in safe mode.
-
Symptoms;
When I saw this replication was totally failing to some tail sites. Upon further investigation I noticed that when I forced a replication between two servers they didn’t update even though the replication was successful. The successful replication was due to the server replicating with its old partner. I was also seeing other DC fail replication completely.
DFSR logging had the following entries
20081205 09:45:58.351 2168 CFAD 6915 [ERROR] Config::AdSnapshot::ReadReplicationTopolgy Failed to BuildGlobalSettingsTree(). memberDn:<DN Member Info> Error:
+ [Error:13(0xd) Config::AdSnapshot::BuildGlobalSettingsTree ad.cpp:6253 2168 W The data is invalid.]
+ [Error:13(0xd) Config::AdSnapshot::BuildTopologySubTree ad.cpp:6434 2168 W The data is invalid.]
System Event Log had Event ID: 6002
The DFS Replication service detected inconsistent msDFSR-Subscriber object while polling for configuration information. The object at <Object> references another object at <Another Object> that does not exist.
Using DSquery.exe some of the msDFSR-MemberReferences would be blank or incorrect
C:\Windows\Debug>dsquery * "<Another Object> " -attr msDFSR-MemberReference
msDFSR-MemberReference
<Blank>
Why did this happen?
This was all caused by the DFS Replication Member Objects not being correct after a bunch of Domain Controllers were renamed. Some still had member objects that identified them as their old names; others were missing member object references entirely. The Domain Controllers were renamed using netdom but the DFS Replication Member Objects were never updated http://technet.microsoft.com/en-us/library/cc794759.aspx
Unfortunately this isn’t done automatically or pointed out in the netdom rename article.
How to fix:
This was fixd by using Adsiedit connecting to each DC and validating the msDFSR-MemberReference, msDFSR-ComputerReference, distinguishedName, and creating new objects as needed if they were missing. It could have been avoided by using http://technet.microsoft.com/en-us/library/cc794759.aspx after the DC rename
-
I saw this on a W2k3SP2 cluster that couldn’t bring a 2TB drive online after it was failed over. The problem I was running into was that the resource was timing out before it was fully brought online. Without enough time for the resource to come online it would fail. After increasing the pending timeout the resource came online.
Symptoms;
In the System Event Log you will see events referencing the pending timeout period being too short and the cluster.log will hit a pending time out and fail the resource.
Event Type: Error
Event Source: ClusSvc
Event Category: Resource Monitor
Event ID: 1145
Date: 4/28/2009
Time: 4:14:20 PM
User: N/A
Computer: <Server>
Description:
Cluster resource <Resource> timed out. If the pending timeout is too short for this resource, consider increasing the pending timeout value.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: b4 05 00 00 ´...
Cluster Log entry:
00001160.00001ac8::2009/04/28-23:14:20.186 WARN [RM] RmpTimerThread: Resource <Resource> pending timed out, CP 0 - setting state to failed.
Why does this happen?
There is a race to bring the resource online before the pending timeout period. If the pending timeout time has been reached and the resource is still OnlinePending the resource is treated as failed.
1. Resource Monitor calls the Online entry point of the first resource DLL and returns the result to Failover Manager.
· If the entry point returns ERROR_IO_PENDING, the resource state changes to OnlinePending. Resource Monitor starts a timer that waits for the resource either to go online or to fail. If the amount of time specified for the pending timeout passes and the resource is still pending (has not entered either the Online or Failed state), the resource is treated as a failed resource and Failover Manager is notified.
· If the Online call fails or the Online entry point does not move the resource into the Online state within the time specified in the resource DLL, the resource enters the Failed state, and Failover Manager uses Resource Monitor to try to restart the resource, according to the policies defined for the resource in its DLL.
Here is a Doc
How to fix:
You can increase the timeout period and this may give you enough time to bring your resource online.
To configure the pending timeout for a clustered service or application
1. In the Failover Cluster Management snap-in, if the cluster you want to configure is not displayed, in the console tree, right-click Failover Cluster Management, click Manage a Cluster, and select or specify the cluster you want.
2. If the console tree is collapsed, expand the tree under the cluster that you want to configure.
3. Expand Services and Applications.
4. Click the clustered service or application that you want to configure the pending timeout for.
5. In the center pane, right-click the resource for the service or application, click Properties, and then click the Policies tab.
6. Under Pending timeout, specify the length of time, in minutes and seconds, that the resource can take to change states between Online and Offline before the Cluster service puts the resource in the Failed state.
The default timeout value is 3 minutes.
Here is a Doc
-
The short answer: It isn’t designed to, Network Load Balancing is a cool name but it doesn’t accurately describe what it does.
The longer answer: NLB doesn’t check for load on servers to determine how to forward traffic from the Virtual IP (VIP). It’s balancing is designed to be a statistically even load balance for a large client population making many small requests NLB is designed for high throughput; it will use Layer2 broadcasts to get the traffic to all nodes in the cluster. This traffic is then sent to the NLB driver on each node for filtering. All nodes will perform a statistical mapping to determine which node should handle the packet. The winning node forwards the packet up the network stack to TCP/IP, and the other nodes discard it. Filtering traffic like this is faster than routing it. The statistical mapping is biased on IP address, port number and some pfm (assuming no affinity is set). This is why we don’t truly see a balance in NLB but a fast diffusion of traffic.
The Really Long Answer
-
I’ve seen this a few times now and there isn’t any good documentation that I’ve found that helps resolve or explain this. This occurs when the Administrator doesn’t have user privileges so it is being denied access when it tries to launch explorer.exe
Symptoms;
UAC in enabled on the target machine and it is configured to allow remote desktops. When you TS or logon to the machine with an administrator account, the logon process seems normal and when the desktop should render all you see is a blank screen. You are able to bring up the menu to launch Task Manager with Ctrl + alt + Del or Ctrl + Alt +End but Task manager never launches. The target computer will have a 4006 event logged and the security log will show a successful login.
Log Name: Application
Source: Microsoft-Windows-Winlogon
Date: 6/13/2008 10:30:26 AM
Event ID: 4006
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer:
Description:
The Windows logon process has failed to spawn a user application. Application name: . Command line parameters: C:\Windows\system32\userinit.exe.
If you logon using THE Local administrator account or disable UAC the logon session works as expected.
Why does this happen?
This happens when the account that is a member of the local administrator group but doesn’t have the proper user privileges on the target machine. Vista and 2008 will now create two tokens for an administrator when they logon, one standard user and one full administrator and the standard user token is used to launch the desktop. When the account doesn’t have the proper user privileges it fails to launch the desktop with access denied.
Here is a doc
How to fix:
By default Windows Vista and Server2008 have NT Authority\Interactive in the local users group which account for this. If this is missing re-add it or add another account or group to the local users group that contains the account you are using to login.
How to recreate this: (Don’t try this at home, go to a friends house)
You will need two machines a target and a host.
On the target:
The target must be running vista with UAC and remote desktops enabled. Make sure you know THE local administrator account, password and that it is enabled (This will be the easiest way to get back into your computer). Remove all accounts from the local users group and create a new account in the Administrators group or add a domain account there.
On the Host:
Remote Desktop into the target machine and provide the credentials of the account you added to the local admin account. You should see the logon process function normally and when you would expect the desktop never loads and you are stuck waiting.
