根據Userenv log
Found file system path of: <\\msft.com\sysvol\topsnmq.chtn.com.tw\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}>
USERENV(154.3c8) 10:12:20:687 ProcessGPO: Couldn't find the group policy template file <\\msft.com\sysvol\msft.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>, error = 0x35.
USERENV(154.3c8) 10:12:20:718 ProcessGPO: ==============================
USERENV(154.3c8) 10:12:20:718 EvalList: ProcessGPO failed
USERENV(154.3c8) 10:12:20:718 GetGPOInfo: EvaluateDeferredGPOs failed. Exiting
USERENV(154.3c8) 10:12:20:734 GetGPOInfo: Leaving with 0
USERENV(154.3c8) 10:12:20:734 GetGPOInfo: ********************************
USERENV(154.3c8) 10:12:20:734 ProcessGPOs: GetGPOInfo failed.
USERENV(154.3c8) 10:12:20:734 LeaveCriticalPolicySection: Critical section 0x428 has been released.
USERENV(154.3c8) 10:12:20:734 ProcessGPOs: Computer Group Policy has been applied.
徵狀
-由用戶端嘗試存取Server仍出現錯誤 "Windows 找不到檔案或項目"
-\\電腦名稱 可以正常存取,但是\\msft.com 存取會失敗
解決
檢察DC上的 TCP/IP netbios help service 沒有啟動, 啟動服務後 sysvol即可以正常存取,並且GPO可以套用成功
當 DB & Transaction Log 檔占滿硬碟空間時,您可以使用以下步驟壓縮資料庫:
-- How to Shrink OperationManagerDW Database
--1. Check the OperationManagerDW Database Properties and DBID, for example this database is DBID 18
sp_helpdb
--2. Check the OperationManagerDW(DBID 18) Database Log File ID / name (OperationManagerDW_Log)
select * from master..sysaltfiles where dbid=18
--3. Truncate Trnsaction Log
Backup Log OperationManagerDW With Truncate_Only
--4. Shrink Whole Database
DBCC SHRINKDATABASE(OperationManagerDW)
--5. Srink Log File Again to reduce file size
USE OperationManagerDW
GO
DBCC SHRINKFILE(OperationManagerDW_Log)
您可以參考 KB 256650 來避免 SQL Server 資料庫的交易記錄檔超出預期大小:
- 像是固定執行 DB 備份
- 設定維護計劃
- 變更復原模式
- etc...
By default, in SQL Server 2000 and in SQL Server 2005, the recovery model for a SQL Server database is set to the Full recovery model. With the full recovery model, regular backups of the transaction log are used to prevent the transaction log file size from growing out of proportion to the database size. However, if the regular backups of the transaction log are not performed, the transaction log file grows to fill the disk, and you may not be able to perform any data modification operations on the SQL Server database.
You can change the recovery model from full to simple if you do not want to use the transaction log files during a disaster recovery operation.
Change the recovery model. If a disaster or data corruption occurs, you must recover your database so that the data consistency and the transactional integrity of the database are maintained. Based on how critical the data in your database is, you can use one of the following recovery models to determine how your data is backed up and what your exposure to the data loss is:
- Simple recovery model
- Full recovery model
- Bulk-logged recovery model
By using the simple recovery model, you can recover your database to the most recent backup of your database. By using the full recovery model or the bulk-logged recovery model, you can recover your database to the point when the failure occurred by restoring your database with the transaction log file backups.
In addition, the Operations Manager databases do not need maintenance tasks as it has its own internal maintenance processes. Some table/index are dropped and created again. That is why your maintenance job is failing re-indexing an index that does not exist
REFERENCE
================
INF: Shrinking the Transaction Log in SQL Server 2000 with DBCC SHRINKFILE http://support.microsoft.com/kb/272318/en-us
INF: 如何將 SQL Server 交易記錄檔壓縮 http://support.microsoft.com/kb/256650/zh-tw
如何避免 SQL Server 資料庫的交易記錄檔超出預期大小 http://support.microsoft.com/kb/873235/zh-tw
INF: SQL Server 中的 Autogrow 及 Autoshrink 設定考量 http://support.microsoft.com/kb/315512/zh-tw
Maintenance Plans http://msdn.microsoft.com/en-us/library/ms187658.aspx
Maintenance Tasks http://msdn.microsoft.com/en-us/library/ms140255.aspx
Recovery Model Overview http://msdn.microsoft.com/en-us/library/ms189275.aspx
Q.
We know DFS maximum size is 64 GB in Windows 2000 DFS and Windows Server 2003(R2) DFSR.
Does this limitation also applies to Windows Server 2008 and Windows Server 2008 R2 DFSR?
Do we have similar article such as this http://technet.microsoft.com/en-us/library/cc773238(WS.10).aspx#BKMK_00 that describes the limit?
A.
The DFSR test team successfully tested replication of 10Tb (9.97Tb to be precise) of data between two Windows Server 2008 Standard Edition servers. The test was conducted on a private network and it took about 8.5 days to fully replicate the data. The replicated data was composed of 4,410,445 files and 798 directories. The file data was randomly generated, meaning it cannot be compressed. Therefore, this scalability test represents the worst case workload and can be thought of as similar to replicating 10Tb of already compressed data.
The DFSR product team expects data stored on customers’ servers to compress much better. That would reduce both the amount of data sent across the wire and the time taken by DFSR to replicate the data.
Please note that these are preliminary test results. The DFSR product team will resume scalability tests as soon as possible and the above numbers serve as an indication, that DFSR is not limited to 10Tb or 4.5 million files.
Thanks,
The DFSR Product Team
如果我們要讓新的使用者登入系統後,預設都能同樣的設定(例如桌面圖示、捷徑、IE首頁),必需讓設定套到Default Profile上,如此在新的帳戶登入時,會去copy Default Profile的設定而套用下來。在以往,我們習慣在以下的畫面中,將已經設定好的profile copy至Default User上。
在Windows 7裏,要使用http://support.microsoft.com/kb/973289 的方式才能達到這個需求。將步驟整理如下:
1.登入一個帳戶,做完所有的設定。
2.將以下的文件存成Unattend.xml檔,放在C:\下。
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<CopyProfile>true</CopyProfile>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:d:/sources/install.wim#Windows 7 ENTERPRISE" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
3.開啟CMD,將路徑切到C:\Windows\system32\sysprep。
4. 執行sysprep.exe /generalize /unattend:c:\unattend.xml。
5.重新開機,會做初始化的動作,系統即會依照步驟4去讀取unattend.xml檔,並且完成設定。
由於目前文件上提到的可能原因為KMS不是1.2版本才造成此問題,根據實際的經驗,以下三個原因都可能造成此錯誤的產生:
狀況1:KMS Server版本非升級至1.2版本
狀況2:KMS Client無法找到KMS Server
狀況3:KMS Client的時間或時區設定錯誤
解決方式:
狀況1.
a.如果KMS Server尚未升級至1.2,請您先升級KMS Server元件後重新開機。
Windows 2003元件下載點 http://support.microsoft.com/kb/968915/zh-tw
Windows 2008元件下載點 http://support.microsoft.com/kb/968912/zh-tw
b.開啟命令提示字元,執行slmgr -ipk XXXXX-XXXXX-XXXXX-XXXXX-XXXXX (請輸入Windows 2008 R2版本的KMS Server 金鑰)
c.執行slmgr –ato
狀況2.
如果是網路問題,請嘗試執行telnet <KMS Server IP> 1688以確定是否可以正常連線到KMS Server監聽的1688 port
狀況3.
請您在KMS Client的時區及時間上做檢查,看是否時區設定有誤,如果設定錯誤請修正後再嘗試做啟動
問題
=======
Web Server 2008 產品啟動問題
當您輸入產品金鑰後 ,並透過線上自動啟動Windows ,會出現 [無法驗證您的產品金鑰 . 請檢查您的產品金鑰 , 並確定您已正確輸入.]
解決方法
===========
1. 安裝Web Server 2008時 , 請先選擇[下一步] , 跳過輸入金鑰步驟, 並將系統安裝完成
選擇[否]
安裝後 ,目前是Web Server 2008 SP1
2. 請先安裝SP2後, 第一次重新開機
3. 需再第二次重新開機 (如果沒有重新啟動 , 立即透過線上自動啟動Windows ,您會出現下面的錯誤)
4. 輸入產品金鑰
5. Web Server 2008 啟動成功
How to Limit the Size of the ACS Database by filtering the Security Events
After adding the following ACS filter, the new incoming events cannot be reflected in ACS reports.
adtadmin /setquery /query:"SELECT * FROM AdtsEvent WHERE (HeaderUser='SYSTEM' OR HeaderUser='LOCAL SERVICE' OR HeaderUser='NETWORK SERVICE') AND (EventID=671 OR EventID=675 OR EventID=681 OR EventID=529 OR EventID=531 OR EventID=532 OR EventID=535 OR EventID=536 OR EventID=539 OR EventID=517 OR EventID=624 OR EventID=627 OR EventID=628 OR EventID=630 OR (EventID>=631 AND EventID<=639) OR (EventID>=641 AND EventID<=668) OR EventID=684 OR EventID=685)"
Problem Description
==================
ACS(Audit Collection Services) Database can quickly fill up due to unwanted security events,
Resolution
Solution
======
The Solution is to avoid unwanted events by uing AdtAdmin along with WQL Query as listed below
An ACS collector can use Windows Management Instrumentation (WMI) Query Language (WQL) queries as filters to limit the events that are stored in the ACS database.
The /SetQuery parameter implements the filter before events are saved to the ACS database.
For more information about WQL and WQL queries,see Retrieving Managed Resources Using WMI Query Language at http://go.microsoft.com/fwlink/?LinkId=74151 and Querying with WQL at
http://go.microsoft.com/fwlink/?LinkId=74152.
AdtAdmin.exe /SetQuery [/Collector:CollectorName] /Query:QuerySyntax
Example
This example uses the /SetQuery parameter to define a WQL query that filters out specified events. When applied, this query filters out events generated by System, Local Service, and Network Service services, and it also filters events that have specified event ID numbers.
adtadmin /setquery /collector:"Collector Name" /query:"SELECT * FROM AdtsEvent WHERE NOT ((HeaderUser='SYSTEM' OR HeaderUser='LOCAL SERVICE' OR HeaderUser='NETWORK SERVICE') OR (EventId=538 OR EventId=566 OR EventId=672 OR EventId=680) OR (EventId>=541 AND EventId<=547))"
PROBLEM
=========
Customer says that alerts in the Active Alerts view in OpsMgr console (Monitoring Section) are not updated as expected. It takes a lot of time for those alerts to be Closed. Or the alerts may change to Closed State but may not dissapear from the console.
Action Plan
=========
To identify computers with future time stamps, run the following query
SELECT * FROM dbo.AlertView WHERE TimeRaised > getutcdate() OR StateLastModified > getutcdate()
- We ran the following t-sql commands to update the OperationsManager Database
UPDATE dbo.AlertView SET TimeRaised = getutcdate() WHERE TimeRaised > getutcdate()
UPDATE dbo.State SET LastModified = getutcdate() WHERE LastModified > getutcdate()
Solution
=========
Apply hotfix 957135
一、前言:
Windows Server 2008提供了新的 [Fine-Grained Password Policies]來處理這類的需求。要使用這個功能必須網域的功能等級先提昇為Windows Server 2008等級,接著透過AD網域中新的[Password Settings Container]的位置來進行設定,這個位置可使用[AD Users and Computers]管理工具,使用[Advanced Features]來開啟System位置就可看到,不過您必須要使用[Adsiedit.msc]或[Ldifde]工具來設定!
二、做法:
1. 請先建立一個全域安全性群組,例如:GSGroup1.
2. 將您想要排除的Account加為GSGroup1的成員.
3. 建立PSO
4. To create a PSO using ADSI Edit
- Click Start, click Run, type adsiedit.msc, and then click OK.
- In the ADSI Edit snap-in, right-click ADSI Edit, and then click Connect to.
- In Name, type the fully qualified domain name (FQDN) of the domain in which you want to create the PSO, and then click OK.
- Double-click the domain.
- Double-click DC=<domain_name>.
- Double-click CN=System.
- Click CN=Password Settings Container.
All the PSO objects that have been created in the selected domain appear.
- Right-click CN=Password Settings Container, click New, and then click Object.
- In the Create Object dialog box, under Select a class, click msDS-PasswordSettings, and then click Next.
- In Value, type the name of the new PSO, and then click Next.
- Continue with the wizard, and enter appropriate values for all mustHave attributes.
Attribute sample:
|
Attribute name |
Description |
Acceptable value range |
Example value |
|
msDS-PasswordSettingsPrecedence |
Password Settings Precedence |
Greater than 0 |
10 |
|
msDS-PasswordReversibleEncryptionEnabled |
Password reversible encryption status for user accounts |
FALSE / TRUE (Recommended: FALSE) |
FALSE |
|
msDS-PasswordHistoryLength |
Password History Length for user accounts |
0 through 1024 |
24 |
|
msDS-PasswordComplexityEnabled |
Password complexity status for user accounts |
FALSE / TRUE (Recommended: TRUE) |
TRUE |
|
msDS-MinimumPasswordLength |
Minimum Password Length for user accounts |
0 through 255 |
8 |
|
msDS-MinimumPasswordAge |
Minimum Password Age for user accounts |
· (None)
· 00:00:00:00 through msDS-MaximumPasswordAge value |
1:00:00:00 (1 day) |
|
msDS-MaximumPasswordAge |
Maximum Password Age for user accounts |
· (Never)
· msDS-MinimumPasswordAge value through (Never)
· msDS-MaximumPasswordAge cannot be set to zero |
42:00:00:00 (42 days) |
|
msDS-LockoutThreshold |
Lockout threshold for lockout of user accounts |
0 through 65535 |
10 |
|
msDS-LockoutObservationWindow |
Observation Window for lockout of user accounts |
· (None)
· 00:00:00:01 through msDS-LockoutDuration value |
0:00:30:00 (30 minutes) |
|
msDS-LockoutDuration |
Lockout duration for locked out user accounts |
· (None)
· (Never)
· msDS-LockoutObservationWindow value through (Never) |
0:00:30:00 (30 minutes) |
|
msDS-PSOAppliesTo |
Links to objects that this password settings object applies to (forward link) |
0 or more DNs of users or global security groups |
“CN=u1,CN=Users,DC=DC1,DC=contoso |
12. On the last screen of the wizard, click More Attributes.
13. On the Select which property to view menu, click Optional or Both.
14. In the Select a property to view drop-down list, select msDS-PSOAppliesTo.
15. In Edit Attribute, add the distinguished names of users or global security groups that the PSO is to be applied to, and then click Add.
16. Repeat step 15 to apply the PSO to more users or global security groups.
17. Click Finish.
5. To apply PSOs to users or global security groups using the Windows interface
- Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
- On the View menu, ensure that Advanced Features is checked.
- In the console tree, click Password Settings Container.
Where?
- Active Directory Users and Computers\domain node\System\Password Settings Container.
- In the details pane, right-click the PSO, and then click Properties.
- Click the Attribute Editor tab.
- Select the msDS-PsoAppliesTo attribute, and then click Edit.
- In the Multi-valued String Editor dialog box, enter the Distinguished Name (also known as DN) of the user or the global security group that you want to apply this PSO to, click Add, and then click OK.
請選擇您在先前已定義好的群組(GSGroup1)。
三、注意事項:
透過PSO物件的屬性設定來套用,極可能會有衝突的情形產生(多個PSO設定到單一物件),因此PSO有一個重要屬性[msDS-PasswordSettingsPrecedence]!
這屬性是一個1以上的整數值,越低的數字代表有較高的排序(優先權),例如有兩個PSO分別的屬性值為10與20,10的優先權比較高因此會真的套用到物件上;此外,如果屬性值一樣的話,那就以PSO的GUID比較小的會套用!
另外如果有分別的PSO設定到使用者帳戶與使用者所隸屬群組的話,則套用到使用者帳戶的才是結果PSO!
參考資訊連結:
AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842.aspx
SYMPTOM
===================
Server - Windows server 2003 SP2 Standard.
Role of the server - File server and Citrix server.
- Unable to access admin shares on the file server.
- SMS remote desktop from Vista to XP prompts for credentials if it has the patch installed
- Issue started after 968389 patch installation.
- Interesting point to note - this problem is only evident on some servers whilst some are not being affected at all.
This issue is there when you access the admin shares or c$ on the server itself:
Error messages
\\localhost\c$ - No network provider accepted the given network path
\\servername\c$ - No network provider accepted the given network path.
\\ip\c$ - No network provider accepted the given network path.
\\FQDN\c$ - No network provider accepted the given network path
RESOLUTION/WORKAROUND
===================
Uninstall and reinstall the patch will guarantee solve the problem
問題描述︰
您無法遠端連線 (RDP) 到您的 Windows Server 2003 伺服器
經過進一步的分析您發現:
1. 伺服器沒有在聽 TCP port 3389 (netstat -ano)
2. Terminal Services 服務有啟動
3. MSINFO32 顯示 TDTCP & RDPWD system driver 狀態 (Status) 呈現停止 (Stop)
4. TDTCP.sys 有在 system32 目錄下,版本及檔案大小也是正確的
5. 裝置管理員中已經找不到 TDTCP 裝置 (顯示隱藏裝置然後設定依連線顯示裝置 view "Devices by Connection")
說明與方法︰
Analysis
===========
- Reinstall the RDP-TCP connection and the problem persisted still
- Reinstall the TDTCP device with Devcon script,TDTCP device was added back, and RDP worked successfully.
Run the following commands:
devcon install %windir%\inf\machine.inf root\RDP_MOU
devcon install %windir%\inf\machine.inf root\RDP_KBD
devcon install %windir%\inf\machine.inf RDP.serviceinstall
devcon install %windir%\inf\machine.inf root\legacy_RDPWD
devcon install %windir%\inf\machine.inf rdpdr.serviceinstall
devcon install %windir%\inf\machine.inf rdpdr.serviceinstall
devcon install %windir%\inf\machine.inf legacy_TDPIPE
devcon install %windir%\inf\machine.inf legacy_TDPTCP
devcon install %windir%\inf\machine.inf legacy_termservice
Note: Ignore any error messages you may encounter, provide us the output result (including the error messages if there is any)
- You may get the following devices with exclamation mark after running the devcon script, they can be safely deleted
問題描述︰
您想解決 Volsnap Event 25 事件
Event Type: Error
Event Source: VolSnap
Event ID: 25
Description: The shadow copies of volume D: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
Data:
0000: 00000000 00580002 00000000 c0060019
0010: 00000003 00000000 00000003 00000000
0020: 00000000 00000000
c0060019 = ERROR_SEEK The drive cannot locate a specific area or track on the disk.
說明與方法︰
CAUSE
================
以下兩篇 KB 描述當伺服器 I/O 高時,會遺失 Shadow Copy 的問題
925799 Error message when a Windows Server 2003-based computer has a high level of I/O activity: "The shadow copies of volume Volume_Name were aborted because the diff area file could not grow in time"
http://support.microsoft.com/kb/925799
826936 Time-out errors occur in Volume Shadow Copy service writers, and shadow copies are lost during backup and during times when there are high levels of input/output
http://support.microsoft.com/kb/826936
(826936 is replaced by 833167, 833167 is included in Windows Server 2003 SP2)
RESOLUTION
=================
1. 我們建議您先安裝以下 Hotfix 來更新 VOLSNAP 驅動程式
Rollup update for the volsnap.sys driver in Windows Server 2003 http://support.microsoft.com/kb/967551
After 967551 hotfix is installed, you must change the value of the UseTopDownAlloc registry entry to 1 to resolve the Stop code 0x0000006B issue.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VolSnap\UseTopDownAlloc
2. 設定 MinDiffAreaFileSize 機碼
Registry path: HKLM\SYSTEM\CurrentControlSet\Services\VOLSNAP\MinDiffAreaFileSize
Compute a value that is five percent of the smallest shadow copy storage space on any one volume on the system.
Use the following guidelines to set the MinDiffAreaFileSize value:
If you compute a value that is less than or equal to (<=) 600 megabytes (MB), set the MinDiffAreaFileSize value to 600. If you continue to receive event ID 25, incrementally increase the value until the value exceeds 3,000.
If you compute a value that is more than or equal to (>=) 3,000 MB, set the MinDiffAreaFileSize value to 3000.
If you compute a value that is between 600 MB and 3,000 MB, set the value of MinDiffAreaFileSize to the value that you computed.
MinDiffAreaFileSize controls the initial size of the shadow copy storage area for each shadow copy. The MinDiffAreaFileSize registry key uses the REG_DWORD data type.
The MinDiffAreaFileSize registry key specifies the minimum size of the shadow copy storage area. The default size of the shadow copy storage area is 300 MB, and the maximum size is 3 gigabytes (GB). For an accurate setting, specify a value that is a multiple of 300 MB. Otherwise, the next multiple of 300 MB will be used. A value of 300 is equal to 300 MB, and a value of 3,000 is equal to 3 GB.
Shadow copies might not function correctly if the value of the MinDiffAreaFileSize registry key is larger than the maximum size of the shadow copy storage area. Before you change this registry entry, run the vssadmin list shadowstorage command. Make sure that the shadow copy storage area is larger than 300 MB or that the shadow copy storage area is larger than the value that is set in the registry. Also, make sure that you have at least 300 MB of free space on the shadow copy storage volume.
ADDITIONAL CONSIDERATION
=================
As time passes, the allocated space may increase as more data is modified on the original volume. However, when you have high input/output traffic on the original volume, the shadow copy storage area cannot grow fast enough to hold all the copy-on-write changes. This causes deletion of all the shadow copies on the original volume. This problem is more noticeable in domain controller configurations. By default, the disk write cache is disabled in domain controller configurations.
If you continue to receive event ID 25, follow these steps to resolve the issue:
a. Put the shadow copy storage on another volume, even if the volume is located on the same hard disk.
b. Make sure that the volume that causes event ID 25 is not the same volume that contains the paging file. If the volume that causes event ID 25 contains the paging file, consider putting the paging file on another volume.
c. Make sure that the volume that causes event ID 25 is not used as the shadow copy storage for any other volume.
使用 VSSADMIN 指令修改 Storage 位置以及大小
Method 1)
Run "vssadmin resize shadowstorage /for=c: /on=d: /maxsize=2500mb"
This will set Partition D: for Storage area for Partition C: with size limit of 2500mb (This valve will vary according to your requirement)
Method 2)
Run "vssadmin delete shadowStorage /for=C: /on=C:"
Run "vssadmin add shadowstorage /for=C: /on=D: /maxsize=2500mb"
問題描述︰
Windows Server 2008/重新啟動電腦後,NetLogon服務無法自動啟動並且啟動後馬上又停用
解決方法︰
記錄檔名稱: Directory Service
來源: Microsoft-Windows-ActiveDirectory_DomainService
日期: 2009/7/26 下午 05:32:52
事件識別碼: 2103
工作類別: 服務控制
等級: 錯誤
關鍵字: 傳統
使用者: ANONYMOUS LOGON
電腦: DC.msft.com
描述:
已經使用不支援的還原程序來還原 Active Directory 網域服務資料庫。
此狀況持續時,Active Directory 網域服務將無法登入使用者。因此,已暫停 Net Logon 服務。
根據提供的log請備份以下登錄值
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters\
請點選Parameters右邊視窗確認”Dsa Not Writable” 是否存在?
若該值存在,請參考 KB875495
How to detect and recover from a USN rollback in Windows Server 2003
http://support.microsoft.com/kb/875495/en-us
Problem
======
How to move a DHCP scopes list to another server
Solution
=======
顯示DHCP 的scope
netsh dhcp server show scope
匯出SCOPE
netsh dhcp server export c:\dhcp 10.3.2.0
在舊的Server 刪除此scope
netsh dhcp server delete scope 10.3.2.0 dhcpfullforce
匯入到另一台DHCP
netsh dhcp server IMPORT c:\dhcp 10.3.2.0
RELATED KNOWLEDGE BASE ARTICLES:
================================
How to use the Netsh utility to export and import DHCP scopes
http://support.microsoft.com/kb/281626/en-us
區段 B:將領域和設定移轉至管理伺服器
http://technet.microsoft.com/zh-tw/library/cc463365(WS.10).aspx
Problem
========
SCDPM 2007,DPM Agent installation failed
We can check the log MSDPMagentinstall.log in folder c:\windows\temp
MSDPMAgentInstall.LOG
===================================
MSI (s) (24:B4) [16:44:06:980]: Note: 1: 1708
MSI (s) (24:B4) [16:44:06:980]: Note: 1: 2205 2: 3: Error
MSI (s) (24:B4) [16:44:06:980]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1708
MSI (s) (24:B4) [16:44:06:980]: Note: 1: 2205 2: 3: Error
MSI (s) (24:B4) [16:44:06:980]: Note: 1: 2228 2: 3: Error 4: SELECT `Message` FROM `Error` WHERE `Error` = 1709
MSI (s) (24:B4) [16:44:06:980]: Product: Microsoft System Center DPM 保護代理程式 -- Installation failed.
MSI (s) (24:B4) [16:44:06:980]: Windows Installer 已安裝該產品。產品名稱: Microsoft System Center DPM 保護代理程式。產品版本: 2.0.5820.0。產品語言: 1033。安裝成功或錯誤狀態: 1603。
MSI (s) (24:B4) [16:44:06:980]: Cleaning up uninstalled install packages, if any exist
MSI (s) (24:B4) [16:44:06:980]: MainEngineThread is returning 1603
MSI (s) (24:F0) [16:44:06:980]: Destroying RemoteAPI object.
MSI (s) (24:48) [16:44:06:980]: Custom Action Manager thread ending.
MSI (s) (24:F0) [16:44:06:980]: RESTART MANAGER: Session closed.
MSI (s) (24:F0) [16:44:06:980]: No System Restore sequence number for this installation.
=== Logging stopped: 2009/8/28 16:44:06 ===
MSI (c) (1C:30) [16:44:06:980]: Decrementing counter to disable shutdown. If counter >= 0, shutdown will be denied. Counter after decrement: -1
MSI (c) (1C:30) [16:44:06:980]: MainEngineThread is returning 1603
Resolution:
============
Had stopped the Windows Firewall service and set the service to disabled, once complete the DPM Agent was able to install successfully.
Please also apply last DPM hotfix 970867.
http://support.microsoft.com/?Id=970867
More Information
==============
970090 You receive error messages about communication issues on a System Center Data Protection Manager 2007 agent
http://support.microsoft.com/kb/970090/en-us
A DPM agent failed to communicate with the DPM service on <server> because of a communication error. Make sure that <server> is remotely accessible from the computer running the DPM agent. If a firewall is enabled on <server>, make sure that it is not blocking requests from the computer running the DPM agent
947682 The DPM protection agent service cannot start in System Center Data Protection Manager 2007
http://support.microsoft.com/kb/947682/en-us
Data Protection Manager 2007 and protected servers open connections over TCP port 5718 and over TCP port 5719 to enable Data Protection Manager operations, such as synchronization and recovery. The current problem may occur on protected servers that are running the Microsoft Exchange System Attendant service. This service uses TCP ports dynamically. This service may take one or both of the required ports.
Data Protection Manager 2007 also uses the following ports:
· TCP 135 dynamic
· User Datagram Protocol (UDP) 53
· UDP 88
· TCP 88
· UDP 137
· UDP 138
· TCP 139
· TCP 389
· UDP 389
