• 如何突破可設定密碼RODC複寫 cache 1500個以上的account(user或computer)

    Posted over 4 years ago
    by Carrey Lin}

    原因

    If more than 1,500 accounts (users, computers, or groups) are added to the Allowed list (the msDS-RevealOnDemandGroup attribute) of an RODC, the RODC stops caching passwords for all security principals in the Allowed list. This occurs when you add security principals using either the repadmin /prp <RODCName> allow <User_Name> command or by directly modifying the msDS-RevealOnDemandGroup attribute of the RODC

    解決方案 - As a workaround, add the security principals to security groups to reduce the overall number of security principals that are in the Allowed list

    建議您由於此清單有1500限制,請您改由security group取代user account

    您可以由此清單加入有電腦與User帳號的安全性群組,建立cache需要等待密碼複製到RODC上,跨site可能需要等待60~90分鐘

    clip_image002

    另外當密碼有在以下清單中代表已經cache

     

    image

  • 清除Hyper snapshot 後avhd如何正確移除

    Posted over 4 years ago
    by Carrey Lin}

    問題現象 - Hyper snapshot刪除後avhd殘留
    問題成因 - 需要使用介面上的shut down來清除刪除的Snapshot,由guest os內shot down無法刪除avhd
    解決方案 - 使用介面上的shut down來清除刪除的Snapshot
    參考資訊 -
    What other important considerations should I be aware of when using snapshots?

    Keep the following considerations in mind, especially if you plan to use snapshots on a virtual machine in a production environment:

    • The presence of a virtual machine snapshot reduces the disk performance of the virtual machine.
    • When you delete a snapshot, the .avhd files that store the snapshot data remain in the storage location until the virtual machine is shut down, turned off, or put into a saved state. As a result, when you delete a snapshot, you will need to put the production virtual machine into one of those states at some point to be able to complete the safe removal of the snapshot.
    • We do not recommend using snapshots on virtual machines that provide time-sensitive services, or when performance or the availability of storage space is critical.

    參考

    Hyper-V Virtual Machine Snapshots: FAQ

    http://technet.microsoft.com/zh-tw/library/dd560637(WS.10).aspx

  • Upgrade WSUS 2.0 to WSUS 3.0 SP2

    Posted over 4 years ago
    by Carrey Lin}

    WSUS 3 + Remote SQL 2005 (WSUS SP2以不支援Windows 2000作業系統與SQL 2000)

    PREPARATION

    ==========================

    1. 請下載必要的工具:

    WSUS 3 SP2安裝包:

    http://www.microsoft.com/downloads/details.aspx?FamilyId=a206ae20-2695-436c-9578-3403a7d46e40&displaylang=en

    2.Windows Server Update Services API Samples and Tools 2.0備份工具(請將其安裝在 WSUS 2.0伺服器上備份用):

    http://download.microsoft.com/download/8/d/0/8d068114-bd66-4fde-a04c-aeaa9d1fe640/Update%20Services%20API%20Samples%20and%20Tools.EXE

    3.WSUS 3.0 API Samples and Tools(安裝於WSUS 3.0 伺服器還原用)

    http://www.microsoft.com/downloads/details.aspx?familyid=805aa009-0c90-4334-a4a1-0c07f9262437&displaylang=en

    請注意:使用Update Services API Samples and Tools 2.0備份,在3.0上無法使用2.0工具還原

    EXPORT/BACKUP WSUS DATA

    ==========================

    1. 備份 WSUS 對應的資料庫檔

    a) 在 C:\Program Files\Update Services\Tools 目錄下,執行下面指令:

    osql -E -S %computername% -Q "BACKUP DATABASE SUSDB TO DISK='C:\SUSDB.BAK' WITH INIT, STATS=10

    然後保存 C:\SUSDB.BAK 文件。

    b) 停止資料庫服務,保存 WSUS 對應的 SUSDB.MDF 和 SUSDB_LOG.LDF 文件

    2. 備份已經下載的 Updates 檔目錄

    3. 備份 WSUS 上的管理資訊。

    a) 安裝 Windows Server Update Services API Samples and Tools(在WSUS 2.0時備份請使用Windows Server Update Services API Samples and Tools 2.0備份工具)

    b) 在 C:\Program Files\Update Services API Samples and Tools\WsusMigrate\WsusMigrationExport 目錄下,執行下面指令:

    WsusMigrationExport.exe WSUS.XML

    c) 保存 WSUS.XML

    INSTALL WSUS3

    ==========================

    1. 卸載原有的WSUS。

    卸載時,請勾選前面兩個選項,但是清空第三個選項 "Downloaded updatefiles"。

    2. 請按照下面的文檔安裝 WSUS3 和 Remote SQL Server 2005 (or Windows Internal Database)

    http://technet2.microsoft.com/windowsserver/en/library/d7183651-b9fb-4288-a15f-33032c40ce2d1033.mspx?mfr=true

    3. 安裝過程請注意以下幾點:

    a) 使用原來的Content目錄(存放 Updates 檔的目錄)。這樣可以重用原有的Updates 檔

    b) 使用和原來一樣的 IIS 站點。這樣用戶端可以不做改動而直接訪問新的WSUS。

    4. 安裝完畢之後,執行 WSUS 3。應該會自動打開 "WSUS Server ConfigurationWizard"。

    請按照原來WSUS的配置,配置新的 WSUS3 伺服器,如管理的語言,產品列表,Updates 類型,Proxy 資訊等。

    5. 配置完成後,請開始WSUS與微軟網站之間的同步。

    IMPORT DATA

    ==========================

    1. WSUS 同步完成之後,請將 WSUS.XML 拷貝到 C:\Program Files\Update Services API Samples and Tools\WsusMigrate\WsusMigrationImport 目錄

    2. 依次執行下面的命令行,導入原來的WSUS管理資訊:

    WsusMigrationImport.exe WSUS.XML TargetGroups None

    WsusMigrationImport.exe WSUS.XML Approvals None

    請按順序執行上面的命令行

    3. 執行之後,請檢查所有資訊是否已經導入成功。

  • Internet Explorer 8 authentication session reset in DNS Round Robin Environment

    Posted over 4 years ago
    by Carrey Lin}

    請考慮以下情境:

    環境中,Exchange Server 採用 DNS Round Robin的方式來進行類似 Load Balance的功能。

    使用者使用IE8連線到這組Exchange Server的OWA站台,當嚐試要在新的標籤頁中開啟郵件或是行事曆時,瀏覽器要求使用者重新輸入帳號密碼。每開一個Tab使用者就會看到這個畫面要求重新輸入帳號密碼。

    發生的原因:

    • IE8 推出了一個新的架構:LCIE,這樣的架構將不同的Tab使用不同的Process來運行,主要的目的是大幅提升瀏覽器的穩定性,避免一個頁面發生問題導致整個瀏覽器Crash。在IE8之後,幾乎目前所有的網路瀏覽器都推出相同的概念或是在下一版就會推出相同概念的Process Model。
    • 根據預設行為,IE8所有的Tab Process在同一個Frame下將可以共享登入的Session,如果今天要連結的目標伺服器是相同的情況下,同一個Frame Process下的Session 是會共用的,也就是說,原則上並不需要重新驗證就可以進入這個伺服器或服務。
    • 但是在DNS Round Robin的環境中,當前用戶端要連線的Exchange Server IP是隨機取得的位置。因此,對於IE8來說,這個環境很可能會導致在不同的Tab Process中,取得的連線位置是不同的。當連線的目標位置不同的時候,驗證的Session肯定是會被重置因而導致需要重新驗證。這樣的情形並不是一個產品問題,而是不同時空背景下產品的發展路徑導致的現象。

    解決方案的部分,我們可分成兩個部份來說明:

    • 最直接的方式就是透過修改伺服器的架構,採用硬體的NLB或是使用微軟的NLB Solution。
    • l 單純透過Client的方式來處理的話,我們可以透過新增以下的機碼來緩解這個問題:
      HKCU\Software\Microsoft\Internet Explorer\Main 
      Name: TabProcGrowth
      Type: DWORD
      Value: 1

  • Cluster – Win2008R2 cluster not functioning even after several reboot attempts

    Posted over 4 years ago
    by Carrey Lin}

     

     

    SYMPTOM
    =========================
    Excessive 1146 events are logged on cluster nodes

    Event ID: 1146
    Source: Microsoft-Windows-FailoverClustering
    Description: The cluster resource host subsystem (RHS) stopped unexpectedly. An attempt will be made to restart it. This is usually due to a problem in a resource DLL. Please determine which resource DLL is causing the issue and report the problem to the resource vendor.

    RESOLUTION
    ==========================
    Please call Microsoft CSS to obtain this hot fix "The Resource Hosting Subsystem (Rhs.exe) process stops unexpectedly when you start a cluster resource in Windows Server 2008 R2"
    http://support.microsoft.com/kb/978527/en-us

    Troubleshooting methods
    ==========================
    Please configure Windows Error Reporting so that we can capture some data when problem recurs
    Configuring the "Windows Error Reporting" to generate crash dump when RHS.exe crashes, we need to manually create following register values:

    Note: You may need to backup the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting or the whole registry key before this change.

    Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Windows Error Reporting\LocalDumps\rhs.exe

      Name: DumpFolder
      Type: REG_EXPAND_SZ
      Data: C:\rhs_dumps

      Name: DumpType
      Type: REG_DWORD
      Data: 0x2

      Name: DumpCount
      Type: REG_DWORD
      Data: 0xa

    When problem happens again, the dump file will be generated in the directory C:\rhs_dumps.
    When the issue raises again, please collect the dump file and collect a new MPS report pack and send to me for further analysis.