Problem Description
=================

Customer’s two servers had some services could not start and dcomcnfg cannot show the components’ information problem when a certain software was installed on them

Analysis
=================

Based on the symptoms and background information, we suspected that the software modified some DCOM related permissions in the registry.

In the application log, we found a huge number of event ID 10022 from COM source and based on the searching result this is due to the mis-configuration of Microsoft COM related permissions in registry.

To resolve the issue, we deleted the following registry value in the registry and rebooted the OS for the modification to take effect:

Locations: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

Value Name: DefaultAccessPermission

Value Type: REG_BINARY

After the OS booted up, we can see all of the symptoms disappeared and the applications on the server were running fine.

Our Suggestions
=================

As we suspect it was the software installed on this server that modified the registry value and triggered the issue. Suggest to involve the vendor of the software and see if they can help to fix the issue.

Demote error : "The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles."

dcpromo.log

09/20/2011 01:03:48 [INFO] Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=msft,DC=com to

Active Directory Domain Controller \\dc1.msft.com..

09/20/2011 01:03:48 [INFO] Searching for other replicas of directory partition DC=ForestDnsZones,DC=msft,DC=com on the network...

09/20/2011 01:03:48 [INFO] Error - Active Directory Domain Services could not transfer the remaining data in directory partition DC=ForestDnsZones,DC=msft,DC=com to

Active Directory Domain Controller \\dc1.msft.com.. (8434)

09/20/2011 01:03:48 [ERROR] Failed to prepare the Directory Service for uninstallation (8434)

09/20/2011 01:03:48 [INFO] The attempted domain controller operation has completed

解決方法

透過KB 的VBScript

cscript fixfsmo.vbs DC=DomainDnsZones,DC=msft,DC=com

cscript fixfsmo.vbs DC= ForestDnsZones,DC=msft,DC=com

來修改DC=DomainDnsZones,DC=msft,DC=com與 DC=ForestDnsZones,DC=msft,DC=com 的Infrastructure fSMORoleOwner屬性

fixfsmo.vbs請由KB文件取得

其他參考

Error message when you run the "Adprep /rodcprep" command in Windows Server 2008: "Adprep could not contact a replica for partition DC=DomainDnsZones,DC=Contoso,DC=com"

http://support.microsoft.com/kb/949257/en-us

修改RootCA 的有效期間設定，請依照下列步驟。

1. 開啟「登錄編輯器」。
2. 請找到下面的登錄機碼： HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CertSrv\Configuration\<CAname>
3. 請按兩下 ValidityPeriod REG_SZ 登錄值並將有效期間更改為下列其中一個選項：

-Days
-Weeks
-Months
-Years

1. 請按兩下ValidityPeriodUnits REG_DWORD 登錄值並更改您想要的日，周，月或年等數字 (例如 1,2,3, 等等)。
2. 停止然後重新啟動「憑證服務」。

2. 建立 SubCA 新範本.並發佈此新SubCa 範本

請您在憑證範本console 下,複製 “附屬憑證授權單位” 建立新範本 , ex: SubCa2 ,自定您的年限 . PS: Default SubCA 憑證為 5年

新增完成後.請您確認rootCa上有發行此subca2 憑證.

3.SUBCA 更新CA憑證, 產生.req file

建立C:\windows\Capolicy.inf

文件內容:

[RequestAttributes]
CertificateTemplate = <your custom SubCA template>

開啟 SubCA 並點右鍵.點選 所有工作\更新CA憑證

請按 "是"

請點選 "否No"

請按"取消" ,將會儲存 要求憑證檔案在C:\

檢視C:\ 要求憑證檔案

4. 要求憑證,提供使 .req file 進行申請憑證

要求憑證:

瀏覽 RootCa Certsrv網頁,點選 "要求憑證"

請點選 "進階憑證要求"

請將要求憑證檔案.載入.或是將其內容貼上 ,然後按 "提交"

您會看到此要求憑證 識別碼

5. RootCA 發行憑證,允許此SUBCA要求的憑證

RootCA 發行憑證:

根據要求識別碼.到 rootca 上 ,去發行此憑證. 在"擱置要求" 檢視要發行憑證,按右鍵 所有工作\ 發行

6. 檢視申請的憑證並下載已經發行憑證

檢視申請的憑證並下載已經發行憑證
瀏覽到RootCa certsrv 網頁.點選 "檢視擱置中的憑證要求狀態"

您可以看到 "已儲存要求的憑證"

請您點選"下載憑證"

7. SUBCA安裝CA憑證及檢視憑證

在SubCA 按右鍵,點選 所有工作\安裝CA憑證

請按 "是"

瀏覽到您儲存的憑證

匯入後.您亦可以檢視 SubCA 內容, "檢視憑證"

您就可以檢視目前要求的憑證資訊.

8. 針對此 SUBCA 同 Site 的一台DC 進行向外同步所有DCs

在這台DC上，開啟Dos Command 視窗.並輸入

repadmin /syncall /d /e /P

問題狀況
=======
例如 D: 磁碟在 [磁碟管理員] 中顯示的容量為 1.5Tb, 但在 D: 磁碟上按右鍵檢示 [內容] 時, 看到容量卻只有800GB

問題釐清
=======
此現象將發生在 Windows 2003 R2 裏的FSRM(File Server Resource Manager) Quota 設定, 如果對D: 磁碟設置了Quota 將會有此現象

Lab template
=============================

1. 新建一個新的volume， 大小是243MB。沒有設置quota時，所有顯示都是對的。

2. 在FSRM裡對E 磁碟設置100MB的hard quota，Explorer [內容]檢示裡就只能顯示Quota 的大小。

=============================

問題描述：

當您在執行sysprep並勾選「一般化」時，在關機前出現以下的畫面：

解決方式：

狀況1：確認該Image是否已經做過三次sysprep+一般化，如果是的話，請參考以下的文件。

http://support.microsoft.com/kb/929828/zh-tw

狀況2：如果該Image還沒有做過三次sysprep+一般化，但仍出現此錯誤，請依照以下的步驟解決。

1.找到 C:\Windows\System32\sysprep\Panther\setuperr.log檔案。檢查內容有以下的記錄，如果內容符合以下的錯誤，請往步驟2。

2011-12-29 18:37:13, Error      [0x0f0073] SYSPRP RunExternalDlls:Not running DLLs; either the machine is in an invalid state or we couldn't update the recorded state, dwRet = 31
2011-12-29 18:37:13, Error      [0x0f00ae] SYSPRP WinMain:Hit failure while processing sysprep cleanup external providers; hr = 0x8007001f

2.找到HKLM\System\Setup\Status\SysprepStatus\右方的 GeneralizationState值為多少?如果不是7的話，請改成7，再試一次sysprep即可。