Troubleshoot– Error 0x800706BE in Windows 2008 R2 Server Manager Roles and Features – I

12.Dec.2011 | by Gusac | Filed in: Articles, Troubleshoot

  This part came while working in Windows server 2008 R2 edition. Features page in Server manager started throwing up this error with hexadecimal code 0x800706BE. Notice there could be several reasons to this issue, hence the parts (-I) to this blog. If ever I found another cause, I would come up with next part (II). For now, lets stick to what happened on my box. Every time I clicked on Server manager Features page, it gave ‘Error’. click on ‘Error details’ would bring up a dialog box shown in the screenshot below. The error reads: Unexpected error refreshing Server Manager: The remote procedure call failed. (Exception from HRESULT: 0x800706BE)   Click on the image enlarge   Troubleshooting: Download and install Microsoft System Update Readiness Tool(CheckSUR) for Windows 2008 R2 (As mentioned in beginning I error came on Windows 2008 R2 but you can try on other OS as well)   CheckSUR is 315MB tool to download, once you install it, it generates a CheckSUR.LOG log file at %windir%\Logs\CBS\ location.   In my case, I log read: ---------------------------------------------------------------------------------------------------- Unavailable repair files: servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~ servicing\packages\ (w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache --------------------------------------------------------------------------------------------------   The log file show that the one of the file related to KB 2564958 is either corrupt or missing, most likely the latter one. So, the next to download update KB 2564958  from Microsoft support site.   Download the update from site. When I downloaded and tried to install, it gave me another error at installation with code:  0x80240009   Extracted the fix KB2564958 by following command: EXPAND Windows6.1-KB2564958-x64.msu –F:* C:\Temp   It will extract the CAB files. Identify the files mentioned in the log files and copy them over to the location mentioned in the log file, that is: %Windir%\Servicing\Packages\   Started the Server Manager Features page again, this time it came up just fine!     Hope this blog is informative, I would write another part soon. Write me your feedback at inbox at

Performance Logs and Alerts service terminated with service-specific error 2003

19.Sep.2011 | by Gusac | Filed in: Articles, Troubleshoot

Although, Performance Logs and Alerts service aka ‘Perfmon service’ is an on-demand service, meaning it starts when it is needed; you would get a generic message whenever you try to start it. The message simply says that the service started and stopped because it has nothing to do. However, you do get error while starting Perfmon service, like I did. Here is the error description: The Performance Logs and Alerts service terminated with service-specific error 2003 (0x7D3). If you go ahead and use ERR.exe utility to understand the the Hex code 0x7D3, you would get the description: ERROR_METAFILE_NOT_SUPPORTED The solution: Incorrect permission on the registry. Registry: HKLM\system\CCS\Services\SysmonLog\Log Queries. Simply add the Network Service account on the above mentioned registry location and give write access. Try again, service should start or at least give you the generic message.

Troubleshooting Event ID 333

18.Jul.2011 | by Gusac | Filed in: Articles, Troubleshoot

Event ID 333 basically occurs when system registry fails to flush operation to the disk. In most of the cases, Event ID 333 is more of a byproduct rather than an issue itself. Event id 333 occurs when there is some performance issue or when memory/disk is not keeping up with the load. Generally when the issue occurs, you would see other Event IDs as well pointing towards the actual cause that triggered Event ID 333. There are 4 likely causes for getting 333: · Memory pressure- Physical or Virtual memory bottleneck, low System PTEs, Working set trimming etc. · Disk pressure – Bottleneck, performance issue etc. · Filter driver – Bad driver keeping registry from being flushed. · Lock Pages In Memory – This behaviour can result if the SQL service account is given the user right ‘Lock Pages in Memory’   Troubleshooting The following are the troubleshooting steps for this issue. Please note, all the steps do not fit in all scenarios and should not be applied as silver bullets.   Event Log First this is to check for the Event IDs. Look for any other Event id related to disk, memory, server (SRV) in System log. Key event ids are: 2019, 2020, 51, 55, 52, 58   Perfmon · Look for key counters: - Memory\%Committed Bytes in Use - Memory\Available Mbytes - Memory\Cache Bytes - Memory\Commit Limit - Free System Page Table Entries - Memory\Pool Nonpaged Bytes - Memory\Pool Paged Bytes Physical disk or Logical Disk - %disk Time - Avg. Disk Bytes/Transfer (Read and Write) - Avg. Disk Queue Length - Avg Disk sec/Transfer - Disk bytes/sec - Split IO/sec Paging File\%Usage System\%Registry Quota in use   Disk · Enable disk write cache Enable disk write cache to increase disk performance. (Refer to KB 324446) - This would enable the caching of data in memory instead of immediate write to disk. This reduces the load (queue length) on the disk and system can schedule flush the data to disk later.     · Perfmon Monitor disk sec/transfer, idle time, split I/O, Data byes/sec - Split I/O counter represent how fragment the drive is. It is best to defrag the drive as it has a major hit on the disk performance. - Sec/Transfer represents the time it takes to transfer data. It gives the disk throughput · Configure RegistryLazyFlushInterval to 60 secs. (Reference: KB317357 and KB324446) - Setting value to 60, tells system to write registry changes to disk after 60 seconds. The more the number of writes, the more disk I/O. The value 60 is recommended by Microsoft.   · Event logs Check for any disk related event ids. Most common sources are fdisk, disk. Common causes are corrupt/bad sector, controller issue or driver issues. - Upgrade firmware drivers for controller, - Run chkdsk if required if we have event if pointing to corrupt sector/cluster on the disk.     Memory There could be contention in either physical or virtual memory on the system. The causes can be several and they do not have straight forward troubleshooting. It is recommended to have an understanding of memory concept before making changes as it can easily make the system unstable.   · Boot.ini - On Windows 2003 x86 server, check Boot.ini, if we have /3GB switch in place and also keep the role of the server in mind. Try to modify the switch by adding /USERVA so that we can give more room to kernel memory. Visit the link to understand /3GB and /UserVA switches: - On windows 2008, we don’t have boot.ini - Use of /PAE and /3GB is not recommended as it has adverse effect on system performance.   · SQL Server Consideration - Configure SQL to use less memory for the buffer pool.   - SQL Server has it own memory manager (MM) and it doesn’t use windows MM. IT can be set to reserve X amount of memory, which windows cannot use.   - Configure Perfmon with SQL object and monitor the memory specific counters. This is when we have low physical memory issue on Windows system. - 918483 How to reduce paging of buffer pool memory in the 64-bit version of SQL Server 2005 You can enable the lock pages in memory permissions to prevent SQL Server 2005 64-bit buffer pool memory from being paged out of physical memory   · Disable Hot Add memory - When the Hot Add Memory feature is enabled, the operating system pre-allocates kernel resources to handle any future memory that may be added to the computer. Kernel resources are allocated based on the capabilities of the computer instead of on the RAM that is actually installed. The kernel may allocate significant resources to RAM that may never be installed. Therefore, the Hot Add Memory feature may cause the maximum size of the paged pool to be much smaller than expected. - To disable the feature:   · Pool memory leak Look for Event id 2020 or 2019 for paged-pool or nonpaged-pool exhaustion. Configure poolmon.exe with appropriate interval and monitor the tag which has highest consumption at the time of issue. - There are few articles for pool memory exhaustion but it is not recommended to apply without getting the poolmon data. KB 312362 is for maximizing the Paged-Pool limit on the box in case of Event ID 2020. But this is helpful when we have high memory consumption and not memory leak.   · Increase page file - Again this is helpful if we have perfmon data to confirm the need.     · Apply patch - For NTOSKRNL.EXE, as memory manager is implemented in windows kernel and ntoskrnl.exe is the executable. [KB 935926: A Windows Server 2003-based computer stops responding when the registry is in heavy use]   · Free system PTEs. - Look for perfmon counter value Free System Page Table Entries Filter driver Check for 3rd party drivers on the box which are outdated. You can use msinfo32 or Microsoft MPS utility to list out the drivers.   Last Resort – Complete memory dump If the above troubleshooting does not help, configure the box for generating manual complete memory dump and trigger it when issue occurs. Send the dump to Microsoft for analysis.   Reference:   Troubleshooting Event ID 333 Errors How to generate a kernel dump file or a complete memory dump file in Windows Server 2003   177415 How to Use Memory Pool Monitor (Poolmon.exe) to Troubleshoot Kernel Mode Memory Leaks 298102 How to find pool tags that are used by third-party drivers 248345 How to create a log using System Monitor in Windows 244139 Windows feature lets you generate a memory dump file by using the keyboard 315263 How to read the small memory dump files that Windows creates for debugging

Troubleshooting Powershell Setup Error - 1

7.Jun.2011 | by Gusac | Filed in: Articles, Troubleshoot

I was trying to install Powershell 2.0 on Windows 2003 server (x64) when I encountered the following error during the installation: Cannot install this version of the product. You must first remove any earlier version of Windows PowerShell(TM) 1.0 before you can install this version. Please click OK to close the Setup Wizard. Next open Add/Remove Programs Control Panel, uninstall any version of Windows PowerShell(TM) 1.0, and run the Windows PowerShell(TM) 1.0 setup again.   There was no earlier version of Powershell installed but still I got this weird message asking me to remove the ‘earlier’ version. Here are best possible solutions: 1. Remove the previous version of Powershell 1.0 – Yes, the Powershell won’t be listed under Add/Remove Programs just like that!. You need to check the installed updates. Look for KB 926139 , and additionally KB 926140 and/or KB 926141 If its difficult to find the KB number in Add/Remove Program, you can use the command line to list the installed updates.   2. Delete the Registry reference to Powershell – Navigate to the following key, take backup and delete it: HKLM\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine   For 64-bit systems: You would find the key under a different location: HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\PowerShellEngine   That is because, Powershell setup comes in for x86 platform only. Hope it helps!

Windows 2008 Server Core R2 - Server roles available in different editions

30.May.2011 | by Gusac | Filed in: Articles, Tutorials

The server core installation of Microsoft Windows Server 2009 R2 provides minimal environment of running server roles. There are different editions of Server core available and the difference is the number of server roles available with them. The different editions available are: Web, Standard, Enterprise and Datacenter. The suitable edition of Windows 2008 Server Core R2 can be grabbed depending upon the  requirements. Here is the comparison chart: Server Roles Web Standard Enterprise DataCenter Active Directory Certificate Services No Yes Yes Yes Active Directory Domain Services No Yes Yes Yes Active Directory Lightweight Directory Services No Yes Yes Yes BranchCache Hosted Cache No No Yes Yes DHCP Server No Yes Yes Yes DNS Server Yes Yes Yes Yes File Services Yes Standalone DFS Yes Yes Hyper-V No Yes Yes Yes Media Services Yes Yes Yes Yes Print Services No Yes Yes Yes IIS Yes Yes Yes Yes

Disable Web Caching for a specific website in Threat Management Gateway

25.May.2011 | by Gusac | Filed in: Articles, Tutorials

Forefront Threat Management Gateway can be configured to maintain a cache of Web objects and to attempt to fulfil Web requests from the cache. The Web caching is disabled by default. When you configure it, it starts caching all the website based on the criteria. However, there could be scenario where you do not want to cache a particular website, say due security concerns or some issue with web application itself. TMG lets you disable the caching for a specific websites. Here are the steps: Go to Web Access Policyin Threat Management Console.   On the Tasks tab, click on Configure Web Caching   In the new Cache Settings window, click on the tab Cache Rules and then click Newbutton.   We now have a wizard for creating a new rule, which looks like this: Click to view the screenshot Give the Cache rule name as per your requirements and click on NEXT.   Next is Cache Rule Destination.In this page we need to enter the destination domain/URL for which we are creating the cache rule. In our example, we are going to disable caching for   We need to enter the domain name object. If its already created then click on ADDand add the object, else create a new one. In our example, we are going to create a new domain name object:   For creating a new domain name set, click on Add, then New  and the click New Domain Set Policy Elementdialog box, type a descriptive name for the policy element that will represent the domain that you do not want to cache content from.   Once you create a new Domain Set, add it. Here is the screenshot after adding the domain set:   Next is, New Cache Rule Wizard page. Choose the first option: ‘Only if a valid version of the object exists in the cache. If no valid version exists, route the request to the server.’  This rules tells TMG when to go to the web server to get a new copy of the webpage. Click on Next Next page is for Cache Content, specifying whether the retrieved content should be cached or not. Since, we are disabling cache here, so we would choose the first option Click Next and click on Finish. Once you close the wizard click on APPLY to save the changes.