3.Jan.2013 |
by Gusac |
Filed in: Articles, Tutorials
Steps to enable or disable Internet explorer security Configuration: 1. Open Server Manager 2. Click Configure this local server to open the Local Server configuration page. 3. Then, in the Properties area, next to IE Enhanced Security Configuration, click On to open the Internet Explorer Enhanced Security Configuration dialog. 3. To allow members of the local Administrators group to use Internet Explorer in its default client configuration, under Administrators click Off. 4. To allow members of all other groups to use Internet Explorer in its default client configuration, under Users click Off. 5. Click OK to apply your changes. Once the Internet Explorer Enhanced Configuration is turned off for one set of users, Server Manager will display Off next to Internet Explorer Enhanced Security Configuration.
26.Aug.2012 |
by Gusac |
Filed in: Articles
Issue: Windows 2008 R2 Service Pack 1 installation fails with the error (as shown below). If you click on the Details link on the error page, it displays the error code 0x800f081f Installation was not successful A system error prevented the service pack from installing. Please download and run the "Check for System Update Readiness" tool at http://go.microsoft.com/fwlink/?LinkId=122602 Additionally, the event log displays two error event ids in the system logs: Event ID 7 and Event ID 8 from source: Service pack installer Solution: 1. First step, though not seldom useful for this issue, is to run System Update Readiness tool and let it fix the corrupt manifest or you can check the logs and replace them. Click here is a reference to an article that shows how to troubleshoot using System Update Readiness tool 2. Check the Event ID 8 in the system log. It would show you the update that is causing the issue. In this case, it is KB 976932 Notice the value for Identity in the above screenshot. To fix this, remove this package. Here is the command: dism /online /remove-package /packagename:PACKAGE_NAME
.csharpcode, .csharpcode pre
{
font-size: small;
color: black;
font-family: consolas, "Courier New", courier, monospace;
background-color: #ffffff;
/*white-space: pre;*/
}
.csharpcode pre { margin: 0em; }
.csharpcode .rem { color: #008000; }
.csharpcode .kwrd { color: #0000ff; }
.csharpcode .str { color: #006080; }
.csharpcode .op { color: #0000c0; }
.csharpcode .preproc { color: #cc6633; }
.csharpcode .asp { background-color: #ffff00; }
.csharpcode .html { color: #800000; }
.csharpcode .attr { color: #ff0000; }
.csharpcode .alt
{
background-color: #f4f4f4;
width: 100%;
margin: 0em;
}
.csharpcode .lnum { color: #606060; }
where PACKAGE_NAME is the exact name string provided in the Identity section of the error. You can also get this value from the CheckSUR.log from the step 1.
So, in our case the actual command would look like:
dism /online /remove-package /packagename:Package_for_KB976932~31bf3856ad364e35~amd64~~6.1.1.17514
3. Reboot the server once the above command completes successfully and start the Windows 2008 R2 SP1 setup again. It should succeed this time.
6.Apr.2012 |
by Gusac |
Filed in: Articles
This post is to give a brief idea on NT version of each Windows edition. Though Microsoft started using names commercially for Windows, the version is still very relevant and has continued ever since Windows 1.0. This is how you can understand the Windows version number and identify the which Windows is installed by looking at its version and build. This is the format of Windows Version and build number: MajorVersion.MinorVersion.MajorBuild.MinorBuild Here is the list of Windows build versions till date. Windows NT Version Build Server 8 beta 6.2 .8250 8 CTP 6.2 .8250 Server 2008 R2 6.1 .7600 Server 2008 R2 w/ SP1 6.1 .7601 7 RTM 6.1 .7600 7 w/ SP1 6.1 .7601 Server 2008 RTM 6.0 .6000 Server 2008 w/ SP1 6.0 .6001 Server 2008 w/ SP2 6.0 .6002 Vista RTM 6.0 .6000 Vista w/ SP1 6.0 .6001 Vista w/ SP2 6.0 .6002 Server 2003 R2 5.2 .3790 Server 2003 5.2 .3790 XP x64 5.2 .3790 XP 5.1 .2600 2000 5.0 .2195 How to check the version and build of your Windows? Simply open the command prompt and type VER (and hit ENTER, ofcourse) Where does Windows store this information? In Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion CurrentVersion CurrentBuildNumber ProductName
18.Jul.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Event ID 333 basically occurs when system registry fails to flush operation to the disk. In most of the cases, Event ID 333 is more of a byproduct rather than an issue itself.
Event id 333 occurs when there is some performance issue or when memory/disk is not keeping up with the load. Generally when the issue occurs, you would see other Event IDs as well pointing towards the actual cause that triggered Event ID 333.
There are 4 likely causes for getting 333:
· Memory pressure- Physical or Virtual memory bottleneck, low System PTEs, Working set trimming etc.
· Disk pressure – Bottleneck, performance issue etc.
· Filter driver – Bad driver keeping registry from being flushed.
· Lock Pages In Memory – This behaviour can result if the SQL service account is given the user right ‘Lock Pages in Memory’
Troubleshooting
The following are the troubleshooting steps for this issue. Please note, all the steps do not fit in all scenarios and should not be applied as silver bullets.
Event Log
First this is to check for the Event IDs. Look for any other Event id related to disk, memory, server (SRV) in System log. Key event ids are: 2019, 2020, 51, 55, 52, 58
Perfmon
· Look for key counters:
- Memory\%Committed Bytes in Use
- Memory\Available Mbytes
- Memory\Cache Bytes
- Memory\Commit Limit
- Free System Page Table Entries
- Memory\Pool Nonpaged Bytes
- Memory\Pool Paged Bytes
Physical disk or Logical Disk
- %disk Time
- Avg. Disk Bytes/Transfer (Read and Write)
- Avg. Disk Queue Length
- Avg Disk sec/Transfer
- Disk bytes/sec
- Split IO/sec
Paging File\%Usage
System\%Registry Quota in use
Disk
· Enable disk write cache
Enable disk write cache to increase disk performance. (Refer to KB 324446)
- This would enable the caching of data in memory instead of immediate write to disk. This reduces the load (queue length) on the disk and system can schedule flush the data to disk later.
· Perfmon
Monitor disk sec/transfer, idle time, split I/O, Data byes/sec
- Split I/O counter represent how fragment the drive is. It is best to defrag the drive as it has a major hit on the disk performance.
- Sec/Transfer represents the time it takes to transfer data. It gives the disk throughput
· Configure RegistryLazyFlushInterval to 60 secs. (Reference: KB317357 and KB324446)
- Setting value to 60, tells system to write registry changes to disk after 60 seconds. The more the number of writes, the more disk I/O. The value 60 is recommended by Microsoft.
· Event logs
Check for any disk related event ids. Most common sources are fdisk, disk. Common causes are corrupt/bad sector, controller issue or driver issues.
- Upgrade firmware drivers for controller,
- Run chkdsk if required if we have event if pointing to corrupt sector/cluster on the disk.
Memory
There could be contention in either physical or virtual memory on the system. The causes can be several and they do not have straight forward troubleshooting. It is recommended to have an understanding of memory concept before making changes as it can easily make the system unstable.
· Boot.ini
- On Windows 2003 x86 server, check Boot.ini, if we have /3GB switch in place and also keep the role of the server in mind. Try to modify the switch by adding /USERVA so that we can give more room to kernel memory. Visit the link to understand /3GB and /UserVA switches: http://technet.microsoft.com/fr-fr/library/cc784475(WS.10).aspx
- On windows 2008, we don’t have boot.ini
- Use of /PAE and /3GB is not recommended as it has adverse effect on system performance.
· SQL Server Consideration
- Configure SQL to use less memory for the buffer pool.
- SQL Server has it own memory manager (MM) and it doesn’t use windows MM. IT can be set to reserve X amount of memory, which windows cannot use.
- Configure Perfmon with SQL object and monitor the memory specific counters. This is when we have low physical memory issue on Windows system.
- 918483 How to reduce paging of buffer pool memory in the 64-bit version of SQL Server 2005 You can enable the lock pages in memory permissions to prevent SQL Server 2005 64-bit buffer pool memory from being paged out of physical memory http://support.microsoft.com/?id=918483
· Disable Hot Add memory
- When the Hot Add Memory feature is enabled, the operating system pre-allocates kernel resources to handle any future memory that may be added to the computer. Kernel resources are allocated based on the capabilities of the computer instead of on the RAM that is actually installed. The kernel may allocate significant resources to RAM that may never be installed. Therefore, the Hot Add Memory feature may cause the maximum size of the paged pool to be much smaller than expected.
- To disable the feature: http://support.microsoft.com/?id=913568
· Pool memory leak
Look for Event id 2020 or 2019 for paged-pool or nonpaged-pool exhaustion. Configure poolmon.exe with appropriate interval and monitor the tag which has highest consumption at the time of issue.
- There are few articles for pool memory exhaustion but it is not recommended to apply without getting the poolmon data. KB 312362 is for maximizing the Paged-Pool limit on the box in case of Event ID 2020. But this is helpful when we have high memory consumption and not memory leak.
· Increase page file
- Again this is helpful if we have perfmon data to confirm the need.
· Apply patch
- For NTOSKRNL.EXE, as memory manager is implemented in windows kernel and ntoskrnl.exe is the executable.
[KB 935926: A Windows Server 2003-based computer stops responding when the registry is in heavy use]
· Free system PTEs.
- Look for perfmon counter value Free System Page Table Entries
Filter driver
Check for 3rd party drivers on the box which are outdated. You can use msinfo32 or Microsoft MPS utility to list out the drivers.
Last Resort – Complete memory dump
If the above troubleshooting does not help, configure the box for generating manual complete memory dump and trigger it when issue occurs. Send the dump to Microsoft for analysis.
Reference:
Troubleshooting Event ID 333 Errors
http://blogs.technet.com/b/askperf/archive/2007/10/30/troubleshooting-event-id-333-errors.aspx
How to generate a kernel dump file or a complete memory dump file in Windows Server 2003
http://support.microsoft.com/kb/972110
177415 How to Use Memory Pool Monitor (Poolmon.exe) to Troubleshoot Kernel Mode Memory Leaks
http://support.microsoft.com/?id=177415
298102 How to find pool tags that are used by third-party drivers
http://support.microsoft.com/?id=298102
248345 How to create a log using System Monitor in Windows
http://support.microsoft.com/?id=248345
244139 Windows feature lets you generate a memory dump file by using the keyboard
http://support.microsoft.com/?id=244139
315263 How to read the small memory dump files that Windows creates for debugging
http://support.microsoft.com/?id=315263
23.Mar.2011 |
by Gusac |
Filed in: Articles, Tutorials
Print spooler crash isn't a rare phenomenon in IT Administration world. It is something that leaves an admin scratching his head, figuring out what is causing it. Most of the time it's due to some faulty printer driver and bigger the environment, harder it is to identify the culprit driver. But that's going to be the thing of past now. With Windows 2008 R2 and Windows 7 comes the Printer Driver Isolation.
As the name suggests, Printer Driver Isolation or PDI isolate the printer drivers files into a different process than Print spooler (spoolsv.exe). The isolated printer drivers are not loaded in the process space of spoolsv.exe but instead a different process. So, if any problem that occurs in the faulty drivers will cause the process they are loading in to fail instead of spoolsv.exe, hence preventing the production down time for Print servers.
The process that host the isolated printer driver files is PrintIsolationHost.exe. This process host the printer drivers which are set to be run isolated. If anything goes wrong with these drivers, they will cause PrintIsolationHost.exe to crash and not spoolsv.exe. The purpose of the driver isolation feature is to prevent print drivers that fail or behave badly from adversely affecting the print spooler process
There are three modes of Printer Driver Isolation:
None - Printer drivers are loaded in the spooler process, just like before.
Shared - Printer drivers set to run in a single shared instance of PrintIsolationHost.exe process, separated from the spooler process. This is the default mode.
Isolated - Each Printer driver is set to run in its own separate instance of PrintIsolationHost.exe process.
To check if Printer Driver support PDI: Navigate to the following registry location: HKLM\SYSTEM\CurrentControlSet\Control\Print\Environments\<environment>\Drivers\Version-3\<driver>\PrinterDriverAttributes
Possible values: 0: Printer driver does not support PDI 2: Printer driver supports PDI If the value is missing, it defaults to 0, that is, the driver does not support PDI
How to change the Printer Driver Isolation mode
There are three ways to determine Isolation mode for Printer drivers:
INF files associated with the printer driver
Print Management Console (PMC)
Group Policy
INF files associated with the printer driver
The printer driver inf files advertises whether the driver supports PDI or not. The inf files contains a the keyword DriverIsolation to indicate its support for the PDI. As mentioned above, value 0 indicates that the driver does not support PDI and the value 1 indicates it supports it. So, in an inf file, it should look like:
DriverIsolation=0 DriverIsolation=2 Again, If the keyword is not there then it defaults to 0
Print Management Console (PMC)
The print management console or PMC lets you manage the driver isolation easily. If you open the PMC and go to the Drivers for the print server you want to manage, it will list all the print drivers installed on that server along with their Isolation state. Below is the screenshot for your reference:
To change the Driver isolation, right click on the printer driver and select the option 'Set Driver Isolation. The drop down menu will all the available options.
Please note:
The System Default option is the setting defined in the driver itself by default or by group policy.
If group policy ‘Execute Print drivers in isolated processes’ is Disabled, then you cannot change the isolation mode.
Registry value for PDI settings:
The driver names, for which PDI mode was set explictly, are stored in registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\ [PrintDriverIsolationGroups]
The value data is stored in a format to differentiate the Isolation state. the format is: <None>\<None>\\<Shared>\<Shared>\\<Isolated>\<Isolated>
The three groups (None, Shared & Isolated) are separated by double slashes ‘\\’ and within each group, drivers are separated by single slash ‘\’
Please note: For drivers which have Driver Isolation state as System Default, will not be listed in the registry. The registry contains names for the drivers for which PDI mode was change explicitly.
If you do not have any driver in one group then it will be left as it is but double slashes \\ would still be there.
Group Policy
There are two group policies for PDI ad they can be found under: Computer Configuration\Administrative Templates\Printers.
The Group policies are:
Execute print drivers in isolated processes
Override print driver execution compatibility setting reported by print driver
Policy: Execute print drivers in isolate processes:
This policy setting determines whether the print spooler will execute print drivers in an isolated or separate process. When print drivers are loaded in an isolated process (or isolated processes), a print driver failure will not cause the print spooler service to fail.
If you enable or do not configure this policy setting, the print spooler will execute print drivers in an isolated process by default.
If you disable this policy setting, the print spooler will execute print drivers in the print spooler process.
Notes: -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service.
Policy: Override print driver execution compatibility setting reported by print driver:
This policy setting determines whether the print spooler will override the Driver Isolation compatibility reported by the print driver. This enables executing print drivers in an isolated process, even if the driver does not report compatibility.
If you enable this policy setting, the print spooler will ignore the Driver Isolation compatibility flag value reported by the print driver.
If you disable or do not configure this policy setting, the print spooler will use the Driver Isolation compatibility flag value reported by the print driver.
Notes: -Other system or driver policy settings may alter the process in which a print driver is executed. -This policy setting applies only to print drivers loaded by the print spooler. Print drivers loaded by applications are not affected. -This policy setting takes effect without restarting the print spooler service.
30.Dec.2010 |
by Gusac |
Filed in: Articles, Tutorials
There are different ways to check computer system’s uptime or time when it was booted last. We are going to discuss four of them here.
They are:
Uptime.exe command line utility
Systeminfo command line
Perfmon
NET command
Task Manager (Vista and above)
Uptime
The tool, Uptime.exe, is available for displaying system availability. Uptime.exe can be used to display the current uptime of the local and remote system. Optionally, It can also scan Event log for key system event system events such as system restart of computers that are not responding (hanging).
The utility Uptime.exe can be downloaded from Microsoft Download site. Here is the url:
http://download.microsoft.com/download/winntsrv40/install/uptime_1.01/nt4/en-us/uptime.exe
Download and save the uptime.exe Son local computer.
Open command prompt and go to the location where uptime.exe is saved.
To check uptime for local system, run the following command:
Systeminfo
Systeminfo is an inbuilt utility that comes with Windows. The Systeminfo shows the System Boot Time. This shows the time system was last booted (started). So, we can calculate the time the system has been up for. Here are the steps:
Open command prompt, and type the command: SYSTEMINFO
Scroll to the line that says: System Boot Time.
Perfmon
Performance Monitor tool or Perfmon in Windows system also has a counter to keep track of the system’s uptime. Here are the steps to use Perfmon:
Note: This would require the knowledge of configuring Perfmon tool.
Start > Run and type PERFMON.SYS
Add the counter System\Sytem Up Time.
The System Up Time shows the uptime in seconds. So, we need to convert the seconds into minutes or hours.
‘
Net Statistics command
Open the command prompt and type the command: net statistics workstation
The command shows the system’s statistics since the time it is ON or started.
We are not concerned about the system’s statistics but the time since it is running.
Task Manager
On Windows Vista and later operating system, we can also use Task Manager to view system up time.
Simply, open task manager and go to the Performance tab. Down below the graph, we have a section called System. We have UP Time in the System section, showing duration in DD:HH:MM: SS format. Here is the screenshot for your reference:
20.Dec.2010 |
by Gusac |
Filed in: Articles, Troubleshoot
Phantom or Ghost Network adapters are created when the network adapter is removed without removing the drivers. These ghost network adapter (NICs) are hidden and are not listed in device manager. [More]
29.Oct.2010 |
by Gusac |
Filed in: Articles, Tutorials
how to use the Event Logging utility (Logevent.exe) to create and to log custom events to the Application Log of Event Viewer. LogEvent.exe is included in the Windows 2000 Resource Kit. [More]
21.Oct.2010 |
by Gusac |
Filed in: Articles, Tutorials
There are times when you need to generate event id of your choice. Probably you need your script to generate some event id on some event or just to test something you need an event. Windows lets you generate event id manually without having programming knowledge, by using EventCreate command line utility.
The EventCreate.exe lets you generate event id between the range of 0 – 1000. To generate event id above 1000, you may need LogEvent.exe.
This utility comes with windows, you simply need to open the command prompt and type in the command. Here is the syntax for the command:
EventCreate /S <Computer> /ID <Event ID> /L <Log Name> /SO <Source name> /T <Type> /D <Event log Description>
where /S is the computer name on which event should be generated. For local computer, omit this switch
/ID is the event id. You can specify a number from 0 to 1000 only.
/L is the event log you want to create event in. Valid parameters are: System and Application
/SO is the Source name for the Event.
/T is the Event Type. Valid parameters are: Success, Warning, Information and Error
/D is the Event log description. Ensure that you mention the message in quotes.
For example:
In above example, We created Event ID 50 with Source ‘Winplat.Net’ and type Error. The event log description says: “This is a test error”
If you want to generate an event with a different user account context then we have to use switches:
/U: Username under which the command should execute
/P: Password for the username provided. If this switch is omitted, you will be prompted for it.
Please Note: EventCreate.exe lets you generate event id ranging from 0-1000 only. To generate an event id above 1000, you need to use LogEvent.exe. Click here to jump to the article on LogEvent.exe.
4.Aug.2010 |
by Gusac |
Filed in: Articles, Tutorials
How to make Windows 7 or Windows server 2008 R2 computer system as a WiFi access point or hotspot for other wireless devices. [More]
