17.May.2012 |
by Gusac |
Filed in: Articles, Troubleshoot, Tutorials
As most of you know by now that since Windows server 2008, mstsc.exe has replaced old /console switch with new /admin switch. This article talks about the behavior when you connect to an administrative session using the /admin switch. Below are the behavioral changes: It does not connect to session 0 of the server unlike /console switch. This is because the session 0 on Windows 2008 and later operating system is used exclusively for the system services. Client access license is not used. If you have Remote desktop services role installed with configured CALs, using this switch will not use one of the CALs. We can have only two sessions on the server including session using /admin switch. This different from previous version where we could have two remote desktop sessions and a third console session using /console switch. Time zone and Plug-n-Play device redirection is not available with /admin session Easy Print feature is not available in the session. Administrative sessions (/admin) are not counted towards session limit.
4.Apr.2012 |
by Gusac |
Filed in: Articles, Troubleshoot
This article is to compile and suggest some of the common troubleshooting steps for the error while accessing the Samba shares on Unix or Linux based systems from Windows 7. They may or may not apply to your scenario. There could be some more steps which are not included in this post. The aim here is to help who are slogging through forums for solution like me. Issue: While connecting to Unix or Linux based samba shares from Windows 7 client network error stating: Windows cannot access \\SERVER and throws error code: 0x80070035. Whereas the Windows XP systems do not exhibit the same behavior. Suggestions: 1. Basic IP Though this is a basic step but worth mentioning. If the error occurs with the server name, try connecting with IP address. If it works, it could be DNS issue. 2. Check Firewall 3. Services TCP/IP NetBIOS Helper service should be set to Automatic and Started. Try starting Computer Browser service, if its not. Try to stop and disable the Routing and Remote Access service, if its started 4. Network Card Binding Order A. Check the binding order. Go to network connections, go to Advanced menu then select Advanced Settings… B. Select the network connection you are using and move it to the top C. Click OK and exit. 5. Enable ‘Client for Microsoft Networks’ In network connections, go to the properties of network connection which you are using to connect to the server. Ensure that the ‘Client for Microsoft Networks’ is checked. 6. Enable NetBIOS over TCP/IP A. Open the properties of the network connection, select Internet Protocol version 4 (TCP/IPv4) and click on Properties button. B. On the new page, click on Advanced… button at the bottom. C. Click on WINS tab and under NetBIOS setting , select Enable NetBIOS over TCP/IP and click OK to exit. 7. Select Authentication level Check the below mentioned policy on Windows 7: Group policy editor: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Network security: LAN Manager authentication level Ensure that it is not set to refuse LM & NTLM authentication or set to use NTLMv2 only. To be safe, you can select the following setting which enables LM, NTLM and NTLMv2 authentication: Send LM & NTLM - use NTLMv2 session security if negotiated Note: Ensure that this policy is not coming from Domain level group policy. And, if you are using Home or Home premium edition and do not have Group Policy editor then do it in registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel [DWORD] Set the value to: 1 Reboot your system. 8. SMB Signing Disable SMB signing and try: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters Value Name: EnableSecuritySignature [DWORD]. Set the value to 1. Value Name: RequireSecuritySignature [DWORD]. Set the value to 0. 9. Disable SMB 2.0 Disable SMB 2.0 on Windows 7 and try again. Disable SMB 2.0 at client end: Open the command prompt (cmd.exe) and type the following two commands: sc config lanmanworkstation depend= bowser/mrxsmb10/nsi
sc config mrxsmb20 start= disabled
Click here for reference on this
I hope it helps!
12.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
This part came while working in Windows server 2008 R2 edition. Features page in Server manager started throwing up this error with hexadecimal code 0x800706BE. Notice there could be several reasons to this issue, hence the parts (-I) to this blog. If ever I found another cause, I would come up with next part (II). For now, lets stick to what happened on my box.
Every time I clicked on Server manager Features page, it gave ‘Error’. click on ‘Error details’ would bring up a dialog box shown in the screenshot below. The error reads:
Unexpected error refreshing Server Manager: The remote procedure call failed. (Exception from HRESULT: 0x800706BE)
Click on the image enlarge
Troubleshooting:
Download and install Microsoft System Update Readiness Tool(CheckSUR) for Windows 2008 R2 (As mentioned in beginning I error came on Windows 2008 R2 but you can try on other OS as well)
CheckSUR is 315MB tool to download, once you install it, it generates a CheckSUR.LOG log file at %windir%\Logs\CBS\ location.
In my case, I log read:
----------------------------------------------------------------------------------------------------
Unavailable repair files:
servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum
servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.cat
(w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache
--------------------------------------------------------------------------------------------------
The log file show that the one of the file related to KB 2564958 is either corrupt or missing, most likely the latter one. So, the next to download update KB 2564958 from Microsoft support site.
Download the update from http://support.microsoft.com/kb/2564958 site. When I downloaded and tried to install, it gave me another error at installation with code: 0x80240009
Extracted the fix KB2564958 by following command: EXPAND Windows6.1-KB2564958-x64.msu –F:* C:\Temp
It will extract the CAB files. Identify the files mentioned in the log files and copy them over to the location mentioned in the log file, that is: %Windir%\Servicing\Packages\
Started the Server Manager Features page again, this time it came up just fine!
Hope this blog is informative, I would write another part soon.
Write me your feedback at inbox at gusac.net
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Just had an issue when I noticed that Windows Automatic updates service was missing in Service Console. The service registry was also missing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv
One of solution known to is to reinstall the component from its configuration file. The command used:
%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf
Hope it helps!
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Issue: A RemoteApp application does not retain settings when users have roaming profile.
To reproduce the issue: Start the application, make changes and exit out. Next time you start it, it will not retain the settings.
Solution: Remoteapp default setting is to disconnect the session whenever a user closes out the application by click on the X at top right corner. The best thing is to exit the Remoteapp program from its menu (Ex: File > Exit)
Or, Group Policy can be configured to change the default behaviour of Remoteapp.
Enabled the following policy on your Windows 2008 Terminal Server:
Computer configuration > Administrative templates > Windows component > Terminal
Services > Terminal server > Session Time Limit = ‘Immediately’
Set the value to 'Immediately'
Explanation:
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the terminal server. By default, if a user closes a RemoteApp program, the session is disconnected from the terminal server. If you enable this policy setting, when a user closes a RemoteApp program, the RemoteApp session will remain in a disconnected state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off from the terminal server. If the user starts a RemoteApp program before the time limit is reached, the user will reconnect to the disconnected session on the terminal server.
If you disable or do not configure this policy setting, when a user closes a RemoteApp program, the session will be disconnected from the terminal server.
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
In Windows 2008 R2 server, Shell Hardware Detection service stops starts and stops automatically on its own gracefully. If you check the event logs, it registers the information logs showing no issues.
Reason:
In Windows 2008 R2 server system, the behavior of this service was changed to to stop automatically after sometime a user logs off and starts when a users logs in. This was done to prevent minimize surface attacks. This is by design.
18.Nov.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
There could be several reason for a printer to show the status as OFFLINE. But the most common that I have come around is due to the SNMP option in its properties.
It is quite possible that printer does not support SNMP or SNMP is not enable/installed on the print server and yet SNMP option is enabled. Now due to this the print server tries to communicate with print device over SNMP. The server never gets the response and shows the printer status as offline.
The simple solution is to disable the SNMP feature in printer properties. It does not have any affect on printing functionality of the printer.
Open Printer and Faxes or Devices and Printers
Right click on the problem printer and go to Printer properties
In Printer properties window, go to the Ports tab
On Ports tab, click on the button that says Configure Port…
In the new page, clear the checkbox that says SNMP Status Enabled and click OK to exit.
Refresh the page, it should show status as Read now.
19.Sep.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Although, Performance Logs and Alerts service aka ‘Perfmon service’ is an on-demand service, meaning it starts when it is needed; you would get a generic message whenever you try to start it. The message simply says that the service started and stopped because it has nothing to do.
However, you do get error while starting Perfmon service, like I did. Here is the error description:
The Performance Logs and Alerts service terminated with service-specific error 2003 (0x7D3).
If you go ahead and use ERR.exe utility to understand the the Hex code 0x7D3, you would get the description: ERROR_METAFILE_NOT_SUPPORTED
The solution: Incorrect permission on the registry.
Registry: HKLM\system\CCS\Services\SysmonLog\Log Queries.
Simply add the Network Service account on the above mentioned registry location and give write access.
Try again, service should start or at least give you the generic message.
28.Jul.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Symptoms: On Windows 2008 R2 server, Base Filtering Engine service fails to start and throws error code 5.
Following services which are directly or indirectly dependent on BFE also fail. They are:
IPsec Policy Agent (PolicyAgent) Windows Firewall IKE and AuthIP IPsec Keying Modules Internet Connection Sharing (ICS) Routing and Remote Access
You cannot ping the server and when you ping from inside, it gives error Transmit Failed
Solution:
Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\BFE
Grant full permission to the NT Service\BFE account on the above mentioned key.
Also ensure that the following subkey inherits permission for BFE account:
\BFE\Parameters\Policy\Persistent
18.Jul.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Event ID 333 basically occurs when system registry fails to flush operation to the disk. In most of the cases, Event ID 333 is more of a byproduct rather than an issue itself.
Event id 333 occurs when there is some performance issue or when memory/disk is not keeping up with the load. Generally when the issue occurs, you would see other Event IDs as well pointing towards the actual cause that triggered Event ID 333.
There are 4 likely causes for getting 333:
· Memory pressure- Physical or Virtual memory bottleneck, low System PTEs, Working set trimming etc.
· Disk pressure – Bottleneck, performance issue etc.
· Filter driver – Bad driver keeping registry from being flushed.
· Lock Pages In Memory – This behaviour can result if the SQL service account is given the user right ‘Lock Pages in Memory’
Troubleshooting
The following are the troubleshooting steps for this issue. Please note, all the steps do not fit in all scenarios and should not be applied as silver bullets.
Event Log
First this is to check for the Event IDs. Look for any other Event id related to disk, memory, server (SRV) in System log. Key event ids are: 2019, 2020, 51, 55, 52, 58
Perfmon
· Look for key counters:
- Memory\%Committed Bytes in Use
- Memory\Available Mbytes
- Memory\Cache Bytes
- Memory\Commit Limit
- Free System Page Table Entries
- Memory\Pool Nonpaged Bytes
- Memory\Pool Paged Bytes
Physical disk or Logical Disk
- %disk Time
- Avg. Disk Bytes/Transfer (Read and Write)
- Avg. Disk Queue Length
- Avg Disk sec/Transfer
- Disk bytes/sec
- Split IO/sec
Paging File\%Usage
System\%Registry Quota in use
Disk
· Enable disk write cache
Enable disk write cache to increase disk performance. (Refer to KB 324446)
- This would enable the caching of data in memory instead of immediate write to disk. This reduces the load (queue length) on the disk and system can schedule flush the data to disk later.
· Perfmon
Monitor disk sec/transfer, idle time, split I/O, Data byes/sec
- Split I/O counter represent how fragment the drive is. It is best to defrag the drive as it has a major hit on the disk performance.
- Sec/Transfer represents the time it takes to transfer data. It gives the disk throughput
· Configure RegistryLazyFlushInterval to 60 secs. (Reference: KB317357 and KB324446)
- Setting value to 60, tells system to write registry changes to disk after 60 seconds. The more the number of writes, the more disk I/O. The value 60 is recommended by Microsoft.
· Event logs
Check for any disk related event ids. Most common sources are fdisk, disk. Common causes are corrupt/bad sector, controller issue or driver issues.
- Upgrade firmware drivers for controller,
- Run chkdsk if required if we have event if pointing to corrupt sector/cluster on the disk.
Memory
There could be contention in either physical or virtual memory on the system. The causes can be several and they do not have straight forward troubleshooting. It is recommended to have an understanding of memory concept before making changes as it can easily make the system unstable.
· Boot.ini
- On Windows 2003 x86 server, check Boot.ini, if we have /3GB switch in place and also keep the role of the server in mind. Try to modify the switch by adding /USERVA so that we can give more room to kernel memory. Visit the link to understand /3GB and /UserVA switches: http://technet.microsoft.com/fr-fr/library/cc784475(WS.10).aspx
- On windows 2008, we don’t have boot.ini
- Use of /PAE and /3GB is not recommended as it has adverse effect on system performance.
· SQL Server Consideration
- Configure SQL to use less memory for the buffer pool.
- SQL Server has it own memory manager (MM) and it doesn’t use windows MM. IT can be set to reserve X amount of memory, which windows cannot use.
- Configure Perfmon with SQL object and monitor the memory specific counters. This is when we have low physical memory issue on Windows system.
- 918483 How to reduce paging of buffer pool memory in the 64-bit version of SQL Server 2005 You can enable the lock pages in memory permissions to prevent SQL Server 2005 64-bit buffer pool memory from being paged out of physical memory http://support.microsoft.com/?id=918483
· Disable Hot Add memory
- When the Hot Add Memory feature is enabled, the operating system pre-allocates kernel resources to handle any future memory that may be added to the computer. Kernel resources are allocated based on the capabilities of the computer instead of on the RAM that is actually installed. The kernel may allocate significant resources to RAM that may never be installed. Therefore, the Hot Add Memory feature may cause the maximum size of the paged pool to be much smaller than expected.
- To disable the feature: http://support.microsoft.com/?id=913568
· Pool memory leak
Look for Event id 2020 or 2019 for paged-pool or nonpaged-pool exhaustion. Configure poolmon.exe with appropriate interval and monitor the tag which has highest consumption at the time of issue.
- There are few articles for pool memory exhaustion but it is not recommended to apply without getting the poolmon data. KB 312362 is for maximizing the Paged-Pool limit on the box in case of Event ID 2020. But this is helpful when we have high memory consumption and not memory leak.
· Increase page file
- Again this is helpful if we have perfmon data to confirm the need.
· Apply patch
- For NTOSKRNL.EXE, as memory manager is implemented in windows kernel and ntoskrnl.exe is the executable.
[KB 935926: A Windows Server 2003-based computer stops responding when the registry is in heavy use]
· Free system PTEs.
- Look for perfmon counter value Free System Page Table Entries
Filter driver
Check for 3rd party drivers on the box which are outdated. You can use msinfo32 or Microsoft MPS utility to list out the drivers.
Last Resort – Complete memory dump
If the above troubleshooting does not help, configure the box for generating manual complete memory dump and trigger it when issue occurs. Send the dump to Microsoft for analysis.
Reference:
Troubleshooting Event ID 333 Errors
http://blogs.technet.com/b/askperf/archive/2007/10/30/troubleshooting-event-id-333-errors.aspx
How to generate a kernel dump file or a complete memory dump file in Windows Server 2003
http://support.microsoft.com/kb/972110
177415 How to Use Memory Pool Monitor (Poolmon.exe) to Troubleshoot Kernel Mode Memory Leaks
http://support.microsoft.com/?id=177415
298102 How to find pool tags that are used by third-party drivers
http://support.microsoft.com/?id=298102
248345 How to create a log using System Monitor in Windows
http://support.microsoft.com/?id=248345
244139 Windows feature lets you generate a memory dump file by using the keyboard
http://support.microsoft.com/?id=244139
315263 How to read the small memory dump files that Windows creates for debugging
http://support.microsoft.com/?id=315263
