DNS Server service failure: The interface is unknown

23.Dec.2013 | by Gusac | Filed in: Troubleshoot, Articles

DNS server service on Windows 2008 R2 server failed to start with error: Windows could not start the DNS Server service on Local Computer. Error 1717: The interface is unknown.   Resolution: Upon investigation, I found that the Windows Event log service was also not started. Attempt to start the service would fail with error Access is Denied. So, I used Process Monitor (Procmon.exe), ran it and reproduced the issue with Windows event log service again. The Local Service account did not have Write privilege on folder C:\Windows\System32\winevt\Logs Granted Local Service account Write privilege on the above mentioned folder. Started the Event log service successfully and started the DNS service successfully. Below is the screenshot of ProcMon output with filter to display result containing Access denied

Changes in mstsc /admin switch

17.May.2012 | by Gusac | Filed in: Articles, Troubleshoot, Tutorials

As most of you know by now that since Windows server 2008, mstsc.exe has replaced old /console switch with new /admin switch. This article talks about the behavior when you connect to an administrative session using the /admin switch. Below are the behavioral changes: It does not connect to session 0 of the server unlike /console switch. This is because the session 0 on Windows 2008 and later operating system is used exclusively for the system services. Client access license is not used. If you have Remote desktop services role installed with configured CALs, using this switch will not use one of the CALs. We can have only two sessions on the server including session using /admin switch. This different from previous version where we could have two remote desktop sessions and a third console session using /console switch. Time zone and Plug-n-Play device redirection is not available with /admin session Easy Print feature is not available in the session. Administrative sessions (/admin) are not counted towards session limit.

Unable to access Samba shares from Windows 7 with error

4.Apr.2012 | by Gusac | Filed in: Articles, Troubleshoot

This article is to compile and suggest some of the common troubleshooting steps for the error while accessing the Samba shares on Unix or Linux based systems from Windows 7. They may or may not apply to your scenario. There could be some more steps which are not included in this post. The aim here is to help who are slogging through forums for solution like me. Issue: While connecting to Unix or Linux based samba shares from Windows 7 client network error stating: Windows cannot access \\SERVER and throws error code: 0x80070035. Whereas the Windows XP systems do not exhibit the same behavior.   Suggestions: 1. Basic IP Though this is a basic step but worth mentioning. If the error occurs with the server name, try connecting with IP address. If it works, it could be DNS issue. 2. Check Firewall 3. Services TCP/IP NetBIOS Helper service should be set to Automatic and Started. Try starting Computer Browser service, if its not. Try to stop and disable the Routing and Remote Access service, if its started 4. Network Card Binding Order A. Check the binding order. Go to network connections, go to Advanced menu then select Advanced Settings… B. Select the network connection you are using and move it to the top C. Click OK and exit. 5. Enable ‘Client for Microsoft Networks’ In network connections, go to the properties of network connection which you are using to connect to the server. Ensure that the ‘Client for Microsoft Networks’ is checked. 6. Enable NetBIOS over TCP/IP A. Open the properties of the network connection, select Internet Protocol version 4 (TCP/IPv4) and click on Properties button. B. On the new page, click on Advanced… button at the bottom. C. Click on WINS tab and under NetBIOS setting , select Enable NetBIOS over TCP/IP and click OK to exit. 7. Select Authentication level Check the below mentioned policy on Windows 7: Group policy editor: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ Network security: LAN Manager authentication level Ensure that it is not set to refuse LM & NTLM authentication or set to use NTLMv2 only. To be safe, you can select the following setting which enables LM, NTLM and NTLMv2 authentication: Send LM & NTLM - use NTLMv2 session security if negotiated Note: Ensure that this policy is not coming from Domain level group policy. And, if you are using Home or Home premium edition and do not have Group Policy editor then do it in registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Value Name: LmCompatibilityLevel  [DWORD] Set the value to: 1 Reboot your system.   8. SMB Signing Disable SMB signing and try: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters Value Name: EnableSecuritySignature  [DWORD]. Set the value to 1. Value Name: RequireSecuritySignature  [DWORD]. Set the value to 0. 9. Disable SMB 2.0 Disable SMB 2.0 on Windows 7 and try again. Disable SMB 2.0 at client end: Open the command prompt (cmd.exe) and type the following two commands: sc config lanmanworkstation depend= bowser/mrxsmb10/nsi sc config mrxsmb20 start= disabled Click here for reference on this   I hope it helps!

Permalink | Tags: ,


Troubleshoot– Error 0x800706BE in Windows 2008 R2 Server Manager Roles and Features – I

12.Dec.2011 | by Gusac | Filed in: Articles, Troubleshoot

  This part came while working in Windows server 2008 R2 edition. Features page in Server manager started throwing up this error with hexadecimal code 0x800706BE. Notice there could be several reasons to this issue, hence the parts (-I) to this blog. If ever I found another cause, I would come up with next part (II). For now, lets stick to what happened on my box. Every time I clicked on Server manager Features page, it gave ‘Error’. click on ‘Error details’ would bring up a dialog box shown in the screenshot below. The error reads: Unexpected error refreshing Server Manager: The remote procedure call failed. (Exception from HRESULT: 0x800706BE)   Click on the image enlarge   Troubleshooting: Download and install Microsoft System Update Readiness Tool(CheckSUR) for Windows 2008 R2 (As mentioned in beginning I error came on Windows 2008 R2 but you can try on other OS as well)   CheckSUR is 315MB tool to download, once you install it, it generates a CheckSUR.LOG log file at %windir%\Logs\CBS\ location.   In my case, I log read: ---------------------------------------------------------------------------------------------------- Unavailable repair files: servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.cat (w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache --------------------------------------------------------------------------------------------------   The log file show that the one of the file related to KB 2564958 is either corrupt or missing, most likely the latter one. So, the next to download update KB 2564958  from Microsoft support site.   Download the update from http://support.microsoft.com/kb/2564958 site. When I downloaded and tried to install, it gave me another error at installation with code:  0x80240009   Extracted the fix KB2564958 by following command: EXPAND Windows6.1-KB2564958-x64.msu –F:* C:\Temp   It will extract the CAB files. Identify the files mentioned in the log files and copy them over to the location mentioned in the log file, that is: %Windir%\Servicing\Packages\   Started the Server Manager Features page again, this time it came up just fine!     Hope this blog is informative, I would write another part soon. Write me your feedback at inbox at gusac.net

Automatic update service missing

11.Dec.2011 | by Gusac | Filed in: Articles, Troubleshoot

Just had an issue when I noticed that Windows Automatic updates service was missing in Service Console. The service registry was also missing: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv   One of solution known to is to reinstall the component from its configuration file. The command used: %windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf   Hope it helps!

RemoteApp program does not save settings in roaming profile

11.Dec.2011 | by Gusac | Filed in: Articles, Troubleshoot

Issue: A RemoteApp application does not retain settings when users have roaming profile. To reproduce the issue: Start the application, make changes and exit out. Next time you start it, it will not retain the settings.   Solution: Remoteapp default setting is to disconnect the session whenever a user closes out the application by click on the X at top right corner. The best thing is to exit the Remoteapp program from its menu (Ex: File > Exit) Or, Group Policy can be  configured to change the default behaviour of Remoteapp. Enabled the following policy on your Windows 2008 Terminal Server: Computer configuration > Administrative templates > Windows component > Terminal Services > Terminal server > Session Time Limit = ‘Immediately’   Set the value to 'Immediately'   Explanation: This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the terminal server. By default, if a user closes a RemoteApp program, the session is disconnected from the terminal server. If you enable this policy setting, when a user closes a RemoteApp program, the RemoteApp session will remain in a disconnected state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off from the terminal server. If the user starts a RemoteApp program before the time limit is reached, the user will reconnect to the disconnected session on the terminal server. If you disable or do not configure this policy setting, when a user closes a RemoteApp program, the session will be disconnected from the terminal server.

Shell Hardware Detection Service stops automatically in Windows 2008 R2 server

11.Dec.2011 | by Gusac | Filed in: Articles, Troubleshoot

In Windows 2008 R2 server, Shell Hardware Detection service stops starts and stops automatically on its own gracefully. If you check the event logs, it registers the information logs showing no issues. Reason: In Windows 2008 R2 server system, the behavior of this service was changed to to stop automatically after sometime a user logs off and starts when a users logs in.  This was done to prevent minimize surface attacks. This is by design.

Troubleshoot - Printer status showing offline

18.Nov.2011 | by Gusac | Filed in: Articles, Troubleshoot

  There could be several reason for a printer to show the status as OFFLINE. But the most common that I have come around is due to the SNMP option in its properties. It is quite possible that printer does not support SNMP or SNMP is not enable/installed on the print server and yet SNMP option is enabled. Now due to this the print server tries to communicate with print device over SNMP. The server never gets the response and shows the printer status as offline. The simple solution is to disable the SNMP feature in printer properties. It does not have any affect on printing functionality of the printer. Open Printer and Faxes or Devices and Printers Right click on the problem printer and go to Printer properties In Printer properties window, go to the Ports tab On Ports tab, click on the button that says Configure Port…     In the new page, clear the checkbox that says SNMP Status Enabled and click OK to exit. Refresh the page, it should show status as Read now.

Permalink | Tags:


Performance Logs and Alerts service terminated with service-specific error 2003

19.Sep.2011 | by Gusac | Filed in: Articles, Troubleshoot

Although, Performance Logs and Alerts service aka ‘Perfmon service’ is an on-demand service, meaning it starts when it is needed; you would get a generic message whenever you try to start it. The message simply says that the service started and stopped because it has nothing to do. However, you do get error while starting Perfmon service, like I did. Here is the error description: The Performance Logs and Alerts service terminated with service-specific error 2003 (0x7D3). If you go ahead and use ERR.exe utility to understand the the Hex code 0x7D3, you would get the description: ERROR_METAFILE_NOT_SUPPORTED The solution: Incorrect permission on the registry. Registry: HKLM\system\CCS\Services\SysmonLog\Log Queries. Simply add the Network Service account on the above mentioned registry location and give write access. Try again, service should start or at least give you the generic message.

Base Filtering Engine service fails to start with error code 5 along with other services

28.Jul.2011 | by Gusac | Filed in: Articles, Troubleshoot

Symptoms: On Windows 2008 R2 server, Base Filtering Engine service fails to start and throws error code 5. Following services which are directly or indirectly dependent on BFE also fail. They are: IPsec Policy Agent (PolicyAgent) Windows Firewall IKE and AuthIP IPsec Keying Modules Internet Connection Sharing (ICS) Routing and Remote Access You cannot ping the server and when you ping from inside, it gives error Transmit Failed     Solution: Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\BFE Grant full permission to the NT Service\BFE account on the above mentioned key. Also ensure that the following subkey inherits permission for BFE account: \BFE\Parameters\Policy\Persistent