Author: Chris Bradford

Categories
Windows Server 2003

BackupExec : 0xE0008524 Unable to initialize the snapshot

BackupExec : 0xE0008524 Unable to initialize the snapshot

This error is generally caused by not running the BackupExec service as a local administrator account (which is a good thing!).

V-79-57344-34110 – AOFO: Initialization failure on: “System?State”. Advanced Open File Option used: Microsoft Volume Shadow Copy Service (VSS).
Snapshot provider error (0xE0008524): Unable to initialize the snapshot because the Advanced Open File Option (AOFO) is not installed on the target computer. You must install this option, restart the computer, and then run the job again.
Check the Windows Event Viewer for details.

To resolve this issue:

Configured ‘full controll’ permissions on the DACL for the service account on the following registry key:

   HKEY_LOCAL_MACHINE\SOFTWARE\VERITAS\Backup Exec\Engine\Misc

Categories
SQL

SQL : Performing Point-in-Time Recovery

SQL : Performing Point-in-Time Recovery

Pre-requisites:

  • Requires full recovery model on database
  • Requires a full backup
  • Requires Transaction Log backups to be configured (at a frequency of your choice)

The following TSQL will enable you to perform point-in-time recovery on an SQL database:

/* SQL Point-in-time recovery script */
/* Uses the last full back, then TRN files from the last backup. */

/* Restore the last Full backup */
RESTORE DATABASE [POTRecovery]
FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery.bak’
WITH FILE = 1, NOUNLOAD , STATS = 10, NORECOVERY

/* Restore the TRN backups, using the same point-in-time for each */
/* Date format is YYYY-MM-DD HH:MM:SS – 24Hr clock */

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051015.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051016.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

RESTORE LOG [POTRecovery] FROM DISK = N’D:\MSSQL$POTRecovery\Data\Backup\POTRecovery_tlog_201003051024.TRN’
WITH FILE = 1, NOUNLOAD , STATS = 10, RECOVERY , STOPAT = N’2010-03-05 10:20:00

/* Now set the database into a useable mode – without this the database will be stuck in a ‘Loading’ state */
RESTORE DATABASE  [POTRecovery] WITH RECOVERY

Using a third party backup tool and SQL-based TRN backups you can still recover as above, just ensure you perform the database restore using Data Protector then use SQL Management Tools to perform the point-in-time recovery.

Categories
Windows 7

Windows : Reset WBEM Repository

Windows : Resolving WMI Connectivity Issues

VPN Clients

First check whetherCheckpoitn Secure Client is installed; the integrated Firewall within this VPN client can cause chaos with WMI. Ensure this is updgraded to version ‘VPN-1 SecureClient NGX R60 HFA03 with support for Windows 7 – CP_SecuRemoteSecureClient_NGX_R60_HFA3’.

WBEMTEST

Next try connecting to the amchine using wbemtest; from a command line on any Windows XP + system execute the command wbemtest, this will open a new window;

    1. Click Connect, then modiy the name space to be \\client_name\root\cimv2, then click connect.

Windows Firewall

If this fails confirm the following ports/settings are enabled in Windows Firewall (if configured):

    1. TCP Port 135
    2. Remote Administraton

You can always reset the Windows Firewall using the command netsh reset firewall

Reset WBEM Repository

To reset the WBEM repository follow the following instructions:

    1. Use the Start menu to right-click My Computer.
    2. Press the Manage item.
    3. Double-click Services and Applications in the left-hand pane.
    4. Press Services to expand it.
    5. Scroll to Windows Management Instrumentation in the right-hand pane and  right-click it.
    6. Press Stop.
    7. Use Windows Explorer to delete all the files in the %SystemRoot%\System32\Wbem\Repository folder.
    8. Shutdown and restart your computer. The Windows Management
    9. Instrumentation service will start and the files will be re-created

Verify Registry Settings

If WMI is still not working verify the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet]
“Ports”=hex(7):37,00,30,00,30,00,30,00,2d,00,37,00,31,00,30,00,30,00,00,00,00,\
  00
“PortsInternetAvailable”=”Y”
“UseInternetPorts”=”Y”

Categories
Windows 2008

Active Directory : Shadow Groups

Active Directory : Shadow Groups

If you’ve ever wanted to base user group membership on a container within Active Directory, i.e. Organisation Unit’s, you’ll know this is not possible. Using a simple script you can create ‘Shadow Groups’ and even automate the update of their membership to reflect changes in the Active Directory structure.

First create a new group, in this case ‘UK Computer Objects‘.

Next execute the following commands, changing the OU containging the security group as highlighted in green, and the seach scope for the objects you wish to add to the group in question as highlighted in red. The -chmbr option clears the membership of the group and re-writes it, therefore be careful if there are any existing members!

dsquery computer -limit 0 “OU=Sites,OU=UK,DC=domain,DC=local” | dsmod group “CN=UK Computer Objects,OU=Shadow Groups,DC=domain,DC=local” -chrmbr

If you need to add additional objects to the group without wiping it membership use the -addmbr option:

dsquery computer -limit 0 “OU=Administrators,OU=UK,DC=domain,DC=local” | dsmod group “CN=UK Computer Objects,OU=Shadow Groups,DC=domain,DC=local” -addmbr

This script can be sceduled to run froma  server on a daily or weekly basis, ensure it is executed as a user with sufficient AD DS permissions to write membership to the group object.

Categories
Exchange Server 2007

Exchange 2007 : Recipient Flter Multiple Countries

Exchange 2007 : Recipient Flter Multiple Countries

Here is an example recipient filter used in an Email Address policy that will apply an address based upon multiple factors, including one of two different countries:

Set-EmailAddressPolicy “NL Users” –RecipientFilter {((Co -eq “Netherlands, The” -or Co -eq “Netherlands”) -and (RecipientType -eq ‘UserMailbox’))} –EnabledEmailAddressTemplates ‘SMTP:%g.%[email protected]’, ‘smtp:%[email protected]

Categories
Exchange Server 2007

Exchange 2007 : Delegate User DL Management via Exchange Shell

Exchange 2007 : Delegate User DL Management via Exchange Shell

The following command will grant a user the rights to modify the members of a Distribution List:

Add-ADPermission -Identity:’DL Display Name’ -User:sAMAccountName -AccessRights ReadProperty, WriteProperty -Properties ‘Member’

Categories
Exchange Server 2007

Exchange 2007 : User Mailflow Tracking

Exchange 2007 : User Mailflow Tracking

The following Exchange Shell commands will produce send/receive reports for user mail and export to CSV in the local directory – be sure to change CAHTSRV01/02 to the correct server name:

get-messagetrackinglog -resultsize unlimited -server CAHTSRV02 -sender [email protected] -eventid send | select-object @{Name="Recipients";Expression={$_.recipients}},MessageSubject,Timestamp | export-csv userSurname-SentCAHTSRV02.csv

get-messagetrackinglog -resultsize unlimited -server CAHTSRV01 -sender [email protected] -eventid send | select-object @{Name="Recipients";Expression={$_.recipients}},MessageSubject,Timestamp | export-csv userSurname-SentCAHTSRV01.csv

get-messagetrackinglog -resultsize unlimited -server CAHTSRV01 -recipients [email protected] -eventid receive | select-object sender,MessageSubject,Timestamp | export-csv userSurname-ReceivedCAHTSRV01.csv

get-messagetrackinglog -resultsize unlimited -server CAHTSRV02 -recipients [email protected] -eventid receive | select-object sender,MessageSubject,Timestamp | export-csv userSurname-ReceivedCAHTSRV02.csv
Categories
Windows 2008

Oracle 10.2.0.5 64-bit Client Install on Windows 2008 R2

Oracle 10.2.0.5 64-bit Client Install on Windows 7 / 2008 R2

In order to install the Oracle 10.2.0.5 64-bit client on Windows 2008 R2 (or Windows 2008 64-bit) you’ll need to execute setup using the following arguments:

setup.exe -ignoreSysprereqs -ignorePrereq

Note; This is CASE SENSITIVE

Thanks to ORACLE Note 1061272.1/aleys.net for this tip 😉

Categories
Windows 2008

AD CS : Recover Private Key using Key Archival

image002

AD CS : Recover Private Key using Key Archival

On an encrypted file obtain the certificate Public Key thumbprint using efsutil:

efsutil.exe /c

 

 

Open CA Manager snap-in in MMC

  1. Select Issued Certificates
  2. View > Add / Remove Columns > Add Archived Key

 

Search for user EFS Certificate with the same thumbprint as used on the encrypted file

 

 

Copy the certificate serial number, in this case ‘29 55 89 a8 00 00 00 00 00 e2

 

 

From the CLI on the CA with the archived key execute the command as Administrator; this will create a file in the current directory named outputblob

certutil -getkey 29 55 89 a8 00 00 00 00 00 e2” outputblob

 

Move the outputblob file to C:\ using the command; move outputblob C:\

 

Recover the private key using the command: certutil -recoverkey outputblob bradfordc_efs.pfx

 

 

Now import the new PFX certificate into the personal store on the computer where you are trying to access the encrypted data.

Categories
Windows 2008

BO XI : Internet Explorer Issues

BO XI : Internet Explorer Issues

I came across an interesting issue with a BO XI deployment today, essentially users were unable to use Internet Explorer to connect to the Web Application; when trying to open the logon page they receieved an IE error stating that ‘Internet Explorer cannot display the page’. Further investigation showed that Firefox and other browsers worked.

The environment was BO XI running on Windows Serevr 2008 R2 (therefore IIS7/Tomcat)

This led me to look at Windows Authentication as IE would use NTLM whereas the other browsers would not.

After a dig around on the SAP support portal I cam across SAP 1292826 – Error: Internet Explorer cannot display the page. Essentially the solution was to modify the server.xml file located under \Program Files (x86)\Business Objects\Tomcat55\conf

  1. Search for ‘maxHttpHeaderSize‘ – this will likely be set to 8192.
  2. Change this to equal 32768 then restart the Apache Tomcat Service.