SQL : Unlock Account
Use the following SQL to unlock an account in SQL 2005/2008, simply change the account name in square brackets:
ALTER LOGIN [sa] WITH CHECK_POLICY = OFF;
ALTER LOGIN [sa] WITH CHECK_POLICY = ON;
Categories
Author: Chris Bradford
Cluster: Generic Script – Rouge Process Cleanup/Terminate
I came across an interesting issue whilst clustering a CODA application server on a Windows Server 2003 Enterprise Microsoft Cluster. CODA spawns multiple processes after service startup, these processes are not services and as a result the cluster is not aware of them. When the CODA services are stopped theadditional processes are not always cleaned up. If the services are started again they will fail with a bind error.
I created a Cluster Generic Script to cleanup ‘rogue’ processes on resource group stop and start. Initially the script below contained a process.terminate() function, however this does not work for SYSTEM owned process. I therefore explored using taskkill.exe which is built into Windows, this means that no additional components are required to get this script working.
‘Chris’ CODA Fix Cluster Script – Created 14/01/2011
Dim WshShell, oExec, oLooksAlive, oIsAlive, oWait, objWMIService, colProcess, objProcess, strComputer, objShell
Set WshShell = CreateObject(“WScript.Shell”)processName = “oasasv.exe”
‘On Error Resume Next
Function Online( )
Resource.LogInformation “Entering Online”
On Error Resume Next
If CheckProcess > 0 Then KillProcess
If CheckProcess > 0 Then
Resource.LogInformation “Rougue ‘” & processName & “‘ process still present, FAILED to kill…”
Online = False
Else
Online = True
End If
If Err.Number > 0 Then
Resource.LogInformation Err.Details
Resource.LogInformation oExec.StdErr.ReadAll
End If
End FunctionFunction Offline( )
Resource.LogInformation “Entering Offline”
If CheckProcess > 0 Then KillProcess
If Err.Number > 0 Then
Resource.LogInformation Err.Details
Resource.LogInformation oExec.StdErr.ReadAll
End If
Offline = True
End FunctionFunction LooksAlive( )
Resource.LogInformation “Entering LooksAlive”
LooksAlive = True
End FunctionFunction IsAlive( )
Resource.LogInformation “Entering IsAlive”
IsAlive = True
End FunctionFunction Open( )
Open = 0
End FunctionFunction Close( )
Close = 0
End FunctionFunction Terminate( )
Resource.LogInformation “Entering Terminate”
If Err.Number > 0 Then
Resource.LogInformation Err.Details
Resource.LogInformation oExec.StdErr.ReadAll
End If
Terminate = True
End FunctionFunction CheckProcess ()
CheckProcess = 0
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
Set colProcess = objWMIService.ExecQuery (“Select * from Win32_Process where Name = ‘” & processName & “‘”)
On Error Resume Next
For Each objProcess in colProcess
CheckProcess = CheckProcess + 1
Next
End FunctionFunction KillProcess ()
strComputer = “.”
Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
Set colProcess = objWMIService.ExecQuery (“Select * from Win32_Process where Name = ‘” & processName & “‘”)
On Error Resume Next
For Each objProcess in colProcess
Set objShell = CreateObject(“WScript.Shell”)
objShell.Run “taskkill.exe /F /IM ” & processNameResource.LogInformation “Killed rougue ” & processName & “ process…”
Next
End Function
Windows 7: Mapped Drived Fail At Logon/Startup
I cam across an issue recently where mapped drivers were not connecting at user logon. These drives were attached via the user account in AD (home drive) and via aVBS logon script.
This was resolved by setting the following registry key on the Windows 7 client:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableLinkedConnections”=dword:00000001
Troubleshooting Checkpoint ClusterXL
I recently came across an issue where SmartView Monitor showed an error for ClusterXL on a freshly rebuilt Checkpoint IP565 firewall. Both Synchronization and Filter were stuck in an initilizing state, we tried the following troubleshooting steps initially to no avail:
- cphastop followed by cphastart
- cpstop followed by cpstart
- reboot of the affected firewall
On digging deeper we noticed that one of the firewall devices was configured to use multicast and one for broadcast cluster communications, this was identified using the following command ‘cphaprob -a if‘ which presents the following output:
eth-s1p3c0 non sync(non secured)
eth-s4p3c0 non sync(non secured)
eth-s4p4c0 non sync(non secured)
eth-s1p1c0 non sync(non secured)
eth-s1p4c0 sync(secured), multicast
eth-s1p2c0 non sync(non secured)
eth-s4p1c0 non sync(non secured)
eth-s4p2c0 non sync(non secured)
Virtual cluster interfaces: 7
eth-s1p3c0 xx.xx.xx.xx
eth-s4p3c0 xx.xx.xx.xx
eth-s4p4c0 xx.xx.xx.xx
eth-s1p1c0 xx.xx.xx.xx
eth-s1p2c0 xx.xx.xx.xx
eth-s4p1c0 xx.xx.xx.xx
eth-s4p2c0 xx.xx.xx.xx
Both firewalls must be configured to use the same method of communication, which can be changed using the following command ‘cphaconf set_ccp multicast‘ or ‘cphaconf set_ccp broadcast‘. Providing your switching infrastructure supports multicast you should use this mode due to the performance overhead of broadcast communication. This command failed to change the method of communication and left us with no other option than to perform the following steps:
- Set Checkpoint Packages as in-active, then delete them ensuring that the Connectra package is removed first.
- Re-install the Checkpoint R65 IPSO Wrapper
- Re-install HFA 70
- Re-establish SIC via CPConfig and SmartDashboard
- Unassign and re-assign license via SmartUpdate
- Push policy from the SmartDashboard
After performing thse steps the cluster CCP was back to multicast (bizare really…). We had to perform a reboot of the second device once this was completed, at which point both nodes of the cluster reported no ClusterXL errors, ‘cphaprob list‘ showed the following output:
# cphaprob list
Registered Devices:
Device Name: Synchronization
Registration number: 0
Timeout: none
Current state: OK
Time since last report: 213003 secDevice Name: Filter
Registration number: 1
Timeout: none
Current state: OK
Time since last report: 213003 secDevice Name: cphad
Registration number: 2
Timeout: 5 sec
Current state: OK
Time since last report: 0.7 secDevice Name: fwd
Registration number: 3
Timeout: 5 sec
Current state: OK
Time since last report: 0.5 sec
‘fw ctl pstat‘ should also list the Synch as ‘Able to Send/Receive sync packets’ :
# fw ctl pstat
Machine Capacity Summary:
Memory used: 14% (90MB out of 637MB) – below low watermark
Concurrent Connections: 26% (17876 out of 67900) – below low watermark
Aggressive Aging is in monitor onlyHash kernel memory (hmem) statistics:
Total memory allocated: 200278016 bytes in 48894 4KB blocks using 2 pools
Initial memory allocated: 20971520 bytes (Hash memory extended by 179306496 bytes)
Memory allocation limit: 536870912 bytes using 10 pools
Total memory bytes used: 23487660 unused: 176790356 (88.27%) peak: 34170776
Total memory blocks used: 7126 unused: 41768 (85%) peak: 9164
Allocations: 1183931215 alloc, 0 failed alloc, 1183678473 freeSystem kernel memory (smem) statistics:
Total memory bytes used: 250335916 peak: 300842432
Blocking memory bytes used: 1865892 peak: 2596156
Non-Blocking memory bytes used: 248470024 peak: 298246276
Allocations: 160033475 alloc, 0 failed alloc, 160032829 free, 0 failed freeKernel memory (kmem) statistics:
Total memory bytes used: 73389696 peak: 101169940
Allocations: 1184023246 alloc, 0 failed alloc, 1183769860 free, 0 failed free
External Allocations: 0 for packets, 0 for SXLKernel stacks:
0 bytes total, 0 bytes stack size, 0 stacks,
0 peak used, 0 max stack bytes used, 0 min stack bytes used,
0 failed stack callsINSPECT:
1029526467 packets, -2128289516 operations, 373013811 lookups,
2035 record, 183665476 extractCookies:
-1649393933 total, 0 alloc, 0 free,
4607 dup, -1525329462 get, 138972711 put,
-1565092568 len, 217535 cached len, 0 chain alloc,
0 chain freeConnections:
54513276 total, 52537755 TCP, 1898998 UDP, 76506 ICMP,
17 other, 49485065 anticipated, 1 recovered, 17882 concurrent,
24286 peak concurrentFragments:
213594 fragments, 105472 packets, 389 expired, 0 short,
0 large, 0 duplicates, 0 failuresNAT:
23444077/0 forw, 29804768/0 bckw, 53234829 tcpudp,
14016 icmp, 702040-723136 allocSync:
Version: new
Status: Able to Send/Receive sync packets
Sync packets sent:
total : 78286072, retransmitted : 16171, retrans reqs : 20, acks : 3
Sync packets received:
total : 17030603, were queued : 16591, dropped by net : 15
retrans reqs : 8840, received 3 acks
retrans reqs for illegal seq : 0
dropped updates as a result of sync overload: 0
Exchange 2007 : You cannot open free/busy information
I had a user who was unable to add calendar entries to a Room Mailbox calendar. The error she received was:
You cannot open free/busy information. You do not have sufficient permissions to perform this opertation on this object.
This was caused by the user not having full mailbox permissions on the resource mailbox. Use the following command to configure mailbox permissions to allow the user to create new entries in the calendar:
Add-MailboxPermission -Identity “Room Mailbox 1” -User ‘domain\user’ -AccessRights ‘FullAccess’
You can also use the following command to apply this change to a number of similar named mailboxes, this command assumes that all the room names start with ‘Room’:
get-mailbox “Room*” | Add-MailboxPermission -User ‘domain\user‘ -AccessRights ‘FullAccess’
Windows 2003 : Print Server Printer ‘Offline’
I ran into an issue recently where a printer kept going into an ‘offline’ state. This would occur randomly and would require the print spooler service to be restarted on the print server.
The solution was simple:
- Under the properties of the printer select the Ports Tab
- Select the Port and click Configure Port
- Uncheck “SNMP Status Enable”
The printer will now return to an online state and will work again.
Categories
HP BL465c G7 : ESXi 4.1 Issues
HP BL465c G7 : ESXi 4.1 Issues
Having just built a new ESXi 4.1 cluster comprised of BL465c G7’s we’ve run into some interesting issues I thought I would share.
Six BL465c G7 servers have been installed in 2 new C7000 G2 enclosures each with 2x Flex-10 Virtual Connect Modules and 2×20-port 8GB Fiber Channel Virtual Connect Modules. Servers are split 3 per-chassis;
In breif the issues are as follows:
- PSOD on reboot and random crashes with PSOD
- Corrected Memory Error threshold exceeded
- Hang on reboot
- ILO Duplicate SSL Certificate Serial Number
Exchange 2007 : Room / Resource Mailbox Conflicts and Cancellations Not Processed.
I recently came across an issue with the room mailbox configuration on our Exchange 2007 environment. Cancellations were remaining in the calendar and duplicate appointments were being booked at the same time, resulting in the room becoming double-booked.
The issue was that the mailbox ‘AutomateProcessing’ setting was ‘AutoUpdate’ instead of AutoAccept. To resolve this simply execute the following command from the Exchange shell:
Set-MailboxCalendarSettings “MeetingRoomName” -AutomateProcessing:Autoaccept
To extend the booking window use the following command:
Set-MailboxCalendarSettings “MeetingRoomName” -BookingWindowInDays 540
To allow reocurring meetings and cancel conflicts:
Set-MailboxCalendarSettings “MeetingRoomName” -AllowConflicts False
Set-MailboxCalendarSettings “MeetingRoomName” -ConflictPercentageAllowed 25
Set-MailboxCalendarSettings “MeetingRoomName” -MaximumConflictInstances 10
To grant a user full mailbox permissions:
Add-MailboxPermission “MeetingRoomName” -AccessRights FullAccess -Identity “[email protected]”
To restrict booking the resource to a particular user/set of users:
Set-MailboxCalendarSettings “MeetingRoomName” -BookInPolicy “[email protected]”,”[email protected]”
To allow other users to book the resource, but have their request authorised:
Set-MailboxCalendarSettings “MeetingRoomName” -AllBookInPolicy:$False -AllRequestOutOfPolicy $False -AllRequestInPolicy $True
To configure the delegates that must authorise the request (they will receive a copy of the request):
Set-MailboxCalendarSettings “MeetingRoomName” -ResourceDelegates “[email protected]“,”[email protected]“
vCenter VMware VirtualCenter Server WIll Not Stay Started
Installation of vCenter Server succeeds, but services will not stay started. The most recent vpxd log shows the following error:
[2010-10-11 16:51:49.252 03800 error ‘App’] [VpxVmomi] Failed to create WebService socket: class Vmacore::SystemException(An attempt was made to access a socket in a way forbidden by its access permissions. )
[2010-10-11 16:51:49.252 03800 error ‘App’] [VpxdVmomi] Failed to start VMOMI services: An attempt was made to access a socket in a way forbidden by its access permissions.
[2010-10-11 16:51:49.252 03800 info ‘App’] Shutting down VMware VirtualCenter…
In this case McAfee EPO FrameWork Service was using the same port as the vCenter service. This can be verified by stopping the FrameworkService.exe process.
To resolve this issue change the vCenter HTTP/HTTPS Service ports to a port other than 8443/8080.
Categories
SQL Database Replication : Repairing
SQL Database Replication : Repairing
I recently came across an issue where SQL database replication was failing between two nodes. The replication queue was full of un-replicated transactions,I could verify this looking at the following tables:
- MSrepl_queuedtraninfo
- MSreplication_queue
In this case there was over 8 million unreplicated transactions. Due to the shear number of unreplicated transactions I decided that it would probably be best to simply re-seed the database on the remote node. The process below outlines how this was achieved.
Please note that this process requires permissions to be reset on the subscriber once completed.
1. Perform backup of publisher (COMMS-S01) and subscriber (COMMS-M01) database.2. Stop OTS (stop OTS service on COMMS-TRANS01/02 and kill any OTS.exe processes via task manager)
3. Stop the log reader and distribution replication agents.
4. Use the following commands to flush the replication queue: [less than one minute to run]
a. EXEC sp_repldone @xactid = NULL, @xact_segno = NULL, @numtrans = 0, @time = 0, @reset = 1
b. EXEC sp_replflush
5. Verify that the queue is now empty on the subscriber: [less than one minute to run]
a. EXEC sp_replshowcmds
b. DBCC opentrans
6. Now un-publish and truncate the transaction log on the publisher (comms-s01):
a. BACKUP LOG OTSTrack WITH TRUNCATE_ONLY
b. DBCC SHRINKFILE (OTSTrackLog, NOTRUNCATE)
c. DBCC SHRINKFILE (OTSTrackLog, TRUNCATEONLY)
7. Finally shrink the database on both comms-s01:
a. DBCC SHRINKDATABASE(OTSTrack, 10)
8. Drop the OTSTrack database on COMMS-M01 (standby)- this will be recreated during replication setup.
9. Check the rowcount of the following tables in the distribution database (should not be 8 million):
a. MSrepl_queuedtraninfo
b. MSreplication_queue
10. Re-republish the database and configure sunscriptions as per GL documentation.
11. Check that replication agents are started, if not start log reader first then distribution agent.
12. Re-create user accounts on COMMS-M01 using attached ‘script.’
13. Run Stored Procedure Permissions Script on subscriber (comms-s01)14. Start OTS (start OTS service on COMMS-TRANS01/02)