Category: Microsoft

Categories
Windows 2008

cClass Blades: Boot for SAN

cClass Blades: Windows 2008 R2 Boot for SAN

In order to facilitate a boot fom SAN installation of Windows 2008 R2 the following process must be adhered to:

  1. Configure only a single path in your initial zone for the blade, Windows setup does not support multipathing, if this is missed you will end up with an error ‘Setup was unable to create a new system partition or locate an existing system partition.’
  2. Configure only a single port on the HBA, ensure its BIOS is enabled and that the boot LUN is configured. Ensure the second port is disabled/has no configuration.
  3. Ensure you have downloaded the HBA’s driver from the HP Support website – this may not be necessary, but have it ready just in case.
  4. Boot from the Windows 2008 R2 DVD using the iLO (you may find you recieve an error regarding a missing CD/DVD drive driver, if so try the Windows 2008 R2 vanialla DVD without SP1 integrated)
Categories
Windows Server 2003

AD CS : Delegate GPO Creation/Management

AD CS : Delegate GPO Creation/Management

To delegate creation of new Group Policy Objects and link Group Policy Objects to existing OU’s you mustperform the following tasks:

  • Add the user to the Group policy Creator Owner built-in group
  • Delegate the ‘Manage Group Policy links‘ permission on the Organisational Units you wish the user to be able to link policies to.

Optional for generating RSOP information:

  • Delegate the ‘Read Group Policy Results data‘ permission on the Organisational Units you wish the user to be able to link policies to.

You can also utilise GPMC for delegation of GPO permissions.

Categories
Windows Server 2003

LastlogonTimeStamp : Report

LastlogonTimeStamp : Report

Use the following script to report on your users lastLogontimeStamp – note this will be accurate to within one week due to the very nature of the lastlogonTimeStamp attribute being replicated between DC’s once per week.

Save the text below into a VBS file and execute like so: cscript.exe file.vbs >> report.csv

If the script fails, download a copy from here: http://cb-net.co.uk/downloads/compreport2.txt

Option Explicit

Dim objRootDSE, adoConnection, adoCommand, strQuery, strCN
Dim adoRecordset, strDNSDomain, objShell, lngBiasKey
Dim lngBias, k, strDN, dtmDate, objDate
Dim strBase, strFilter, strAttributes, lngHigh, lngLow

‘ Obtain local Time Zone bias from machine registry.
‘ This bias changes with Daylight Savings Time.
Set objShell = CreateObject(“Wscript.Shell”)
lngBiasKey = objShell.RegRead(“HKLM\System\CurrentControlSet\Control\” _
    & “TimeZoneInformation\ActiveTimeBias”)
If (UCase(TypeName(lngBiasKey)) = “LONG”) Then
    lngBias = lngBiasKey
ElseIf (UCase(TypeName(lngBiasKey)) = “VARIANT()”) Then
    lngBias = 0
    For k = 0 To UBound(lngBiasKey)
        lngBias = lngBias + (lngBiasKey(k) * 256^k)
    Next
End If
Set objShell = Nothing

‘ Determine DNS domain from RootDSE object.
Set objRootDSE = GetObject(“LDAP://RootDSE”)
strDNSDomain = objRootDSE.Get(“defaultNamingContext”)
Set objRootDSE = Nothing

‘ Use ADO to search Active Directory.
Set adoCommand = CreateObject(“ADODB.Command”)
Set adoConnection = CreateObject(“ADODB.Connection”)
adoConnection.Provider = “ADsDSOObject”
adoConnection.Open “Active Directory Provider”
adoCommand.ActiveConnection = adoConnection

‘ Search entire domain.
strBase = “”

‘ Filter on all user objects.
strFilter = “(&(objectCategory=computer)(objectClass=user))”

‘ Comma delimited list of attribute values to retrieve.
strAttributes = “distinguishedName,lastLogonTimeStamp,cn”

‘ Construct the LDAP syntax query.
strQuery = strBase & “;” & strFilter & “;” & strAttributes & “;subtree”

‘ Run the query.
adoCommand.CommandText = strQuery
adoCommand.Properties(“Page Size”) = 5000
adoCommand.Properties(“Timeout”) = 60
adoCommand.Properties(“Cache Results”) = False
Set adoRecordset = adoCommand.Execute

‘ Enumerate resulting recordset.
Do Until adoRecordset.EOF
   ‘ Retrieve attribute values for the user.
    strDN = adoRecordset.Fields(“distinguishedName”).Value
    strCN = adoRecordset.Fields(“cn”).Value
    ‘ Convert Integer8 value to date/time in current time zone.
    On Error Resume Next
    Set objDate = adoRecordset.Fields(“lastLogonTimeStamp”).Value
    If (Err.Number 0) Then
        On Error GoTo 0
        dtmDate = #1/1/1601#
    Else
        On Error GoTo 0
        lngHigh = objDate.HighPart
        lngLow = objDate.LowPart
        If (lngLow
            lngHigh = lngHigh + 1
        End If
        If (lngHigh = 0) And (lngLow = 0) Then
            dtmDate = #1/1/1601#
        Else
            dtmDate = #1/1/1601# + (((lngHigh * (2 ^ 32)) _
                + lngLow)/600000000 – lngBias)/1440
        End If
    End If
    ‘ Display values for the user.
    If (dtmDate = #1/1/1601#) Then
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & strCN &  “,Never”
    Else
       Wscript.Echo chr(34) & strDN & chr(34) & “,” & chr(34) & strCN & chr(34) & “,” & dtmDate
    End If
    adoRecordset.MoveNext
Loop

‘ Clean up.
adoRecordset.Close
adoConnection.Close

Categories
Exchange Server 2007

PFDavAdmin : WIndows 7

PFDavAdmin : WIndows 7

In order to get PFDavAdmin working on Windows 7 you must install .NET Framework 1.1, otherwise you will get errors when trying to connect, expand or modify DACLs. You can get a Windows 7 64-bit compatible version from here: http://www.microsoft.com/downloads/en/confirmation.aspx?familyid=262D25E3-F589-4842-8157-034D1E7CF3A3&displaylang=en

PFDavAdmin has been replaced; http://gallery.technet.microsoft.com/Exchange-2010-RTM-ExFolders-c76c3649

Categories
Windows 2008

AD DS : Automate AD DS Snapshots

AD DS : Automate AD DS Snapshots

Use the following code within a command file to automate the creation of AD DS snapshot in a Windows Server 2008 based Active Directory. You can then set this script as a scheduled task (running as a Domain Admin): 

@echo off ntdsutil snapshot "activate instance ntds" create quit quit exit
Categories
SQL

SQL Server : Deployment Guide

SQL Server : Deployment Guide

  1. Use mount points for storage and an anchor lun for the mount points. This will simplify storage management.
  2. Split logs and database files; lots of SAN storage vendors will say this isnt necessary now, but keep them seperate. This will protect you in the even of database file growth beyond normal tolerances.
  3. Storage must be aligned, if operating system is earlier than Windows 2003 this must be manually done when partitioning the LUNs, Windows 2008+ automatically aligns disks:
    1. If the disk you are aligning is already blank (raw), proceed to Step 3. If the disk contains data, backup the disk before proceeding.
    2. Delete all partitions on the disk.
    3. Open a command prompt, and execute Diskpart.exe.
    4. At the Diskpart command prompt, type List Disk and press Enter. If the disk you want to align does not appear in the list make sure that it exists and is accessible using the Disk Management snap-in.
    5. At the Diskpart command prompt, type Select Disk X, where X is the number of the disk as shown in the output of the List Disk command. Diskpart should return a message that indicates that Disk X is the selected disk.
    6. At the Diskpart command prompt, type Create Partition Primary Align=X, where X is either 32 or 64, depending on the recommendation from your storage vendor. If your storage vendor does not have any specific recommendations, it is recommended that you use 64. W 2008 / Vista use an offset of 1024.
    7. At the Diskpart command prompt, type Assign Letter=. For example, to assign letter Z to the disk, type Assign Letter=Z.
    8. Once the drive letter is assigned, type exit to exit out of the Diskpart utility.
    9. Use the Disk Management snap-in or the Windows Format command to format the partition as an NTFS-formatted partition.
  2. All data and log LUNs should be formatted with 64K NTFS allocation unit size
  3. If server has more than 8 CPU’s (or cores) you must configure MAXDOP to a value of 8, when less than 8 CPUs are present use a value of 0-X where X is the number of CPU’s. For OLTP scenarios use a MAXDOP calue of 1.
  4. Confirm SQL collation setting is correct (if upgrading/migrating from an existing platform) using SELECT SERVERPROPERTY(‘Collation’) AS ‘Collation’

  5. TempDB should be configured to have approx 4 data files, execute the code below, modify for each additional data file:
        ALTER DATABASE [tempdb]
        ADD FILE (
            NAME = N’tempdev_1′,
            FILENAME = N’E:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data\tempdb_1.ndf’ ,
            SIZE = 8MB ,
            FILEGROWTH = 10% )
        GO

  6. Ensure you use setspn to configure the ServicePrincipalName for and SQL service accounts, setspn –A MSSQLSvc/[server fqdn]:[port | instance name] “[service account]” – anything in RED should be changed:
    1. For an instance running on port 1188 example: setspn –A MSSQLSvc/DB1.domain.local:1188domlocal\svc_dbe
    2. For a named instance, in this example ‘I1’, you should also run: setspn –A MSSQLSvc/DB1.domain.local:I1domlocal\svc_dbe
  7. MSDTC should have its own resource group
  8. MSDTC should be configured with the following permissions (more information here: http://technet.microsoft.com/en-us/library/cc753510%28WS.10%29.aspx):
    1. Open Component Services > My Cmoputer > Distributed Transaction Coordinator > Clustered DTCs
    2. Enable Network DTC Access (But do not select Allow Remote Clients/Allow Remote Administartion)
    3. Enable Transaction Manager Communication (Allow Inbound, Allow Outbound and select incoming Caler Authentication Required)
    4. Select SNA LU 6.2 Transactions (Ensure that Enable XA Transactions is not selected)
    5. In Windows Firewall configure an exception for DTC
  9. For SQL Server 2008 ‘Page Verify’ should be set to ‘Checksum’
  10. Configure a maximum memory size (see below)
  11. When managing [ermissions ensure that the local Administartors group is not a member of the sysadmin role
  12. The SQL service account should have th following permissions:
  • Perform Volume Maintenence Tasks (allows for faster restores as database files are not pre-zeroed)
  • Lock Pages in Memory
  • Logon as a Service

Additional Notes/Setup Instructions

SQL Server Memory Configuration

Suggested maximum memory allocations (http://www.sqlservercentral.com/blogs/glennberry/archive/2009/10/29/suggested-max-memory-settings-for-sql-server-2005_2F00_2008.aspx):

Physical RAM                        MaxServerMem Setting
2GB                                           1500
4GB                                           3200
6GB                                           4800
8GB                                           6400
12GB                                         10000
16GB                                         13500
24GB                                         21500
32GB                                         29000
48GB                                         44000
64GB                                         60000
72GB                                         68000
96GB                                         92000
128GB                                       124000

Configuring a maximum meory size for an SQL instance

EXEC  sp_configure‘max server memory (MB)’,2048;
GO
RECONFIGURE;
GO

Disk Alignment

To verify disk alignment execute the command: diskpar –I 2 where 2 is the number of the disk you wish to check the alignment.

The important setting here is the StartingOffset – this value should divide cleanly by the NTFS cluster size implemented on the disk.

Ensure that Partition Offset ÷ Stripe Unit Size is a whole number (you will need to consult the storage configuration to identify stripe size).

Ensure that Stripe_Unit_Size ÷ File_Allocation_Unit_Size is also a whole number.

http://msdn.microsoft.com/en-us/library/dd758814%28v=sql.100%29.aspx

Configure MAXDOP

sp_configure ‘show advanced options’, 1;
GO
RECONFIGURE WITH OVERRIDE;
GO
sp_configure ‘max degree of parallelism’, 8;
GO
RECONFIGURE WITH OVERRIDE;
GO

Categories
Windows 2008

Windows : Dump File Analysis

Windows : Dump File Analysis

First install the debugging tools for Windows: http://msdn.microsoft.com/en-us/windows/hardware/gg463009

Now open a command prompt window and enter the following command:

cd “c:\program files\debugging tools for windows”

Next enter the following command:

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z C:\Mini060209-01.dmp -logo C:\kd.log –v !analyze –v

This command assumes there is a DMP file located under the following path: C:\Mini111208-01.dmp This will give you a possible cause of the crash as well as the bug-check string associated with the blue screen error.

Further information can be obtained using the !analyze –v command.

It is also possible to use C:\Program Files\Debugging Tools for Windows\WinDbg.exe (a semi-graphical tool), you will need to specify the symbols path as follows:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

You can then File > Open Crash Dump and use the commands as above.

Categories
Windows 2008

Network Monitor : Using NMCap

Network Monitor : Using NMCap

Once istalled open a command prompt and change directory to C:\Program Files\Microsoft Network Monitor 3:

NMCap.exe /network * /capture /stopwhen /timeafter 1 min /file issue.cap

You should now recreate your issue, to extend the capture window increase the value in red.Using /capture followed by no filter captures all traffic.

Recreate the issue then ctrl-c the window with NMcap running in it. You can also filter captured results, for example HTTP only:

NMCap.exe /network * /capture “HTTP” /stopwhen /timeafter 1 min /file issue.cap

Or to capture HTTP traffic for a specific IP address:

NMCap.exe /network * /capture “(HTTP || DNS ) && IPv4.Address == 192.168.1.1” /stopwhen /timeafter 1 min /file issue.cap

You can also reprocess capture files to generate filtered captures, for example to extract HTTP only traffic from the capture above into a new capture file:

NMCap /InputCapture issue.cap /capture “HTTP” /file HTTP_only.cap

Categories
Windows Server 2003

Windows : Uninstalling a hotfix from the Recovery Console

Windows : Uninstalling a hotfix from the Recovery Console

Use the following steps to remove a hotfix from a Windows Operating system whilst running from the recovery console:
1) Ensure you have a record of installed hotfixes/patches (the KB numbers are the important bit!) that you wish to remove.
2) Boot to the recovery console
3) Check for installed patches/hotfixes; dir $*
4) Change to the directory of the hotfix/patch you wish to remove, change text in red to match the KB number: CHDIR $NTUninstallKBXXXXXXXXX
5) To uninstall execute the spunist.txt file; BATCH spuninst.txt

Categories
Windows Server 2003

DNS Scavenging : Existing Environment

DNS Scavenging : Existing Environment

Many peopple are wary of the impact of enabling DNS scavenging on an existing environment. Th following command/script will allow you to identify all of the records that will be deleted if you were to enable scavenging.

First execute the command: dnscmd SRV /enumrecords zone @ /continue > DNS_Records.txt

Save the text below into a file names DNSScavenge.vbs, then execute the command: cscript.exe /nologo DNSScavengeTest.vbs DNS_Records.txt >> DNS.csv

‘———————————————————————————————-

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const AGING_TOKEN = “[Aging:”

Const DDNS_NO_REFRESH = 7        ‘ The dynamic DNS no refresh period, where an update classified as a refresh will not be accepted for the record
Const DDNS_REFRESH = 7            ‘ The dynamic DNS refresh period, during which an update will be accepted for the record
Const GMT_OFFSET = +10            ‘ Offset in hours to adjust the resultant times based on the current GMT timezone

Set objFSO = CreateObject(“Scripting.FileSystemObject”)

If WScript.Arguments.Count = 1 Then
    strFileName = WScript.Arguments(0)
Else
    wscript.echo “Specify a filename containing the output of dnscmd. eg DNSScavengeTest.vbs DNS_Records.txt”
    wscript.quit(2)
End If

If Not objFSO.FileExists(strFileName) Then
    WScript.Echo “Error: ” & strFileName & ” file not found.”
    wscript.quit(2)
End If

Set objTextStream = objFSO.OpenTextFile(strFileName, ForReading)
strZoneRecords = objTextStream.ReadAll
WScript.Echo “name,timestamp,wouldBeScavengedIn”

For Each strLine in Split(strZoneRecords, vbCRLF)
    intStart = InStr(1, strLine, AGING_TOKEN, 1)
    If intStart 0 Then                                ‘ Does this line contain an aging value?
        intStart = intStart + Len(AGING_TOKEN)
        intEnd = InStr(intStart, strLine, “]”)
        If intEnd 0 Then intLength = intEnd – intStart
        strHost = Left(strLine, InStr(strLine, ” “)-1)                ‘ Yes, extract the host

        intAging = Mid(strLine, intStart, intLength)                ‘ Extract the aging value, expressed in the decimal number of hours since 01/01/1601
       
        dtmDate = DateAdd(“h”, intAging, “01/01/1601 00:00:00 AM”)        ‘ Convert to a date timestamp
        dtmDate = DateAdd(“h”, GMT_OFFSET, dtmDate)                ‘ Add the current GMT offset

        intDiff = DateDiff(“h”, dtmDate, Now)                    ‘ The difference between now and the timestampe
        intHourDiff = intDiff – ((DDNS_NO_REFRESH * 24) + (DDNS_REFRESH * 24))    ‘ Based on the dynamic DNS no-refresh and refresh periods combined
        If intHourDiff > 0 Then                            ‘ Is this a positive number, indicating the record will be scavenged
            intDay = CInt(intHourDiff / 24)                    ‘ Yes, convert to a number of days for output
            WScript.Echo strHost & “, ” & dtmDate & “, ” & intDay + DDNS_NO_REFRESH + DDNS_REFRESH    ‘This record would be scavenged
        Else
            WScript.Echo “*” & strHost & “, ” & dtmDate            ‘ This record won’t be scavenged
            intDay = 0
        End If
    End If
Next