Windows : Dump File Analysis

Windows : Dump File Analysis

First install the debugging tools for Windows: http://msdn.microsoft.com/en-us/windows/hardware/gg463009

Now open a command prompt window and enter the following command:

cd “c:\program files\debugging tools for windows”

Next enter the following command:

kd -y srv*c:\symbols*http://msdl.microsoft.com/download/symbols -i c:\windows\i386 -z C:\Mini060209-01.dmp -logo C:\kd.log –v !analyze –v

This command assumes there is a DMP file located under the following path: C:\Mini111208-01.dmp This will give you a possible cause of the crash as well as the bug-check string associated with the blue screen error.

Further information can be obtained using the !analyze –v command.

It is also possible to use C:\Program Files\Debugging Tools for Windows\WinDbg.exe (a semi-graphical tool), you will need to specify the symbols path as follows:

srv*c:\symbols*http://msdl.microsoft.com/download/symbols

You can then File > Open Crash Dump and use the commands as above.

Network Monitor : Using NMCap

Network Monitor : Using NMCap

Once istalled open a command prompt and change directory to C:\Program Files\Microsoft Network Monitor 3:

NMCap.exe /network * /capture /stopwhen /timeafter 1 min /file issue.cap

You should now recreate your issue, to extend the capture window increase the value in red.Using /capture followed by no filter captures all traffic.

Recreate the issue then ctrl-c the window with NMcap running in it. You can also filter captured results, for example HTTP only:

NMCap.exe /network * /capture “HTTP” /stopwhen /timeafter 1 min /file issue.cap

Or to capture HTTP traffic for a specific IP address:

NMCap.exe /network * /capture “(HTTP || DNS ) && IPv4.Address == 192.168.1.1” /stopwhen /timeafter 1 min /file issue.cap

You can also reprocess capture files to generate filtered captures, for example to extract HTTP only traffic from the capture above into a new capture file:

NMCap /InputCapture issue.cap /capture “HTTP” /file HTTP_only.cap

AD CS : Change the RootCA Validity Period

Change the RootCA Validity Period

certutil -setreg ca\ValidityPeriod “Years”
certutil -setreg ca\ValidityPeriodUnits “10”

When new certificates are generated for the subordinate this will cause the default lifetime for the subordinates to have the same vailidity period as the root CA, therefore change the vailidity period on the subordinate.

Change the subordinateCA Validity Period

certutil -setreg ca\ValidityPeriod “Years”
certutil -setreg ca\ValidityPeriodUnits “1”

Windows 2008 Server Core : Using netsh to configure TCP/IP

Windows 2008 Server Core : Using netsh to configure TCP/IP

List all ipv4 interfaqces and obtain the interface ID of the NIC you wish to change the configuration for, in this instance we will modify the settings of interface ‘10‘ which is shown as ‘connected’:
  netsh interface ip show interfaces

 

Set DHCP for ipv4 interface ’10’:
  set address 10 dhcp

Set Static IP Address/subnet mask/gateway on ipv4 interface ’10’:
  set address 10 static 192.168.1.100 255.255.0.0 192.168.1.1

Set primary and secondary DNS servers for ipv4 interface ’10’:
  set dnsservers 10 dhcp
  set dnsservers 10 static 192.168.1.10 primary
  add dnsservers 10 192.168.1.11

Set WINS servers for ipv4 interface ’10’:
  set winsservers 10 dhcp
  set winsservers 10 static 192.168.1.10
  add winsservers 10 192.168.1.11

Reset TCP/IPv4 stack:
  netsh interface ip reset

Windows Server 2008 R2 : LookupAccountName Issues

Windows Server 2008 R2 : LookupAccountName Issues

When running Windows Server 2008 R2 x86/x64 that is a member of a Windows 2000 Domain you may encounter errors when installing applications that are similar to:

‘The trust relationship between this workstation and the primary domain failed’

I recently came across this error when installing SQL Server 2008 SP1 on a Windows Server 2008 R2 failover cluster, when selecting the service accounts from the domain I was presented with the error:

Error in User Account –   ‘The trust relationship between this workstation and the primary domain failed’

To resolve this error you must apply the following hotfix: http://support.microsoft.com/?id=976494

This issue affects Windows 7 and Windows Server 2008 R2, only when joined to a Windows 2000 domain. It is caused by a program that calls the LookupAccountName function to retrieve a security identifier (SID) for an account.