Windows 2003 : Certificate Services – Repair CA Virtual Directories

Windows 2003 : Certificate Services – Repair CA Virtual Directories

Today I had an issue with a subordinate CA, its AIA/CDP/CRL HTTP locations were showing as down. On further investigation I noted that the virtual directories for the CA had in fact vanished out of IIS. The files themselves for the CA were present in the CertEnroll directory, so it was an IIS issue.

To restore the Virtual Directory configuration use the following command: certutil -vroot

Windows : List Installed Updates

Windows : List Installed Updates

The following vbScript will list all installed updates on a host, the script can also be run against another system  by changing the “.” to “computername“. I used this to help with a recent audit of our systems and found itsaved a lot of time!

Const OpenAsASCII      =  0
Const OverwriteIfExist = -1

Set oShell = CreateObject(“WScript.Shell”)
Set oFSO = CreateObject(“Scripting.FileSystemObject”)

strComputer = “.”

sFile = “C:\” & strComputer & “_updates.txt”
Set fFile = oFSO.CreateTextFile(sFile, OverwriteIfExist, OpenAsASCII)

fFile.WriteLine
fFile.WriteLine “Hotfix report date: ” & Now & vbCrLf

Const HKLM = &H80000002

‘On Error Resume Next
Set objWMIService = GetObject(“winmgmts:” _
     & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)

Set colSettings = objWMIService.ExecQuery _
      (“Select * from Win32_OperatingSystem”)

‘ get general info about the OS

‘ Caption value for different OS:
‘ Microsoft Windows 2000 …
‘ Microsoft Windows XP …
‘ Microsoft(R) Windows(R) Server 2003, ….. Edition
For Each objOperatingSystem in colSettings
   strOSCaption = objOperatingSystem.Caption
   Select Case True
     Case InStr(1, strOSCaption, “windows 2000”, vbTextCompare) > 0
       strOS = “Windows 2000”
     Case InStr(1, strOSCaption, “windows xp”, vbTextCompare) > 0
       strOS = “Windows XP”
     Case InStr(1, strOSCaption, “windows(r) server 2003”, vbTextCompare) > 0
       strOS = “Windows Server 2003”
   End Select

   intOSLang = objOperatingSystem.OSLanguage
   strOSLangHex = Right(“000” & Hex(intOSLang), 4)
   strOSServicePack = objOperatingSystem.CSDVersion
Next

Set objReg = GetObject(“WinMgmts:{impersonationLevel=impersonate}!//” _
         & strComputer & “/root/default:StdRegProv”)

strOSLanguage = “Unknown”  ‘ Init value
strKeyPath = “SOFTWARE\Classes\MIME\Database\Rfc1766”
strValueName = strOSLangHex
objReg.GetStringValue HKLM, strKeyPath, strValueName, strOSLanguage

‘ remove unnecessary stuff
arrOSLanguage = Split(strOSLanguage, “;”)
strOSLanguage = arrOSLanguage(UBound(arrOSLanguage))
If Instr(strOSLanguage, “(“) > 0 Then
   arrOSLanguage = Split(strOSLanguage, “(“)
   strOSLanguage = Trim(arrOSLanguage(0))
End If

fFile.WriteLine “OS version: ” & strOSCaption
fFile.WriteLine “SP version: ” & strOSServicePack
fFile.WriteLine “OS language: ” & strOSLanguage

‘ start enumeration of hotfixes

fFile.WriteLine vbCrLf & “Hotfixes Identified:” & vbCrLf

strRegBaseUpdOS = “SOFTWARE\Microsoft\Updates\” & strOS
strRegBaseUpdIE = “SOFTWARE\Microsoft\Updates\Internet Explorer 6\SP1\”

Set colItems = objWMIService.ExecQuery _
     (“Select * from Win32_QuickFixEngineering”,,48)

For Each objItem in colItems
   If objItem.HotFixID “File 1” Then
     fFile.WriteLine “HotFixID: ” & objItem.HotFixID
     fFile.WriteLine “Description: ” & objItem.Description
     fFile.WriteLine “InstalledBy: ” & objItem.InstalledBy
     strInstallDate = Null  ‘ init value

     If InStr(1, objItem.HotFixID, “-IE6SP1-“, vbTextCompare) > 0 Then
       strRegKey = strRegBaseUpdIE & objItem.HotFixID
       objReg.GetStringValue HKLM, strRegKey, _
              “InstalledDate”, strInstallDate
     ElseIf objItem.ServicePackInEffect “” Then
       strRegKey = strRegBaseUpdOS & “\” & objItem.ServicePackInEffect _
             & “\” & objItem.HotFixID
       objReg.GetStringValue HKLM, strRegKey, _
              “InstalledDate”, strInstallDate
     End If

     If IsNull(strInstallDate) Then
       strInstallDate = “(none found)”
     End If
     fFile.WriteLine “InstallDate: ” & strInstallDate
     fFile.WriteLine   ‘ blank line
   End If
Next

fFile.Close
oShell.Run sFile

Windows 7 : Windows 2003 Print Server

Windows 7 : Windows 2003 Print Server

Came across an issue today where a Windows 7 client would not print to a Windows 2003 x64 print server. The solution was a registry key to disable the use of Async. RPC for printing:

    HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows NT\Printers\
    Right-click Printers, point to New, and then click DWORD.
    Type EnabledProtocols.
    Rigkt-click EnabledProtocols.
    In the Value data box, type 6.
    Close Registry Editor.

Reboot the client then test printing again.

More info here: http://support.microsoft.com/kb/2269469

Userenv : Event 1041

Userenv : Event 1041

On a Windows 2003 server i came across the following errors in the event log:

Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

To resolve this issue simply delete the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

This issue is caused by the uninstaller not removing all keys created during the installation of IE8.

Storage Essentials : Beware ‘Get All Details’ Task

Storage Essentials : Beware ‘Get All Details’ Task

Shortly after the introduction of Storage Essentials into an environment, fibre tape backups were interrupted at around 03:00 AM every day. We had various errors reported by hosts:

[Major] From: [email protected] “SYS-LTO5_LIB_Drive_1”  Time: 23/02/2011 03:02:56
[90:51]      Tape8:0:6:0C Cannot write to device (Details unknown.)

[Major] From: [email protected] “CDC-LTO5_LIB_Drive_4”  Time: 23/02/2011 03:03:26
[90:161]     Cannot write filemark. ([5] I/O error)

[Critical] From: [email protected] “/itaedi”  Time: 23/02/2011 03:03:26
    Unexpected close reading NET message => aborting.

[Major] From: [email protected] “UX-ITPROD_OFFLINE”  Time: 23/02/2011 03:04:52
[61:3003]      Lost connection to VBDA named “/itaedi”
    on host server.domain.local.
    Ipc subsystem reports: “IPC Read Error
    System error: [10053] Software caused connection abort

[Minor] From: [email protected] “evamgmt02.domain.local [/CONFIGURATION]”  Time: 22/02/2011 22:44:13
[81:141]      \IISDatabase
    Cannot export configuration object: (Unknown internal error.) => backup incomplete.

It turned out that there was a scheduled task within Storage Essentials ‘Get All Details‘ that ran at 03:00 AM every day. This task scanned all known hosts to check for new fibre attached LUNs/devices.

After disabling this task backups were no longer interrupted. It is still possible tomanually trigger updateson a single host, this does NOT impact backups that are runnin, it only appears that backups are interrupted whilst running the scan on ALL hosts.

HP DataProtector : Cannot obtain Cell Manager host

HP DataProtector : Cannot obtain Cell Manager host

Came across this one today, the below error suddenly started to appear on a SQL backup that was working one day and stopped the next without any change or modification to the SQL server or Cell Manager:

Normal 0
[Critical] From: [email protected] "OSCDB"  Time: 2/10/2011 2:40:04 AM
Cannot obtain Cell Manager host. Check the /etc/opt/omni/client/cell_server file and permissions of /etc/resolv.conf file.

On investigation I found that the CellServer registry key, listed below, was infact empty. Upon re-entering the CellServer (Cell Manager) name the backup started to work again:

HKEY_LOCAL_MACHINE\SOFTWARE\Hewlett-Packard\OpenView\OmniBackII\Site\CellServer

Cluster: Generic Script – Rouge Process Cleanup/Terminate

Cluster: Generic Script –  Rouge Process Cleanup/Terminate

I came across an interesting issue whilst clustering a CODA application server on a Windows Server 2003 Enterprise Microsoft Cluster. CODA spawns multiple processes after service startup, these processes are not services and as a result the cluster is not aware of them. When the CODA services are stopped theadditional processes are not always cleaned up. If the services are started again they will fail with a bind error.

I created a Cluster Generic Script to cleanup ‘rogue’ processes on resource group stop and start. Initially the script below contained a process.terminate() function, however this does not work for SYSTEM owned process. I therefore explored using taskkill.exe which is built into Windows, this means that no additional components are required to get this script working.

‘Chris’ CODA Fix Cluster Script – Created 14/01/2011

Dim WshShell, oExec, oLooksAlive, oIsAlive, oWait, objWMIService, colProcess, objProcess, strComputer, objShell
Set WshShell = CreateObject(“WScript.Shell”)

processName = “oasasv.exe”

‘On Error Resume Next

Function Online( )
    Resource.LogInformation “Entering Online”
    On Error Resume Next
   
    If CheckProcess > 0 Then KillProcess
   
    If CheckProcess > 0 Then
        Resource.LogInformation “Rougue ‘” & processName & “‘ process still present, FAILED to kill…”
        Online = False
    Else
        Online = True
    End If
       
    If Err.Number > 0 Then
      Resource.LogInformation Err.Details
      Resource.LogInformation oExec.StdErr.ReadAll
    End If   
End Function

Function Offline( )
    Resource.LogInformation “Entering Offline”
   
    If CheckProcess > 0 Then KillProcess
   
    If Err.Number > 0 Then
      Resource.LogInformation Err.Details
      Resource.LogInformation oExec.StdErr.ReadAll
    End If
     
    Offline = True
End Function

Function LooksAlive( )
     Resource.LogInformation “Entering LooksAlive”
     LooksAlive = True
End Function

Function IsAlive( )
     Resource.LogInformation “Entering IsAlive”
     IsAlive = True
End Function

Function Open( )
     Open = 0
End Function

Function Close( )
     Close = 0
End Function

Function Terminate( )
    Resource.LogInformation “Entering Terminate”
     
    If Err.Number > 0 Then
      Resource.LogInformation Err.Details
      Resource.LogInformation oExec.StdErr.ReadAll
     End If
     Terminate = True
End Function

Function CheckProcess ()
    CheckProcess = 0
    strComputer = “.”
   
    Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
    Set colProcess = objWMIService.ExecQuery (“Select * from Win32_Process where Name = ‘”
& processName & “‘”)
   
    On Error Resume Next
    For Each objProcess in colProcess
        CheckProcess = CheckProcess + 1
    Next
End Function

Function KillProcess ()
    strComputer = “.”
    Set objWMIService = GetObject(“winmgmts:” & “{impersonationLevel=impersonate}!\\” & strComputer & “\root\cimv2”)
    Set colProcess = objWMIService.ExecQuery (“Select * from Win32_Process where Name =
‘” & processName & “‘”)
   
    On Error Resume Next
    For Each objProcess in colProcess
        Set objShell = CreateObject(“WScript.Shell”)
        objShell.Run “taskkill.exe /F /IM ” &
processName

        Resource.LogInformation “Killed rougue ” & processName & “ process…”
    Next
End Function

 

Windows 2003 : Print Server Printer ‘Offline’

Windows 2003 : Print Server Printer ‘Offline’

I ran into an issue recently where a printer kept going into an ‘offline’ state. This would occur randomly and would require the print spooler service to be restarted on the print server.

The solution was simple:

  • Under the properties of the printer select the Ports Tab 
  • Select the Port and click Configure Port
  • Uncheck “SNMP Status Enable”

The printer will now return to an online state and will work again.

Active Directory : Publish Third Party CA Certificate / Offline Standalone RootCA in Active Directory

Active Directory : Publish Third Party CA Certificate / Offline Standalone RootCA in Active Directory

In order to ensure that your certificiate chain is valid when using an offline RootCA or Tird Party RootCA you must publish the CA certificate in Active Directory. This will replicate the certificate to all machines in the domain, ensuring that the chain is indeed valid for all clients.

To achieve this, export the certificate in DER format and then use the following command to import it into AD: certutil -dspublish -f file_name.cer RootCA

You can test replication by forcing a Group Policy refresh on a client, the cetificate should be replicated as part of this operation.