Category: Windows Server 2003

DCOM Event ID 10016 : Removable Storage Service

HP Dataprotector requires that the Removable Storage Service be disabled on each fibre attached host in order to stop Network Storage Routers being flooded, and interruption of Dataprotector activities.

By disabling this service you will find that the following event is logged on each host under the system event log every time a backup is run:

Event Type:    Error
Event Source:    DCOM
Event Category:    None
Event ID:    10016
Description:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
 to the user ECOMMERCE\svc_dpagent SID (S-1-5-21-2426429480-712720545-947854963-1642).  This security permission can be modified using the Component Services administrative tool.

In order to resolve this issue perform the following steps:

1. Start > Run > dcomcnfg 
2. Expand Component Services > Computers > My Computer >DCOM Config
3. Locate the ‘Removable Storage Manage’ object, right-click and select properties
4. Select the location tab and uncheck the ‘Run application on this computer‘ box.
5. Now backup and delete the following registery keys:
   1. LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{D61A27C6-8F53-11D0-BFA0-00A024151983}
   2. LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{D61A27C1-8F53-11D0-BFA0-00A024151983}
6. Finally reboot the affected host.

Dataprotector : Not a valid mount point => aborting.

I recently came across the following error when setting up a new DP backup for a Windows Server 2003 x64 R2 SP2 cluster:

  Volume Shadow Copy functionality could not be initialized.
  Fallback to legacy filesystem backup was not allowed. Aborting the backup.
  Not a valid mount point => aborting.

I was also presented with the followingerror in the Application event log on the server:

  Event Type:    Error
  Event Source:    VSS
  Event Category:    None
  Event ID:    11
  Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005]

On investigation I installed the KB940349 VSS update (http://support.microsoft.com/kb/940349), after rebooting each host, VSS backup functionality was restored.

Windows Server 2003 : Clustering MSMQ Client

On Windows Server 2003 x64 it is possible to cluster the MSMQ Independent client (first you must MSMQ core via Add/Remove Programs).

Once complete you will be able to create an MSMQ resource under a cluster group, this will require the following dependencies:

• Network Name Resource
• Physical Disk Resource

You will also need to configure permissions on the Network Name resource to Create/Delete MSMQ Configuration Objects otherwise you will be presented witht he following error in the application event log:

Event Type:    Error
Event Source:    MSMQ Cluster Resource DLL
Event ID:    2011
Message Queuing objects cannot be created in Active Directory (Error: 0xc00e0040). Please verify your permissions and network connectivity.

This can be achieved by modifying the DACL of the Network Name resource in Active Directory.

It is important to note that when clustering MSMQ you cannot use a volume that is assigned a mount point, if you use a mount point the MSMQ configuration will become invalid. This can be checked under the following registry key; HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSMQ\Clustered QMs\MSMQ$[Resource Name]\Parameters\MsmqRootPath You will also get the following event in the application event log:

Event Type:    Error
Event Source:    MSMQ$MSMQ2
Event ID:    2096
The Message Queuing folder cannot be created.

You can configure multiple MSMQ resources on a Windows cluster, each should have its own physical disk and network name.

 

Windows 2003 :  HP c-Class evbda.sys BSOD

When installing Windows Server 2003 x64 on a HP c-Class Blade you may experience a BSOD with the error code:  IRQ_NOT_LESS_OR_EQUAL / 0x0000000A / evbda.sys

This issue is caused by the HP NC532i Dual Port 10GbE Multifunction BL-c Adapter driver that has a known issue which causes a BSOD on servers with 16+ cores. The new driver is available here. We must integrate this driver into the Windows setup process as this BSOD occurs before the PSP is installed.

If you are using HP RDP then this process is simple; download the new 10Gbe driver from HP and extract its entire contents to the following folder on the Altiris server:
eXpress Directory\Deployment Server\lib\osoem\proliant.zzz\w52.64\$oem$\$1\drivers\net

The driver located in this folder are used during Windows setup, as a result this will resolve the BSOD error.

Alternatively, disable some of the cores to boot your server and install the updated driver. You’ll then be able to boot to Windows with all cores enabled.

Checkpoint Secure Client : RPC Failures / Filter Rejected Issues

WMI/RPC calls from Windows Server 2003 SP1 / SP2 servers to client running Checkpoint Secure Client R60 (pre-HFA02) may experience unexpected shutdowns/restarts. When viewing theSecure Client firewall log you will see that RPC traffic is being dropped by rule 995, even though it may be explicitly allowed by another rule.

WMI query errors may report: Call was canceled by the message filter. (Exception from HRESULT: 0x80010002 (RPC_E_CALL_CANCELED))

This is a known issue caused by the ‘Server2003NegotiateDisable‘ option that is enabled by default upon installation of Windows Server 2003 SP1 or newer – http://support.microsoft.com/kb/899148. There are two potential solutions – a quick fix, and a ‘proper’ fix. I’ll cover the quick fix first.

The quick-fix

   Download and install the hotfix available from the above MS knowledgebase article – this should be installed on the server affected by this issue.

   Once installed, create a new DWORD registry key on the server, setting the value to 1: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Rpc\Server2003NegotiateDisable

   Reboot the server, the RPC calls will now fuction as expected to devices with non-RPC compliant VPN clients.

The ‘proper’ fix

   Initally, you can perform the above. This will get RPC working with the non-RPC compliant VPN clients.

   You should then proceed to update all of the SecureClient installs to at least version R60 HFA02, when this is complete set the registry key to 0 on the server and reboot once again.

   An updated version of the client is easily obtainable form the Checkpoint Website.

   For further information from Checkpoint see the following URL: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31818

VBScript : ADODB Provider Could Not Be Found / Re-install MDAC

You may encounter ADODB errors when running a VBscript containing WMI calls on computers running  Windows XP Service Pack 2 or 3.

ADODB  is a part of the Microsoft Data Access Components (MDAC). You can download MDAC form here, but wait…!

If you are running Service Pack 2 or newer you will find that you are unable to re-install this version of MDAC,as the version included with the service pack is newer.So, in order to perform this task you will require a Windows XP CD with your current Service Pack slip-streamed into it, although files should be available under %systemroot%\windows\servicepackfiles\i386.

With the Windows XP CD inserted / files available perform the following tasks:

• Browse to c:\Windows\Inf folderin Windows Explorer
• Right-click the Mdac.inf file, and then click Install. 
• When prompted point the installer to your Windows XP CD, if the files are unavailable form this location use the Service Pack source files under %systemroot%\windows\servicepackfiles\i386

A special consideration, if running McAfee VirusScan Enterprise, ensure you disable the Access Protection component for this process, it will cause the installation of MDAC to fail.

Windows Firewqall : View Current State

Use the following command the view the status of the windows firewall, including whether ‘Remote Administration’ is enabled and the active Profile.

c:\>netsh firewall show state

Firewall status:
——————————————————————-
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable

To forcibly enable Remote Admin mode, use the following commands:

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135
call netsh firewall add allowedprogram program=%windir%\system32\wbem\unsecapp.exe name=WMI
call netsh firewall add allowedprogram program=%windir%\system32\dllhost.exe name=Dllhost 

Windows : Re-installing the WMI Provider

If you receive errors such as ‘SwbemLocator’ Critical Error 8004100A when running VBScripts, or applying GPO’s with WMI filters it may be necessary to re-install WMI.

Use WMIDiag.vbs to perform initial diagnosis (available here: http://www.microsoft.com/downloads/details.aspx?familyid=d7ba3cd6-18d1-4d05-b11e-4c64192ae97d&displaylang=en),
> Insert the slipstreamed Windows CD (including the current client Service Pack version) into the CDROM.
> Re-install WMI using the following command: rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf

You may be prompted for a file named ‘napclientprov.mof’ a non-corrupt version of this can be downloaded here.

HP BL460 Automatic System Reboot Errors

For a while now a set of HP BL460c servers have been randomly rebooting, the HP Integrated Management Log shows ‘ASR Detected by System ROM‘ along with the following events in the System event log on an affected machine:

Event Type:    Warning
Event Source:    hpqilo2
Event Category:    None
Event ID:    57
Failed GET SENSOR READING, sensor 16

Event Type:    Warning
Event Source:    hpqilo2
Event Category:    None
Event ID:    57
NetFN 0x4, command 0x2D timed out

The solution for this was to perform the following:

• Install the latest ILO Firmware Update v. 1.81
• Install the HP iLO Management Channel Interface Driver v. 1.15.0.0
• Install the HP ProLiant iLO2 Management Controller Driver  v. 1.12.0.0

All of these drivers can be downloaded form the following location, selecting your operating system:

http://h20000.www2.hp.com/bizsupport/TechSupport/DriverDownload.jsp?prodNameId=3288156?=en&cc=us&prodTypeId=3709945&prodSeriesId=1842750&taskId=135

Troubleshooting EFS Certificates

EFS is an incredibly powerful security tool for todays security minded business, it can also be an incredible pain to troubleshoot.Here are some useful commands and processes ot identify why EFS may not be performing as expected.

1) Check that the certificate is in the users profile; EFS is dependant upon the users profile containing the EFS certificate. The profile is used when accessingencrypted shares over the network.

2) This may be down to a CRL access issue. Verify certificate services is running on the CA: certutil -ping -config

3) Obtain file EFS information from the encrypted file, will obtain the hash of the certificate in use. Use the following command whitin the shared folder to get the hash of the certificate used to encrypt the file: efsutil /c

4) Obtain certificate information, using the hash obtained in step 3: certutil -store -v -user MY “”

5) Check the following Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\Current Version\EFS\CurrentKeys . Ensure that the Default EFS Hash is correct, if not delete the value – it will auto-recreate.