JRNL_WRAP_ERROR
13568 Event ID
this error used to plague me alot more with windows 2000 servers but i recently had a case of it with server 2008 so i thought id resurrect this fix.
Follow these steps from kb290762.
To perform a nonauthoritative restore, stop the FRS service, configure the BurFlags registry key, and then restart the FRS service. To do so:
1. Click Start, and then click Run.
2. In the Open box, type cmd and then press ENTER.
3. In the Command box, type net stop ntfrs.
4. Click Start, and then click Run.
5. In the Open box, type regedit and then press ENTER.
6. Locate the following subkey in the registry:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\NtFrs\Parameters\Backup/Restore\Process at Startup
7. In the right pane, double-click BurFlags.
8. In the Edit DWORD Value dialog box, type D2 and then click OK.
9. Quit Registry Editor, and then switch to the Command box.
10. In the Command box, type net start ntfrs.
11. Quit the Command box.
When the FRS service restarts, the following actions occur:
• The value for BurFlags registry key returns to 0.
• Files in the reinitialized FRS folders are moved to a Pre-existing folder.
• The FRS database is rebuilt.
• The member performs an initial join of the replica set from an upstream partner or from the computer that is specified in the Replica Set Parent registry key if a parent has been specified for SYSVOL replica sets.
• The reinitialized computer performs a full replication of the affected replica sets when the relevant replication schedule begins.
If you still continue to recieve JRNL_WRAP_ERROR then you wil need to perform an Authoritive Restore. To do this simply follow the same procedure but enter “D4” in the reg key.
Permalink
452 4.3.1 Insufficient system resources
A specific application we use for CRM was having issues with erratic email sending.
An issue was observed as an error in SMTP as “452 4.3.1 Insufficient system resources”
This error could be reproduced by hitting one of our Hub Transport Servers with any computer able to smtp to it
Based on smtp security hitting the other server giving the following (and correct error) proving the service was operating correctly but refusing me based on relay permissions
“421 4.3.2 Service not available, closing transmission channel”
We are running a dual Hub Transport Setup for HA (High Availability)
Error Message:
It looks like although both server are redundant smtp servers (Hub Transport Role);
*assumption* the specific server using them for SMTP sending has no redundancy set in its attempts at hitting an smtp server so although one was having issues it never fell over to the other, normal mail did fall over and thus why the issue only affected this specific app and not all mailflow.
The problem server had run below 1gb of disk space on the primary partition (C:) and Exchange 2007 SP1 has a setting that is called “Back Pressure” and if certain stats break rules since the queue is in a Jet Database now it will stop things to ease the pressure on resources (such as too much memory or too high an I/O level or in this case, too little disk space for the queue/logs). This explains why the issue was intermittent as the back pressure service kept turning itself on and off.
Sufficient data was moved from the C drive to the D drive,D Drive contained 40gb of disk space
This freed the initial space, to prevent this issue happening again i followed the Microsoft article on how to move the queue and logs
http://technet.microsoft.com/en-us/library/bb125177.aspx
This moves both the queue database and the queue logs to prevent this issue from cropping up again, should the issue reoccur then the queue and logs are not to blame, this will assist in a process of elimination should the issue come up again.
As per the above linked Microsoft article, the following changes were made
C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config
Was backed up as
C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config.backupfile
file
And In:
C:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe.config
data
Changed to
Permalink
The evaluation period for Microsoft Office Live Communication Server 2005 has expired
All of a sudden my LCS/OCS server shot this message in the application event log and the server wouldn’t start.
Error Message:
Event Type: Error
Event Source: Live Communications Server
Event Category: (1000)
Event ID: 12290
Date: 19/10/2009
Time: 9:10:42 AM
User: N/A
Computer: INTGVIRT2K3004
Description:
The evaluation period for Microsoft Office Live Communication Server 2005 has expired. Obtain the released version of this product and upgrade to the non-evaluation version by running setup.exe
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
The error is because of patch KB974571, the only current resolution is to remove it.
For those not aware of how to uninstall patches. it’s now hidden in add/remove programs there is a tick box at the top that says “show updates”.
Once ticked, search for the update, uninstall and then reboot and the problem should be resolved.
This issue has been addressed on technet:
http://blogs.technet.com/dodeitte/archive/2009/10/13/do-not-apply-kb974571-to-lcs-ocs-servers.aspx
EVENT ID 36881 Schannel Error
I received this error on a box that holds a database that polls LDAP once a day on LDAPS to get our user directory for its contact info etc.
This error started after certificates rotated on some of the boxes and it must have rotated on the box this server polls to get the AD info from.
Thanks to Microsoft the solution was simple but annoying, a scheduled reboot of the machine.
http://support.microsoft.com/kb/839514
EventID:
Event Type: Error
Event Source: Schannel
Event Category: None
Event ID: 36881
Date: 7/10/2009
Time: 6:38:56 PM
User: N/A
Computer:
Description:
The certificate received from the remote server has expired. The SSL connection request has failed. The attached data contains the server certificate.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
Unable to initialize the protocol stack error code is
MY LCS 2005 server decided to stop communications to my OCS 2007 server, any user on the ‘07 server saw the ‘05 users presence as “unknown”.
Upon further investigation i found the issue was the certificate had expired and so TLS had stopped working.
Process of resolution was to install a new cert and define that cert in the Mutual TLS connection in the properties of the ‘05 server.
Step-by-step guide is as follows:
Start->run->mmc
in console(mmc)
file-> Add/Remove snap-in
Add->Certificates->computer account (certificates) -> finish -> close -> OK
Breaking out the tree and into personal then certificates, you should see the cert that is listed with the expiry date that means its no longer valid.
This is preference but i chose right click-> All tasks -> Request Certificate with same key
This is pretty much a click next setup, don’t worry about advanced options.
Once this is done, go into the LCS mmc console to administer your LCS server:
Forest->domains->
Under connections you will have at least two (tcp and mutual TLS) and highlighting the Mutual TLS and choosing edit you can choose the select certificate option and install the new certificate, mine whinged about the cert not being valid yet but i selected it anyway and with a server restart and a disconnect and reconnect manually on the client, i had full connectivity again.
EventID:
A number of event ID errors were coming up for me such as the following across both LCS and OCS servers:
event ID: 14397
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.
event ID: 16417
Unable to initialize the protocol stack. The service has to stop.
event ID: 12299
The service is shutting down due to an internal error.
Error Code: 0x800B0101.
Resolution:
Check the previous event log entries and resolve them. Restart the server. If the problem persists contact product support.
event ID: 14502
A significant number of connection failures have occurred with remote server
The specific failure types and their counts are identified below.
Instance count - Failure Type
60 8007274D
This can be due to credential issues , DNS , firewalls or proxies. The specific failure types above should identify the problem.
event ID: 14428
TLS outgoing connection failures.
Over the past 0 minutes Office Communications Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80090328 (The received certificate has expired.) while trying to connect to the host “INTGVIRT2K3004.integ.net.au”.
Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
Resolution:
For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.
event ID: 14359
Unable to use the default outgoing certificate.
Error 0x800B0101 (A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
).
Cause: The certificate may have been deleted. It could also happen if the certificate has become invalid or due to insufficient permissions.
Resolution:
Ensure that the certificate is present and valid in the local computer certificate store. Also ensure that the server has sufficient privileges to access the store.
event ID: 14397
A configured certificate could not be loaded from store. The serial number is attached for reference.
Extended Error Code: 0x800B0101.
Cause: This could happen if the certificate is not found. This could also happen if the server has insufficient privileges to read the certificate or to access the store containing the certificate.
Platform(s) Affected: Windows Server 2003 32-bit, Windows Server 2003 64-bit
Windows XP UpTime
For a quick way to see uptime in windows xp you can use the following string
systeminfo | Find “Up Time”
it’s basic but if you need to know up time it’s there to be used!
Platform(s) Affected: Windows XP
Recreate Windows Shares Quickly
Generally this list shouldnt be too big as you should be using ntfs for your permissions (at least i do) for more flexibility and security.
This is however handy to know that net share can do this for you.
http://nerhood.wordpress.com/2007/04/04/quickly-recreate-shares-on-windows-servers/
Permalink
Give Windows XP Network Level Authentication Support
I ran into a hitch with all these new fancy Windows 2008 servers where the new group policy is for NLA (Network Level Authentication) but I’m stubborn and I am still on XP and havent gone to Vista.
Thanks to an article at Vidmar i found a solution through one of the people that commented on a similar article written pre SP3 days.
To enable NLA in XP machines; first install XP SP3, then edit the registry settings on the XP client machine to allow NLA
• Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Exit Registry Editor.
9. Restart the computer.
Now when you run remote desktop you will notice that Network Level Authentication is supported. To check this, right-click the top left hand corner of a remote desktop session and choose, Help > About
Another poster linked to the microsoft post which is much more long whinded.
Permalink
Windows 2003 doesnt align partitions on SAN’s automatically
An interesting fact i found out the hard way, windows 2003 wont align partitions on a SAN correctly all the time so to be safe i use diskpart.
Using DiskPart on Windows 2003 to create partitions:
DISKPART
> SEL DISK {x}
> CREATE PARTITION PRIMARY ALIGN=1024
Windows 2008 does this automatically.
Permalink
Active Desktop Script Error
This issue is easily solved with the following registry key.
Active Desktop crashes and when you try to restore active desktop you get a script error.
Open Regedit and navigate to the following key.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components
Change the value of DeskHtmlVersion to zero instead of decimal 272
Permalink
Windows 2000 Australian Timezone Not Updating
Windows 2000 is no longer supported and as such will not get windows updates that fix things such as timezones.
This means its up to us trusty admins to do this stuff by hand on the one legacy box that for some reason or another still runs the ancient operating system of almost a decade ago.
The registry key below will fix both the timezone issue and as per microsoft instruction, will maintain parity with older timezone areas so its best to run the whole reg change.
Its best to reboot the box afterwards to make sure everything updates correctly.
create a .reg file with the following info(copy and paste below into it) : -
--------------------------------------------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time]
“Display"="(GMT+10:00) Canberra, Melbourne, Sydney”
“Dlt"="AUS Eastern Daylight Time”
“Std"="AUS Eastern Standard Time”
“MapID"="20,21"
“Index"=dword:000000ff
“TZI"=hex:a8,fd,ff,ff,00,00,00,00, c4,ff,ff,ff,00,00,04,00,00,00,01,00,03,00,00,\
00,00, 00,00,00,00,00,0a,00,00,00,01,00, 02,00,00,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones\AUS Eastern Standard Time\Dynamic DST]
“FirstEntry"=dword:00000x7d7
“LastEntry"=dword:00000x7d8
“2007"=hex:a8,fd,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,03,00,00,00,05,00,03,00,00,\ 00,00,00,00,00,00,00,0a,00,00,00,05,00,02,00,00,00,00,00,00,00
“2008"=hex:a8,fd,ff,ff,00,00,00,00,c4,ff,ff,ff,00,00,04,00,00,00,01,00,03,00,00,\ 00,00,00,00,00,00,00,0a,00,00,00,01,00,02,00,00,00,00,00,00,00
Permalink
windows cannot find 1[7].exe mapped network drive
This was an issue where a virus tried to inject itself on the file server and after removing all traces of the virus itself it managed to inject an autorun.inf into the root of a network share on the file server.
obivously the .exe is a self generated file but what you need to do is dig into the root of the windows share eg. on the server f:/driveshare/ and check for a hidden autorun.inf file.
mine contained the following info.
[AutoRun]
open=7[1].exe
shellexecute=7[1].exe
shell\Auto\command=7[1].exe
as soon as this is removed the issue dissapears, some machine were stubborn however, in one case it took a process of (on the pc itself) removing the mapped drive, mapping to an alternate letter the same path then breaking that share and letting the logon script remap it back. I can only assume a caching issue was holding it there.
Permalink
Server 2008 View All running tasks with task sheduler
One of the best things to do is to understand all tasks running and make sure there are no un-necessary ones.
This techrepublic article shows you how to do that easily and efficiently.
http://blogs.techrepublic.com.com/datacenter/?p=399&tag=nl.e071
Permalink
WDS doesnt see dell system partition
We had an issue where by habit we delete the dell system partition because well, we don’t need it.
This creates a problem, the dell partition isn’t detected by WDS during an image deployment (because its formatted FAT) but it still takes the initial partition so the boot.ini that is created will use a 1 however that is taken up by the dell system partition.
Our plan is to not use that partition at all and we haven’t for quite some time, during our new image revision deployment one or two popped up and this solution was a godsend as its easy enough to walk someone through over the phone (since we have a centralised IT support staff and geographically separated offices.
Error Message:
Windows don’t boot because the file
Please re-install a copy file.
Solution
Boot into WDS as if deploying an image
once logged on hit Shift+F10 to get a Command prompt
DISKPART
SELECT DISK 0
CLEAN
CREATE PARTITION PRIMARY
EXIT
EXIT
once the Command Prompt closes you can continue the image.
Permalink
Exchange SendAs Mailbox Permissions Explained
a good article on how to sort out exchange send as permissions thanks to Microsoft and this link http://technet.microsoft.com/en-us/library/aa998291(EXCHG.80).aspx
Permalink