Thursday, April 03, 2008

The Ultimate MMC Setup

I’m not going to go through everything I use as alot are default and you should be able to sort out remote desktop and standard stuff like event logs on your own, i do however recommend these packs to really spice up your remote mmc goodness.

2003 admin pack
Must be installed before proceeding
Vista Issue: Note that Vista is a bit broken with this so to get this working with vista and active directory connector (mmc) you need to follow This Guide

Active Directory Admin Pack
Note: You will need your Server 2003 CD to do this.
Installation instructions

Remote Schema Management
This isn’t in the AD admin pack by default so you need to follow this

Exchange Admin Pack
You need to install the admin pack from the exchange cd and I would walk you through it but petri as usual comes through with the goods so if you need a guide on that go to the link

Remote desktop right click addon
Allows you to right click a computer in AD and try to remote control it
needs to be run once on the AD
rcontrol_setup.exe program is run once for the AD to enable the feature
On any computer you want to have this feature on (your admin machines) copy rControl.exe tool and make sure it’s in a locatable path, e.g. %WINDIR% (C:\WINNT for example)

note: I don’t tend to use this feature, i find it easier to just make a section of my MMC with remote desktops setup to all my important servers. I use dameware for remoting to clients as that is much easier and allows for an interactive session.

Install .Net Framework 2.0 or 3

Install MMC 3.0

Install Report Viewer

Run the WSUS Setup and just choose the console, nothing else


Posted by admin in • Windows XP

Handy WSUS Commands

When im doing troubleshooting i always find random commands that help me along the way, this is the best of the best for WSUS.
Note: all are done at the commandline unless specified otherwise

wuauclt /detectnow
Explanation: Forcing an update/install of a client against the server, this command will force the client to check for new updates and install them if thats enforced in a group policy.

wuauclt /detectnow /reauthorize
Explanation: A variant that can be used when really trying to update a machine in the WSUS database.

wuauclt.exe /resetauthorization
Explanation: This will reauthorize the machine for WSUS updates,

All commands will create an entry in the windowsupdate.log file this is located in the root of your system root (usually WINNT or WINDOWS), make sure its the one without a space as the ‘windows update.log” file is different.

Explanation: This will send reports to the report server immediately.

Wsus Not Applying Group Policy Groups(OU’s) To Computers

Computers would not go into groups thanks to this tickbox—assign-computers-t.aspx

“3. Open WSUS console, click Options->Computers, select “Use Group Policy or
registry settings on computesr” setting and click OK.”

I had initally set it up using the internal WSUS listings then i changed to using site based OU’s to apply their groups but had forgotten about that tickbox from the initial install.

Installing WSUS 3.0 SP1

So i was installing WSUS 3.0 SP1 and I thought I would put all the links i used here.

You need to download the installer HERE
you will need the .net framework installed before installing this or you will get the following error.

Error Message:

WusSetup.exe – Unable To Locate Component

This application failed to start because mscoree.dll was not found. Re-installing the application may fix this problem.

Ms article related to it HERE

.net Framework download link HERE

Unable To Browse To Sharepoint From Clients

Every now and then a single client will stop being able to browse to sharepoint, they will get a 404 or 504 error or something. Sharepoint works fine for everyone else but whenever this specific client tries to go there its just a plain error, It’s to do with credential caching and heres the solution.


In IE -> tools->options->security->local intranet->custom level->(scroll to the bottom)->”prompt for user name and password”
Access the site once like this and it will prompt for credentials, enter your correct credentials.
Then set that back to “automatic logon only” in intranet zone

Posted by admin in • Windows XP
Thursday, March 27, 2008

Gpresult On 2003 Native Domain Shows 2000

This did come as a shock to me but due to the age of the application it still only identifies Native 2003 domains as 2000 Domains, so no need to panic like I did and wonder what massive part of your network just broke.

Example gpresult on a native 2003 domain:

Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001

Created On 27/03/2008 at 11:16:03 AM

RSOP results for domain\ on computername : Logging Mode

OS Type:              Microsoft Windows XP Professional
OS Configuration:        Member Workstation
OS Version:            5.1.2600
Domain Name:            domainname
Domain Type:            Windows 2000
Site Name:            sitename
Roaming Profile:
Local Profile:          C:\Documents and Settings\
Connected over a slow link?: No

Wednesday, March 19, 2008

How to find FSMO roles in a Domain

FSMO Roles are extremely important to Active Directory and understanding where they lie and how they all work (eg. some roles only exist once on a domain) should be at the top of your list of “things to know” if you aren’t already well versed on it.

Wiki - FSMO Explained
Windows Networking explain FSMO
Petri explanation of FSMO

I found this Technet Blog to be extremely useful in the most efficient ways to find where your roles lie.

On any domain controller, click Start, click Run, type Ntdsutil in the Open box, and then click OK.
Type roles, and then press ENTER.
Type connections, and then press ENTER.
Type connect to server

, where

is the name of the server you want to use, and then press ENTER.
At the server connections: prompt, type q, and then press ENTER again.
At the FSMO maintenance: prompt, type Select operation target, and then press ENTER again.
At the select operation target: prompt, type List roles for connected server, and then press ENTER again.
Type q 3 times to exit the Ntdsutil prompt.

Petri has an article on the matter but i find his ways a little more involved than the technet above from Mark.

I find that no matter how confident I am that I have removed all FSMO from a domain controller before demoting it, I still use this to double check.

Posted by admin in • Active Directory (AD)
Thursday, March 13, 2008

Define IP Address via Commandline

A very interesting situation i came across when migrating a server into ESX.
I coudlnt’t change the ip address through network connections as they weren’t appearing there and the network connections panel would lockup.
The server was showing them in ipconfig but i coudln’t change the ip adresses to define them, my only choice was to do it via commandline.
This is where the netshell comes into its own, the following command was what i used. As soon as i made the specific change the adaptors became available in the network connections menu.
I cant explain why this was an issue but due to migrating from a physical install to a virtualised one i was willing to go with it.
The source=static part is to define static instead of dhcp.

netsh interface ip set address name=“local area connection” source=static addr= mask=

unfortunately the vlan my servers sit in dont have dhcp or the following command would help at least get an ip on the NIC and allow me to administer it that way, but maybe you want to so here it is.
netsh interface ip set address “Local Area Connection” dhcp
netsh interface ip set dns “Local Area Connection” dhcp

Determining which NIC to alter
luckily i could still access the commandline so i can do an ipconfig and find the name of the NIC, you may want to change a different one than the primary and say its the second one you can use the command below to give you an idea of how that should be put in.
“local area connection 3”

Posted by admin in • Netsh
Wednesday, March 12, 2008

Defragmenting Exchange Server 2000 and 2003 without enough disk space

Up until now has been one of my local haunts for info on how to do certain tasks, sometimes I find he has things laid out in a certain way that aren’t always suitable for me. Generally if I’m going back for a second or third time just to get a command out of his site I want a more “concise” explanation. For those who still need to be walked through it properly I still strongly recommend him as his site contains allot of good info.

For those who just need the nitty gritty like me, here’s the quick reference version.
Dismount your store -> Exchange System Manager -> go to DB and right click (Dismount)
Not dismounting will give this error: Operation terminated with error -550

You can find your database easily by doing a file search for priv1.edb if you are not sure.
You will do the defrag with eseutil which is in the exchange dir (again do a file search for it if you can’t find it)
Please note my Drive names are different to the default as I don’t mount my store with anything else, my log files and my store are both separate partitions from each other as well as all other windows components to keep performance up at a maximum.
F: = where my store exists
H: = where I have enough disk space to perform the defrag as you need about 130% of the store to do a defrag and i didn’t have that on the partition the store currently exists on.
F:\bin>eseutil /d “f:\mdbdata\priv1.edb” /t “h:\mdbdata\tempdfrg.edb” /f “h:\mdbdata\tempstrm.stm”
Make sure to do a full backup after this as your old backups are no longer valid, that’s why it’s best to do this whole process in a big after hours outage window. Note that it can take some time to do a defrag (approx an hour for 5gb of store)

Specify the streaming files location (if it’s not in the default with your edb)
Error 550 when using eseutil – database still mounted

Posted by admin in • Exchange
Tuesday, March 11, 2008

Australian 2008 Timezone Changes / Updates

Australian timezones call back delta and spring forward delta will be extended this year (2008), I’ve listed a whole bunch of links and article links below to help you in getting things patched in time for this change.

Server 2003 Package (x86)

Server 2003 Package (x64)

Vista Package (sp1 doesnt need the update)

XP Package

Outlook 2003
Requires sp2 or sp3 installed
requires a request to MS for the patch

Outlook 2007
odd name for the patch but this is the one to use.

Windows Mobile Update (cab file to be installed on phone)

Windows Mobile Update (run on desktop with phone connected)

Microsoft Exchange 2003
Exchange is a little tougher, you have to request the patch which makes it a slower process and will catch people out who only patch after the daylight savings changes happen and realise they haven’t patched their mail server(s).
You need to be at, at least Service Pack 1 in exchange 2003 and I would suggest using the excuse to go to SP2. To check your service pack there are two methods, I find the method that is actually listed on a Cisco page of all places as one of the easiest ways.
you basically find the store.exe in your exchsrvr\bin directory and go to the properties and in the version comments it displays your service pack level.
Microsoft do offer the SPCheck tool for those who wish to check on that as well as a large number of other components.

Exchange 2003 SP2 page with request link

Full Technet Article with all the appropriate links (alot of which used here)

2008 daylight savings planning pdf


Posted by admin in • Windows 2003 Server
Friday, March 07, 2008

Deploy Macromedia Flash Player via MSI in Group Policy

I was having issues with users who are limited to user or power user levels and unable to view flash based sites, my solution was to deploy the MSI of flash via group policy.
i have linked to the MSI on Macromedias site below.

Macromedia MSI File Link

Posted by admin in • Group Policy

Set NTP Time on Windows Server 2003

When you have multiple servers it is best to only have one going out to the internet for NTP and the rest of your servers feeding off that box (as long as its reliable) to reduce network traffic and NTP traffic. Below i list all the commands i found handy in doing this, please note that server.ip is the ip address of the box that is getting time from the internet.
These commands can be as useful when trying to change the ntp server that your windows servers use or to check what server they use.

Short List of Commands
net time /setsntp:server.ip
net stop w32time
net start w32time
net time /querysntp
net time \\server.ip

Example commands in Action
net time /setsntp:server.ip
The command completed successfully.

net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

net time /querysntp
The current SNTP value is: server.ip

The command completed successfully.

net time \\server.ip
Current time at \\server.ip is 24/07/2007 5:18 PM

The command completed successfully.

Posted by admin in • Windows 2003 Server
Wednesday, March 05, 2008

Microsoft Exchange 0x8004010F error

I had a friend call me asking me about a problem that he was having where he did a migration of users from one exchange server to another and removed the original exchange server from the domain.
He removed the server properly through demotions but the outlook clients would always give an 0x8004010F error when they did a send and receive.
This error relates to the offline address book that the server holds for clients, when he moved the users the address book was still caching entries from the original server.

Error Message:

When you try to synchronize the offline address list on a Microsoft Exchange Server “0x8004010F An object could not be found”

If you try to send an e-mail message after you receive this error message, you may receive the following error message in Outlook 2003:
Task ‘Microsoft Exchange Server’ reported error (0x8004010F): ‘The operation failed. An object could not be found.’

I’ve linked to the KB article below that you need to finish off, but basically you need to follow the steps below first.
Exchange System Manager -> Offline Address Lists -> (Delete) “Default Offline Address List”
Once this has been removed you will need to add it again, this is done with the following steps:
Right Click “Offline Address Lists” -> New -> Offline Address List -> make the name “Default Offline Address List” ->
Choose your offline address list server as the exchange server -> click next -> Select the address list as the “default global address list” -> Next**
-> Finish

**Note the message here where it says “The Public folder that will contain this Offline Address List will be created during store maintenance period on [servername]. Therefore this Offline Address List will not be available to clients until that time.
- This message indicates that the rebuild will not occur until the maintenance cycle and for most people that will mean, come back tomorrow.

This KB Link is only relevant if the above did not fix your issues, depending on how you went about the removal the below may or may not be applicable.
MS KB Link
Microsoft KB 905813

Posted by admin in • Exchange

Deploying Vista using WDS

Or maybe you are just curious to see how the new XML format has turned out as i was, this gives you a good indication of what you can expect to have to do to get things running.
I’m using WDS to deploy XP myself, so this isn’t exactly how i do my deployments but its good to see where its going and maybe by the time vistas replacement comes out i’ll be ready to replace the desktop OS in my company.

Link to article HERE.

Friday, February 29, 2008

Printers Not Appearing In Active Directory When Published

So Printers are being added but they aren’t appearing in AD even when you tick the box in the sharing tab “List in the Directory” they still do not appear. 
Of note is when you add a new printer into your printer list the local events will show an Event ID 9 (System Event Log). What should happen when its added to AD is you see an Event ID 36, In my case I didn’t see this event at all.

Googling around I noticed that the fix most people were going for is to reboot the server, in my case fortunately that is a primary file server in one of my larger sites so was not an option. The issue is actually stemming from the good ol’ Print Spooler Service; all you need to do is restart that service and all those printers that you added and haven’t appeared will now all be there. Event ID 36 will also appear in logs if you are doing this remote and can’t actually see the list for whatever reason. The problem seems to just happen over time as after a print spooler service restart i can still add printers and they update straight away but if i leave the server up for a lengthy period of time (Days/Weeks) i notice i have to restart the service, im not sure if this is by design or one of MS little ‘quirks’ but its a hacky solution to an unfixable problem from what i found.

Posted by admin in • Active Directory (AD)
Page 5 of 6 pages « First  <  3 4 5 6 >