DefinIT Because if IT were easy, everyone would do it…

29Mar/100

Event IDs 1030 and 1058 on Server 2003 Domain Controller

Posted by Sam McGeown

I logged onto a production domain controller this morning and checked the event logs to be confronted with this:

image 

Event ID 1030 and 1058 every 5 minutes, looking into the detail for these events I can see its a replication issue for one of the GPOs.

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1030
Date:		29/03/2010
Time:		04:01:29
User:		NT AUTHORITY\SYSTEM
Computer:	DC01
Description:
Windows cannot query for the list of Group Policy objects.
Check the event log for possible messages previously logged by the
policy engine that describes the reason for this.


For more information, see Help and Support Center at 

http://go.microsoft.com/fwlink/events.asp.

The slightly more informative 1058 showed

Event Type:	Error
Event Source:	Userenv
Event Category:	None
Event ID:	1058
Date:		29/03/2010
Time:		04:06:30
User:		NT AUTHORITY\SYSTEM
Computer:	DC01
Description:
Windows cannot access the file gpt.ini for GPO CN={3A7AC061-A26C-4154
-8CF5-01D5754E5C2C},CN=Policies,CN=System,DC=DOMAIN,DC=LCL.
The file must be present at the location <\\DOMAIN.LCL\SysVol\DOMAIN.LCL
\Policies\{3A7AC061-A26C-4154-8CF5-01D5754E5C2C}\gpt.ini>. (Access is denied. ).
Group Policy processing aborted. 

For more information, see Help and Support Center at 

http://go.microsoft.com/fwlink/events.asp.

There was no visible cause for the errors, DFS had just got it’s knickers in a twist somehow and was not resolving the DFS share for the domain correctly.

The resolution was fairly simple, running the “dfsutil /purgeMUPCache” command seems to have resolved it for now. The /PurgeMUPCache command clears the MUP Cache (duh!) which holds info about DFS and other shares on the client system.

Technet says: “Clears the client MUP cache, preventing confusion about the current provider when such names conflict. Except for a temporary performance hit, this command has no other adverse effects. This command does not affect any DFS metadata. If this command is not run, and the namespace is not accessed, the obsolete cache entry eventually expires.”

There are plenty of other causes for these errors, if your server is multi-homed (multiple NICs) then check that your “public” NIC is at the top of the adaptor bindings.

My DC is now running happily, no 1030 or 1058s.

24Mar/100

Configuring Server 2008 R2 Core Series: Installing and Managing IIS

Posted by Sam McGeown

So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!

In this post, I’m covering Installing the IIS web server (and a few useful bits) and managing it from the IIS Management Snap-in.

Installing the basic IIS installation

Installing optional components in Server 2008 R2 Core is handled by two commands, OCList and OCSetup. OCList, as the name suggests, lists the optional components and their status, installed or not installed. It’s a long list, so I recommend issuing the command with the “|more” pipe:

oclist | more

The output looks something like this:

image

OCSetup will accept any one, or multiple, of the roles listed in OCList as an argument to install. It’s recommended you use the command with “start /w” preceding so that the command prompt will wait for the installation to finish before continuing.

To install the basic IIS web server install, use

start /w ocsetup IIS-WebServerRole

As far as I can see, this installs the roles:

Installed:IIS-WebServerRole

Installed:IIS-WebServer

Installed:IIS-ApplicationDevelopment

Installed:IIS-CommonHttpFeatures

Installed:IIS-DefaultDocument

Installed:IIS-DirectoryBrowsing

Installed:IIS-HttpErrors

Installed:IIS-StaticContent

Installed:IIS-HealthAndDiagnostics

Installed:IIS-HttpLogging

Installed:IIS-Performance

Installed:IIS-HttpCompressionStatic

Installed:IIS-Security

Installed:IIS-RequestFiltering

Installed:IIS-WebServerManagementTools

In order to get .Net functioning and allow remote management, you’ll also need the following components installed, a registry key added and the Web Management Service Started (in order):

start /w ocsetup WAS-NetFxEnvironment
start /w ocsetup IIS-ISAPIExtensions
start /w ocsetup IIS-ISAPIFilter
start /w ocsetup IIS-NetFxExtensibility
start /w ocsetup IIS-ASPNET
start /w ocsetup IIS-ManagementService

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server /v EnableRemoteManagement /t REG_DWORD /d 1

net start wmsvc

You should now be able to manage your IIS server via the IIS Management Console on a Windows Server 2008 or Windows 7 PC with Remote Server Administration Tools installed.

image

You can also manage IIS through a PowerShell addin, if you run powershell.exe on your Server Core installation, then import the WebAdministration Module:

C:\Users\Administrator>powershell
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\Administrator> Import-Module WebAdministration
PS C:\Users\Administrator> Get-Command -PsSnapin WebAdministration

CommandType     Name                            Definition
-----------     ----                            ----------
Cmdlet          Add-WebConfiguration            Add-WebConfiguration [-Filte...
Cmdlet          Add-WebConfigurationLock        Add-WebConfigurationLock [-F...
Cmdlet          Add-WebConfigurationProperty    Add-WebConfigurationProperty...
Cmdlet          Backup-WebConfiguration         Backup-WebConfiguration [-Na...
Alias           Begin-WebCommitDelay            Start-WebCommitDelay
Cmdlet          Clear-WebConfiguration          Clear-WebConfiguration [-Fil...
Cmdlet          Clear-WebRequestTracingSettings Clear-WebRequestTracingSetti...
Cmdlet          ConvertTo-WebApplication        ConvertTo-WebApplication [[-...
Cmdlet          Disable-WebGlobalModule         Disable-WebGlobalModule [-Na...
Cmdlet          Disable-WebRequestTracing       Disable-WebRequestTracing [[...
Cmdlet          Enable-WebGlobalModule          Enable-WebGlobalModule [-Nam...
Cmdlet          Enable-WebRequestTracing        Enable-WebRequestTracing [[-...
Alias           End-WebCommitDelay              Stop-WebCommitDelay
Cmdlet          Get-WebAppDomain                Get-WebAppDomain [-InputObje...
Cmdlet          Get-WebApplication              Get-WebApplication [[-Name] ...
Cmdlet          Get-WebAppPoolState             Get-WebAppPoolState [[-Name]...
Cmdlet          Get-WebBinding                  Get-WebBinding [[-Name] <Str...
Cmdlet          Get-WebConfigFile               Get-WebConfigFile [[-PSPath]...
Cmdlet          Get-WebConfiguration            Get-WebConfiguration [-Filte...
Cmdlet          Get-WebConfigurationBackup      Get-WebConfigurationBackup [...
Cmdlet          Get-WebConfigurationLocation    Get-WebConfigurationLocation...
Cmdlet          Get-WebConfigurationLock        Get-WebConfigurationLock [-F...
Cmdlet          Get-WebConfigurationProperty    Get-WebConfigurationProperty...
Cmdlet          Get-WebFilePath                 Get-WebFilePath [[-PSPath] <...
Cmdlet          Get-WebGlobalModule             Get-WebGlobalModule [[-Name]...
Cmdlet          Get-WebHandler                  Get-WebHandler [[-Name] <Str...
Cmdlet          Get-WebItemState                Get-WebItemState [[-PSPath] ...
Cmdlet          Get-WebManagedModule            Get-WebManagedModule [[-Name...
Cmdlet          Get-WebRequest                  Get-WebRequest [-InputObject...
Cmdlet          Get-Website                     Get-Website [[-Name] <String...
Cmdlet          Get-WebsiteState                Get-WebsiteState [[-Name] <S...
Cmdlet          Get-WebURL                      Get-WebURL [[-PSPath] <Strin...
Cmdlet          Get-WebVirtualDirectory         Get-WebVirtualDirectory [[-N...
Function        IIS:                            set-location IIS:
Cmdlet          New-WebApplication              New-WebApplication [-Name] <...
Cmdlet          New-WebAppPool                  New-WebAppPool [-Name] <Stri...
Cmdlet          New-WebBinding                  New-WebBinding [[-Name] <Str...
Cmdlet          New-WebFtpSite                  New-WebFtpSite [-Name] <Stri...
Cmdlet          New-WebGlobalModule             New-WebGlobalModule [-Name] ...
Cmdlet          New-WebHandler                  New-WebHandler [-Name] <Stri...
Cmdlet          New-WebManagedModule            New-WebManagedModule [-Name]...
Cmdlet          New-Website                     New-Website [-Name] <String>...
Cmdlet          New-WebVirtualDirectory         New-WebVirtualDirectory [-Na...
Cmdlet          Remove-WebApplication           Remove-WebApplication [-Name...
Cmdlet          Remove-WebAppPool               Remove-WebAppPool [-Name] <S...
Cmdlet          Remove-WebBinding               Remove-WebBinding [-Protocol...
Cmdlet          Remove-WebConfigurationBackup   Remove-WebConfigurationBacku...
Cmdlet          Remove-WebConfigurationLocation Remove-WebConfigurationLocat...
Cmdlet          Remove-WebConfigurationLock     Remove-WebConfigurationLock ...
Cmdlet          Remove-WebConfigurationProperty Remove-WebConfigurationPrope...
Cmdlet          Remove-WebGlobalModule          Remove-WebGlobalModule [-Nam...
Cmdlet          Remove-WebHandler               Remove-WebHandler [-Name] <S...
Cmdlet          Remove-WebManagedModule         Remove-WebManagedModule [-Na...
Cmdlet          Remove-Website                  Remove-Website [-Name] <Stri...
Cmdlet          Remove-WebVirtualDirectory      Remove-WebVirtualDirectory [...
Cmdlet          Rename-WebConfigurationLocation Rename-WebConfigurationLocat...
Cmdlet          Restart-WebAppPool              Restart-WebAppPool [[-Name] ...
Cmdlet          Restart-WebItem                 Restart-WebItem [[-PSPath] <...
Cmdlet          Restore-WebConfiguration        Restore-WebConfiguration [-N...
Cmdlet          Select-WebConfiguration         Select-WebConfiguration [-Fi...
Cmdlet          Set-WebBinding                  Set-WebBinding [[-Name] <Str...
Cmdlet          Set-WebConfiguration            Set-WebConfiguration [-Filte...
Cmdlet          Set-WebConfigurationProperty    Set-WebConfigurationProperty...
Cmdlet          Set-WebGlobalModule             Set-WebGlobalModule [-Name] ...
Cmdlet          Set-WebHandler                  Set-WebHandler [-Name] <Stri...
Cmdlet          Set-WebManagedModule            Set-WebManagedModule [-Name]...
Cmdlet          Start-WebAppPool                Start-WebAppPool [[-Name] <S...
Cmdlet          Start-WebCommitDelay            Start-WebCommitDelay [-Verbo...
Cmdlet          Start-WebItem                   Start-WebItem [[-PSPath] <St...
Cmdlet          Start-Website                   Start-Website [[-Name] <Stri...
Cmdlet          Stop-WebAppPool                 Stop-WebAppPool [[-Name] <St...
Cmdlet          Stop-WebCommitDelay             Stop-WebCommitDelay [[-PSPat...
Cmdlet          Stop-WebItem                    Stop-WebItem [[-PSPath] <Str...
Cmdlet          Stop-Website                    Stop-Website [[-Name] <Strin...

Serve up a .NET page, to taste

Not that you’d doubt me (!) but there’s one last thing to do - prove it worked. Fortunately, there’s an easy way to do that. I borrowed the code from www.codefixer.com to create a little “hello world” page. Since the default website is c:\inetpub\wwwroot\ I saved the page there as default.aspx and fired up my browser – et voila!

image

24Mar/100

Configuring Server 2008 R2 Core Series: Management Tasks

Posted by Sam McGeown

So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!

I’m going to look at some management tasks – the bread and butter of being a Windows admin.

Activating Server 2008 Core

Activating Server 2008 Core is done via a pre-packaged script called slmgr.vbs -  “Windows Software Licensing Management Tool”

Firstly, you have to install a Product Key (unless it was done during your install)

cscript C:\windows\system32\slmgr.vbs /ipk <Product Key>

image

After that, it’s just a case of automatic activation, assuming you have internet access

cscript C:\windows\system32\slmgr.vbs /ato

 

If you’ve not got internet access for the server you can use the /dti option to get the Activation ID, call the Microsoft Licensing and Activation line and tap it in. Then use the /atp option to enter the response and activate.

 

Windows Updates

If you read the last post in this series, Configuring Server 2008 R2 Core Series: Network Settings, you may have seen the option in sconfig.cmd to set Windows Update settings. That’s the first, interactive, way to configure Windows Updates. It’s worth noting that the easiest way to do this is via your Group Policies, if you’re on a domain.

===============================================================================
                         Server Configuration
===============================================================================

1) Domain/Workgroup:                    Domain:  MCGEOWN.LOCAL
2) Computer Name:                       ServerCore2008
3) Add Local Administrator
4) Configure Remote Management

5) Windows Update Settings:             Manual
6) Download and Install Updates
7) Remote Desktop:                      Disabled

8) Network Settings
9) Date and Time

10) Log Off User
11) Restart Server
12) Shut Down Server
13) Exit to Command Line

Enter number to select an option: 5

Windows Update currently set to: Manual
Select (A)utomatic or (M)anual updates: A

Enabling Automatic updates...

The second method is the more command-line, scripting method. This sets it to download automatically and install at 3am every day (“/au 1” disables, “/au /v” shows current value):

Cscript c:\windows\system32\scregedit.wsf /au 4

 

Enabling Remote Management

Similarly to Windows Updates, remote management can be configured via sconfig.cmd or command line. Here’s how:

Enter number to select an option: 4
--------------------------------
  Configure Remote Management
--------------------------------

1) Allow MMC Remote Management
2) Enable Windows PowerShell
3) Allow Server Manager Remote Management
4) Show Windows Firewall settings

5) Return to main menu

Enter selection: 1

Enabling MMC firewall exceptions and Virtual Disk Service...

Enter selection: 2

Enabling Windows PowerShell...
Setting Windows PowerShell execution policy to remotesigned...

[Server requests a reboot here - you can't enable Server Manager until it's done]

Enter selection: 3

Setting Windows PowerShell execution policy to remotesigned...
Enabling Server Manager cmdlets...

Configuring Remote Server Manager settings...

 

If you need to do this via the command line, it happens like this…

Enable WinRM:

C:\Users\Administrator> winrm quickconfig
WinRM is not set up to allow remote access to this machine for management.
The following changes must be made:
Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.
Make these changes [y/n]? y
WinRM has been updated for remote management.
Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

Fire up PowerShell (powershell.exe) and set the execution policy to RemoteSigned

Set-ExecutionPolicy RemoteSigned

Then enable the Remote Administration rules on the firewall:

netsh advfirewall firewall set rule group="Remote Administration" new enable=yes

To configure management by Remote Desktop, you can run the now-familiar sconfig.cmd and select option 7, or you can issue the following commands:

cscript c:\windows\system32\scregedit.wsf /ar 0

netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes

Bear in mind that your RDP session will need TLS authentication and will not give you a desktop or GUI, just the command line interface. If you need to disable TLS for older clients (e.g. XP) you have to disable it with the following command:

cscript C:\Windows\System32\Scregedit.wsf /cs 0

Can you manage?

With all those steps completed, you should be able to connect to your server with Remote Server Administration Tools on any Server 2008 or Windows 7 computer.

This is my Windows 7 PC connected via “Server Manager”image

To connect via WinRS (Windows Remote Shell) and execute remote commands, use:

winrs -r:<server name> <command>

e.g:

winrs –r:<Server Name> cmd

Allows me access to the command shell on that server.

Finally, this is what RDP to the same server looks like:

image

Hopefully that gives you a few options for managing your Windows Server 2008 Core machine!

24Mar/100

Configuring Server 2008 R2 Core Series: Network Settings

Posted by Sam McGeown

So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!

Using the Server Configuration Tool

The server configuration tool (sconfig.cmd) is provided in R2 for some of the basic setup tasks, so you can run that by issuing the “sconfig” command. Out of the box, it looks something like this:

image

As you can see, this interactive tool will step you through configuring the network settings (Option 8), Computer Name (Option 2) or Domain/Workgroup (Option 1).

Enter number to select an option: 8

--------------------------------
    Network settings
--------------------------------

Available Network Adapters

Index#  IP address      Description

  0     192.168.8.117   Intel(R) PRO/1000 MT Network Connection

Select Network Adapter Index# (Blank=Cancel):  0

--------------------------------
    Network Adapter Settings
--------------------------------

NIC Index               0
Description             Intel(R) PRO/1000 MT Network Connection
IP Address              192.168.8.117
Subnet Mask             255.255.255.0
DHCP enabled            True
Default Gateway         192.168.8.1
Preferred DNS Server    192.168.8.5
Alternate DNS Server    192.168.8.22

1) Set Network Adapter IP Address
2) Set DNS Servers
3) Clear DNS Server Settings
4) Return to Main Menu

Select option:  1

Select (D)HCP, (S)tatic IP (Blank=Cancel): S
Set Static IP
Enter static IP address: 192.168.8.220
Enter subnet mask (Blank = Default 255.255.255.0):
Enter default gateway: 192.168.8.1
Setting NIC to static IP...

--------------------------------
    Network Adapter Settings
--------------------------------

NIC Index               0
Description             Intel(R) PRO/1000 MT Network Connection
IP Address              192.168.8.220
Subnet Mask             255.255.255.0
DHCP enabled            False
Default Gateway         192.168.8.1
Preferred DNS Server
Alternate DNS Server

1) Set Network Adapter IP Address
2) Set DNS Servers
3) Clear DNS Server Settings
4) Return to Main Menu

Select option:  2
DNS Servers

Enter new preferred DNS server (Blank=Cancel): 192.168.8.22
Enter alternate DNS server (Blank = none): 192.168.8.5
Alternate DNS server set.

--------------------------------
    Network Adapter Settings
--------------------------------

NIC Index               0
Description             Intel(R) PRO/1000 MT Network Connection
IP Address              192.168.8.220
Subnet Mask             255.255.255.0
DHCP enabled            False
Default Gateway         192.168.8.1
Preferred DNS Server    192.168.8.22
Alternate DNS Server    192.168.8.5

1) Set Network Adapter IP Address
2) Set DNS Servers
3) Clear DNS Server Settings
4) Return to Main Menu


Select option:  4
Enter number to select an option: 2

Computer Name

Enter new computer name (Blank=Cancel): SERVERCORE2008
Changing Computer name...
Enter number to select an option: 1

Change Domain/Workgroup Membership

Join (D)omain or (W)orkgroup? (Blank=Cancel) D

Join Domain
Name of domain to join:  MCGEOWN.LOCAL
Specify an authorized domain\user:  MCGEOWN\sam.mcgeown

Joining MCGEOWN.LOCAL...

Enter the password of the authorized user:

 

Command Line Configuration with Netsh/Netdom

There’s also a manual method (e.g. for a scripted installation and config) using Netsh and Netdom commands that most Windows admins will be familiar with.

List the interfaces (network adaptors):

netsh interface ipv4 show interfaces

Identify the name of the interface you want to assign an IP for and configure:

netsh interface ipv4 set address name="<Interface Name>" source=static address=<IP Address> mask=<Subnet Mask> gateway=<Gateway>

 

image

Configure DNS servers:

netsh interface ipv4 add dnsservers "<Interface Name>" <DNS Server IP> index=<number>

 

image

If you want to add more than one IP address for your server, try:

netsh interface ipv4 add address name="<Interface Name>" address=<Additional IP> mask=<Subnet Mask>

 

To change your computer’s name, you can use (leave off the /reboot if you don’t want to yet):

netdom renamecomputer /newname:<New Name> /reboot

 

To join your computer to a domain, you can use (leave off the /reboot if you don’t want to yet):

netdom /join /domain:<domain> /UserO:<domain\user to join with> /PasswordO:<Password> /reboot

 

Not so different after all?

At the end of all that, you can see that configuring basic network settings with sconfig.cmd is pretty straight forward, and configuring basic network settings for scripts, or a more command-line based admin, is also quite do-able.

C:\Users\Administrator>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ServerCore2008
   Primary Dns Suffix  . . . . . . . : MCGEOWN.LOCAL
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : MCGEOWN.LOCAL

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-50-56-AB-28-8B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3c4d:cdd1:5a4a:fbff%3(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.8.220(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 192.168.8.221(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 192.168.8.222(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 192.168.8.223(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.8.1
   DHCPv6 IAID . . . . . . . . . . . : 50352214
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-3B-B4-6C-00-50-56-AB-28-8B

   DNS Servers . . . . . . . . . . . : 192.168.8.5
                                       192.168.8.22
   NetBIOS over Tcpip. . . . . . . . : Enabled

C:\Users\Administrator>

Netsh command reference | Netdom command reference

23Mar/100

MCITP: Server Administrator and MCITP: Enterprise Administrator

Posted by Sam McGeown

I’m pleased to say that yesterday I took and passed two Microsoft Certified IT Professional exams, the Server Administrator (70-646) and the Enterprise Administrator (70-647). Hopefully I can take a bit of a break from study and write a few more technical posts here now!

Page 1 of 212