Windows Server 2003

This is a pretty specific set of instructions for a specific environment:

• If

• you are using Microsoft System Center Operations Manager 2007

• and

• you have a Microsoft Certificate Services 2003 Certificate Authority on your domain

• and

• you have non-domain Windows Server 2008 servers you wish to monitor or set up as a gateway server.

Getting a certificate for either a Gateway Server or remotely monitored Server can be a touch vexing. If you’re installing on the same domain as the SCOM management server the security settings take care of themselves, not so for non-domain servers, which require mutual certificate authentication. The Gateway must trust the Domain CA and identify itself as trusted to the Management Server. I have bashed my head against this several times now, so I thought I’d make a precise blog post to cover the steps required!

I logged onto a production domain controller this morning and checked the event logs to be confronted with this:

Event ID 1030 and 1058 every 5 minutes, looking into the detail for these events I can see its a replication issue for one of the GPOs.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp .

I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing “DCDIAG /TEST:DNS” with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.

I recently had an issue where a hosting environment was registering a lot of Netlogon Event 1030/1058 issues, being unable to find the Group Policy objects or download them. In this example, the server DC is the domain controller for DOMAIN.LCL.

_Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1030

Date:  10/09/2009

Time:  06:24:29

User:  NT AUTHORITY\SYSTEM

Computer: DC

Description:

Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. For more information, see Help and Support Center at_ http://go.microsoft.com/fwlink/events.asp .

We have a folder redirection policy in place for all of our users in combination with a roaming profile policy - this policy is applied to the OU that contains our users. Unfortunately this policy was accidently linked to the root of our domain too, causing our Domain Admin users to be redirected too - something we do not want. When the mistake was discovered, the policy was unlinked, but the redirection remained (despite being set to revert when users fall out of scope). I tried re-applying the policy, modifying the out of scope policy and then moving the Domain Admin user out of scope, but it failed to remove the folder redirection.

Our development SQL server is a monster…there are many many databases, and hundreds, if not thousands of backup files. With each patch tested on the software we sell, there is a new backup. With each client deployment, a new database. With each new major version, a new database. Backups of the new databases inevitably occur, and so we have more files, in more folders - most of which need to be kept in case of roll-backs, bugs or deployment issues.

I was just installing PowerShell on one of my Windows Server 2003 servers, when I encountered the error “You do not have permission to update Windows Server 2003. Please contact your system administrator.” Odd, especially considering that I was installing as the Domain Administrator, and that user should have more than enough permissions. A little bit of digging led me to MSKB 888791 which shows the permissions that are required in Group Policy to install the update. Check that your applicable GPO has the following permissions for your user:

32-bit processors have a limitation of only being able to directly address 4GB RAM - their architecture was never designed to address more. 64-bit processors get around that limitation by being able to us 64 bits to address RAM (potentially 16,777,216 GB), but what do you do if you have an application that won’t work on a 64-bit copy of Windows, but does need to utilise more than 4GB of RAM?

Well, I’ve been away with my friends at Firebrand again and guess what…MCSE Windows Server 2003!

• 70-293 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
• 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
• 70-298 Designing Security for a Microsoft Windows Server 2003 Network

We recently needed to upgrade one of our applications, and the new version requires an addition server instead of the application and SQL it requires a back end search, a front end web server and a SQL server. The specifications of the new server which are “required” to qualify for support are pretty high. The problem is that the actual processor usage is very light, and it is very hard to justify buying a whole new server that I know is going to be barely used.