DefinIT

70-649: TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist

| 08/03/2010 | Tags: , ,

I’m pleased to announce that I’ve passed the 70-649, which gives me the following MCTS certifications:

Windows Server 2008 Active Directory, Configuration

Windows Server 2008 Applications Infrastructure, Configuration

Windows Server 2008 Network Infrastructure, Configuration

Next I’ll be looking at the 70-647 to get the full MCITP: Enterprise Administrator (I already took the 70-620 exam for my MCSE).

Upgrading Server 2008 RTM-SP2 to Server 2008 R2

| 11/02/2010 | Tags: ,

If you read the Microsoft blurb for R2, the first thing you notice is that Server 2008 R2 is 64-bit only(!). It seems Microsoft are forcibly removing 32-bit server hardware from the data centre. I’ve not seen a decent upgrade guide online so far, so here’s my process.

I’m going to be upgrading a Server 2008 R2 x64 SP2 Standard Edition virtual server to R2. To see what editions can and can’t be upgraded, check out this Technet Article, but it’s safe to say that you can’t upgrade across architectures (32-bit to 64-bit) and you can’t downgrade SKUs (Enterprise to Standard).

The first step, as ever, is always to back up your server, if the upgrade goes wrong, you can always restore and try again. You have been warned!

So, without further ado, slip in your R2 DVD and begin…

image Install

image Update

image Select your target SKU

image Select “upgrade” (obviously 🙂

image Check your upgrade report (which is saved as HTML on your desktop. The first time I ran this it said that I didn’t have enough free space – it required a whopping 15GB, which makes me think that this is no Server 2003 –> R2 upgrade, it’s the full blown OS install. Assuming everything checks out, go ahead.

image Sit back and grab a cup of coffee. After a while, you’ll reboot

 image and the upgrade begins in earnest. Once the process is completed, and another reboot has happened, you’ll be upgraded to R2. You’ll need to activate it with your R2 key.

image Once you’re activated, update your server using Microsoft update or your patching method.

image Et voila!

DCDIAG /TEST:DNS fails with errors regarding root hint servers

I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD – this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing "DCDIAG /TEST:DNS" with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.

The error looked something like this:

P:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01
      Starting test: Connectivity
         ……………………. DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes…

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.DOMAIN.COM
            Domain: DOMAIN.com


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)

               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: DOMAIN.com
               DC01                    PASS PASS FAIL PASS WARN PASS n/a

         ……………………. DOMAIN.com failed test DNS


It looks pretty horrific – DNS is failing at a basic level! It turns out that the actual issue is an old version of DCDIAG.EXE. After several hours and a lot of head scratching I checked the versions of the DCDIAG.EXE (normally c:\Program Files\Support Tools\dcdiag.exe) and "Lo! And Behold!" the version was different. I downloaded the Windows Server 2003 Support Tools R2, uninstalled the old version (v5.2.3790.1800) and installed the new one (v5.2.3790.3959).

Et voila! The working test…


P:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01
      Starting test: Connectivity
         ……………………. DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes…

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.DOMAIN.COM
            Domain: DOMAIN.com


               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: DOMAIN.com
               DC01                    PASS PASS PASS PASS WARN PASS n/a

         ……………………. DOMAIN.com passed test DNS

Using AC97 audio with Windows 7

| 07/07/2009 | Tags: , , ,

Like thousands of other IT pros out there, I'm testing Windows 7 out on my laptop – since I don't want to mess around with my main PC, it's running on some older kit. The problem with that is that there aren't many Vista drivers around for the hardware – why would there be, it's not even supposed to be able to run Vista?! It does, however, run Windows 7 very admirably (just one of the many improvements).

The only problem was the sound card, the only drivers available from Dell for the onboard sound were for XP, which crash in both Vista and 7. The sound card is compatible with Intel's generic AC97, so it didn't take long to find a Vista compatible AC97 driver from RealTek which will run any AC97 hardware, regardless of the actual manufacturer.

Internet Explorer or Services.msc problems after McAfee Uninstall

| 02/07/2009 | Tags: , ,

I'm in the middle of rolling out Sophos as a replacement to the incumbent McAfee at work. One interesting thing that I found as I rolled out to some test users was that they were unable to log on to one of our internal systems using NTLM (integrated authentication). Instantly the roll out of Sophos was blamed – and I can understand why – the problem did not occur until Sophos was installed.

But the truth is that in it's dying breath McAfee had one last laugh and had un-registered jscript.dll and vbscript.dll. I can say that now because I've spent a morning with Sophos support and been on the brink of abandoning our roll-out until I looked into one of the side symptoms.

Sophos was ruled out as the cause because a) it did not effect ALL the Sophos test machines, just ones where McAfee was uninstalled b) with Sophos disabled (services and browser add on) the problem did not go away c) Uninstalling Sophos did not solve the problem. It did however, point me in the right direction – during the uninstall there was an error message, the fix for which was to re-register jscript.dll (clue #1)

When I opened Services.msc, the Extended view simply showed a blue frame – Standard view was fine. One of the fixes for this was to re-register jscript.dll and vbscript.dll (clue #2).

Clue #3 came when I googled McAfee and jscript.dll, rather than blaming it on Sophos. A myriad of pleas for help from McAfee users with stuffed browsers, update issues and the like.

The Solution 

 

  • Download and run the McAfee Consumer Product Removal tool (http://service.mcafee.com/FAQDocument.aspx?lc=2057&id=TS100507)
  • Reboot if required
  • Open a command prompt (Start > Run > "cmd")
  • Type the following commands in one at a time, hit enter and acknowledge the result
    • Regsvr32.dll jscript.dll
    • Regsvr32 vbscript.dll
  • Reboot again
On successful completion of this, you should be back up and running.
 

Now, let me take this opportunity to say that McAfee is a resource hogging, trouble making screwed up piece of software which I pray to God that I never have to support again. </rant> 

 

How to force the removal of Folder Redirection from specific user accounts

We have a folder redirection policy in place for all of our users in combination with a roaming profile policy – this policy is applied to the OU that contains our users. Unfortunately this policy was accidently linked to the root of our domain too, causing our Domain Admin users to be redirected too – something we do not want. When the mistake was discovered, the policy was unlinked, but the redirection remained (despite being set to revert when users fall out of scope). I tried re-applying the policy, modifying the out of scope policy and then moving the Domain Admin user out of scope, but it failed to remove the folder redirection.

In the end, the solution was straight forward enough:

Create a new OU (I used "Temp") and move the affected user(s) there:

image

Create and link a new Group Policy Object to the new OU. Name it something descriptive so you know what it is in future – Folder Redirection Removal.

image

Edit the group policy, drill down to User Configuration > Windows Settings > Folder Redirection and right click – properties on each folder you want to reset. Set the setting to “Basic – Redirect everyone’s folder to the same location” and set the target folder location to “Redirect to the local userprofile location”.

image

Select the settings tab and make sure the Policy Removal setting is set to “Redirect the folder back to the local userprofile location when the policy is removed.”

image

Set that for each folder you want to reset. Close the Group Policy Object Editor, and GPMC. Log onto the user's account on each computer you want to remove the redirection on – in my case, several servers. Check the location of the redirected folders to make sure it’s been removed. Once you’re sure, you can move your user back to the correct OU.

Windows update or installer fails to install with error “You do not have permission to update Windows Server 2003. Please contact your system administrator.”

I was just installing PowerShell on one of my Windows Server 2003 servers, when I encountered the error "You do not have permission to update Windows Server 2003. Please contact your system administrator." Odd, especially considering that I was installing as the Domain Administrator, and that user should have more than enough permissions. A little bit of digging led me to MSKB 888791 which shows the permissions that are required in Group Policy to install the update. Check that your applicable GPO has the following permissions for your user:

  • Back up files and directories
  • Restore files and directories
  • Manage auditing and security log
  • Take ownership of files or other objects
  • Shutdown the system
  • Debug programs

 Once I found the missing permission (in this case, an Exchange 2003 installation had removed the "Manage auditing and security log" permission) and added it back in, I ran the command "gpupdate /force", logged off and back on again on the offending server and retried the installation. The error disappears and the installation is a success!

 

Windows Vista Local Area Network Connection “Authentication Failed”

If you’re getting a error on your LAN connection it’s possible that your network connection is attempting 802.11 authentication on your wired network. Unfortunately, it seems that Vista/Server 2008 both attempt it before reverting. As far as I can see, it’s not causing any issues, other than irritating me with a “failed” and a red question mark.

VistaAuthenticationError1

Fortunately, it’s pretty easy to fix! The authentication is handled by the Wired AutoConfig service, so it’s just a case of disabling it. Navigate “Start”, then click “Run” (or just hit Win + r) and type “services.msc”. Click “OK” and the Services console will fire up.

VistaAuthenticationError2

 

Now if you scroll down to Wired Autoconfig and configure it as below (Stop the service, then select “Disabled” as the startup type).

VistaAuthenticationError3

Alternatively, you can enable 802.11 on your Windows Domain…but that’s another story!

Dell Latitude E6500 blue screen of death on XP install/downgrade/reinstall

| 07/01/2009 | Tags: , ,

I've just had a frustrating few days trying to downgrade 4 Dell Latitude E6500 laptops to XP. The problem was, whenever you booted to the XP cd you would get to the point just before you agree to the license and then hit a blue screen with a SATA error code. It seems that the bundled driver for the SATA storage controller incorrectly identifies it and causes a fatal error as it's loaded.

 The solution is fairly specific and needs to be done exactly in the order prescribed below. You will need a USB floppy drive, and a blank floppy disk.

  •  Firstly, go to Dell's support website and select the downloads for your E6500 laptop (if you enter your service tag, you might find that there are no XP downloads available -use the product select instead).
  • Download the LATEST BIOS – at the point of writing that's A11.
  • Also download the Intel Matrix Storage Manager Driver.
  • Plug in your USB floppy, insert the disk and format it. Extract the storage manager driver, and then copy the extracted files onto the floppy. Unplug the floppy
  • Now run the BIOS update, follow the on-screen instructions, let it reboot and flash your BIOS.
  • Reboot, and on the BIOS screen, hit F2 to enter into the BIOS setup.
  • Move down to System Configuration, then SATA operation. Make sure it's set to IRRT.
  • Move through the BIOS and disable Parallel, Serial, and any other devices that aren't needed. Switch the NIC to Disabled. Also go down to Miscellaneous Devices and ensure USB and the Modular bay (i.e. CD/DVD) are enabled. Disable everything else.
  • Plug in your USB floppy, and insert the floppy containing the drivers from earlier. Also put your Windows XP install CD in the CD/DVD drive. Save your BIOS changes and then reboot.
  • On the BIOS screen, hit F12 to bring up the one time boot menu. Select your CD/DVD ROM device.
  • *IMPORTANT* The blue windows installer screen will come up and you have a few seconds to hit F6 to specify that you want to use a 3rd party driver for storage.
  • Once you've hit it, wait for the next screen, which will be asking for your driver. Hit S and specify the Intel SATA driver needed. There were 4 drivers in the list for my laptops, trial and error will find the right one. It should say that Windows already has a driver for that device – do you want to use the new one? Well of course you do, the old one blue screens. Hit S to accept it and at the next screen, hit ENTER to continue.
  • After that, it's plain sailing – just don't forget to enable all of your devices once you've installed XP!!!