Reclaim space in XP and 2003

Delete Windows update files

Warning If you delete the folder for each update, the corresponding Windows update cannot be uninstalled. Consider the effect that this will have on the computer before you delete the Windows update files.

To delete Windows update files, follow these steps:

  1. Delete only those %Windir%/$NtUninstallKB number$ folders that were created more than a month ago as backup files for Windows updates. Do not delete those that were created within the last 30 days.
  2. To delete the download cache for Windows updates, delete all the folders in the %Windir%\SoftwareDistribution\download folder that were created more than 10 days ago.
  3. Delete the following log files in the %Windir% folder:
    • kb*.log
    • setup*.log
    • setup*.old
    • setuplog.txt
    • winnt32.log
    • set*.tmp

Delete Windows XP service pack files

Warning If you delete the backup folders for each Windows XP service pack, you will be unable to uninstall Windows XP service packs.

If you delete the folder for the installation files and the cache for the Windows XP service pack, you will be unable to restore corrupted Windows XP service pack files or to install additional Windows XP features that are not installed by default. You may want to keep a copy of these files in another location. For more information about how to keep a copy of these files, click the following article number to view the article in the Microsoft Knowledge Base:

271484 (http://support.microsoft.com/kb/271484/ ) Files and folders are added to your system after service pack is installed
Consider the effect that this will have on your computer before you delete these files.

To delete Windows XP service pack files, follow these steps:

  1. Delete the %Windir%\$NtServicePackUninstall$ folder to delete the backup folders for the Windows XP service packs.
  2. Delete the %Windir%\ServicePackFiles folder to delete installation files and cache folders for the Windows XP service packs.

For full article see : http://support.microsoft.com/kb/956324

Posted in General PC | Leave a comment

Wake On LAN Requirements

PCI 2.2 with PCI2.2 compliant NIC doesn’t require cable connected to NIC
Power states – S0=fully on, S5=powered down but plugged in
Machine BIOS must enable Wake-on-LAN
Machine BIOS must Wake-on-PME to allow power up from Shutdown state (S5)
Wake-on-LAN with Magic Packet/PME is required to power on system from shutdown state (set on network adapter)

Update NIC driver – Yes! Had to update to latest Marvell Yukon Driver which allows Wake from Shutdown (and turn it on)

Posted in General PC | Leave a comment

Create DB for ASP.NET Roles and Membership

To create the database required for ASP.NET roles and membership run the following:-
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
Posted in Programming | Leave a comment

ASP.NET Web Administration Pages

When you connect to a web site using FTP in Visual Studio 2008, you are not able to run the ASP.NET Web Administration tool directly from that application.
I installed this on the production server by doing the following:-
1. Configured a new virtual directory under the default web site called ASP.NETWebAdminFiles which points to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles.
2. Made this virtual directory an application in IIS Manager and allowed Scripts Only execute permissions. I also disabled anonymous access to the site and checked Integrated Windows Authentication.
Posted in Microsoft Server, Programming | Leave a comment

Colocation and TapeWritePeriodRatio in DPM

Commands to look at the existing values and set them are:-
get-dpmglobalproperty -dpmserver <servername> -propertyname OptimizeTapeUsage
get-dpmglobalproperty -dpmserver <servername> -propertyname TapeWritePeriodRatio
set-dpmglobalproperty -dpmserver <servername> -OptimizeTapeUsage 1 (1-True,0-False)
set-dpmglobalproperty -dpmserver <servername> -TapeWritePeriodRatio 0.9 (0 to 1)
Defaults are False and 0.15
Posted in Microsoft Server | Leave a comment

Enabling FTP on Win 2008 Firewall for IIS7

Windows Firewall and non-secure FTP traffic

Windows firewall can be configured from command line using netsh command. 2 simple steps are required to setup Windows Firewall to allow non-secure FTP traffic

1) Open port 21 on the firewall

netsh advfirewall firewall add rule name=”FTP (no SSL)” action=allow protocol=TCP dir=in localport=21

2) Activate firewall application filter for FTP (aka Stateful FTP) that will dynamically open ports for data connections

netsh advfirewall set global StatefulFtp enable

Warning: Active FTP connections are not necessarily covered by these rules. Outbound connection from port 20 would need to be enabled on server and client machine will have to have exceptions setup for inbound traffic.

Warning: FTPS (FTP over SSL) will not be covered by these rules. SSL negotiation will (most likely) get stuck because firewall filter for FTP will not be able to parse encrypted data. Some firewall filters recognize the beginning of SSL negotiation (AUTH SSL or AUTH TLS commands) and return error to prevent SSL negotiation from starting.

The entire article can be found here : http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx

Posted in Microsoft Server | Leave a comment

Using VMBK to backup VMs

To get vmbk running I had to do the following:
1. Install vmbk 3.0 r11 by running ./install.sh from source directory.
2. Enable smbclient on esx firewall
3. Execute mkdir export from the root directory
4. Run one of the following commands depending on needs:
vmbk.pl -d /export/ -s smb=//<servername>/<sharename>,user=<domainname>\\<username>,password=<password> -i -1 -4 -q
vmbk.pl -d /export/ -s smb=//<servername>/<sharename>,user=<domainname>\\<username>,password=<password> -i -1 -4 -q -F
vmbk.pl -d /export/ -i (To list VM numbers)
vmbk.pl -d /export/ -s smb=//<servername>/<sharename>,user=<domainname>\\<username>,password=<password> -v # # # # -1 -4 -F
vmbk.pl -d /export/ -s smb=//<servername>/<sharename>,user=<domainname>\\<username>,password=<password> -a -1 -4 -F
NOTE: Samba 2GB limitation with -q option. If tar is over 2GB process fails.
Switches are as follows:-
-d backup destination directory
-s smb mount
-i interactive mode
-a backup all VM also guest with backup=”manual”
-1 use always vmdk extension (for export)
-4 backup configuration file and CMOS
-v set guest to backup using “vm number order”
-F backup host configuration
-q create a tar.gz one for each vm guest with inside all owned file
Posted in VMware | Leave a comment

Configuring Jumbo Frames in ESX

To configure Jumbo Frames in ESX to use iSCSI I had to do the following:-
1. Enable Jumbo Frames on Linksys Switch (This does NOT affect existing 1500 mtu clients).
2. Enable Jumbo frames on Storage Server’s NIC (9000)
3. From ESX run the following commands (some are informational only):
esxcfg-vswitch -l
esxcfg-vswitch -m 9000 vSwitch3
esxcfg-vswitch -l
esxcfg-vmknic -l
esxcfg-vswitch -A iSCSI-Jumbo vSwitch3 (to create empty port group for iSCSI use – preexisting must be deleted)
esxcfg-vmknic -a -i <ipaddressofesxiscsi> -n 255.255.255.0 -m 9000 iSCSI-Jumbo
esxcfg-vmknic -l
vmkping <ipaddressofiscsitarget> -s 9000
That’s it!
Posted in VMware | Leave a comment

DPM Recovery Points

Recovery Points in DPM are generated as follows:-
System State
Recovery Points created for each Express Full Backup under Application Recovery Points schedule.
Exchange
Recovery Points available for each synchronisation.
SQL
  • If SQL Recovery Model = FULL then All sync times are available as recovery points
  • If SQL Recovery model = SIMPLE then Only express full backup times are available as recovery points
Files
Only the latest synchronisation before each recovery point is available in DPM.
e.g.
Sync every 4 hrs (00:00, 04:00, 08:00, 12:00, 16:00, 20:00)
File recovery points = 07:30, 18:00
Available recovery points are :
Last sync before 7.30AM = 4.00AM
Last sync before 6.00PM = 4.00PM
DPM Concepts
Replica Volume – Holds near current copy of data (last synchronised)
Recovery Point Volume – Holds changes that have occurred on the replica
Posted in Microsoft Server | Leave a comment

Aligning Disk Partitions in Windows

To create a new aligned partition follow these steps:-
  1. Run diskpart at a command prompt
  2. list disk
  3. select disk x (where x is the disk that you want to align)
  4. create partition primary align=64 (NOTE: all data will be lost on this drive)
  5. assign letter=x (x is drive letter you want assigned to the partition)
  6. Format the partition through the GUI.
Posted in Microsoft Server | Leave a comment

DPM backups of Windows 2008 System State

To backup Windows Server 2008 System State you have to have Windows Server
Backup installed locally on the server being backed up. You can install it
via this command line:
servermanagercmd -install backup -allsubfeatures
Also, system state is enormous in Windows Server 2008 so you will need
7-15GB of space depending upon what roles and features are installed (some of
our utility servers are 7GB, most of our web servers are around 12GB for
system state alone). By default, WSB (Windows Server Backup) will use system
drive and place the backup into the WindowsImageBackup folder. You can move
this to another partition by modifying the following file:
C:\Program Files\Microsoft Data Protection
Manager\DPM\Datasources\PSDataSourceConfig.xml
Change “<FilesToProtect>” to a local drive with enough free space to backup
the system state for 2008. This must be a local drive; UNC paths will not
work. Also, DPM seems to force this to the WindowsImageBackup folder on the
root of the drive, as I was unable to put it into a sub-folder.
Lastly, note that if you are also protecting the volume that you are using
to temporarily store the system state, DPM will attempt to back it up twice
(once from the System State workload, and once from the volume workload). To
prevent this, exclude the WindowsImageBackup sub-folder from the protection
group. Doing so will require that you perform a consistency check on the
volume.
Posted in Microsoft Server | Leave a comment

DPM firewall requirements

If you enable Windows Firewall on the DPM server before you install DPM, DPM Setup will properly configure the firewall for DPM. If you enable Windows Firewall on the DPM server after you install DPM, you must configure the firewall manually to permit communication between the DPM server and protected computers. Configure Windows Firewall on a DPM server by opening port 135 to TCP traffic and specifying the DPM service (Microsoft DPM/bin/MsDPM.exe) and the protection agent (Microsoft DPM/bin/Dpmra.exe) as exceptions to the Windows Firewall policy.
In order to install the agent on firewall protected computers, you must disable the firewall prior to installing the agent. After the installation, enable an exception for DPMRA in the Windows Firewall to allow backups to work.
When I added the iSCSI network to the DPM server, communication between the dpm server and agents stopped unless I disabled the firewall. This was because the iSCSI network was configured as a public network instead of a private network, which puts the overall firewall in a more restrictive mode with a different ruleset. Once I changed the network type to private for the iSCSI network, all of the DPM firewall rules came back again and this worked once again.
To get the DPM agent installed on the ISA server I had to install the agent manually as per http://technet.microsoft.com/en-us/library/bb870935.aspx, and create rules on the ISA server as per http://support.microsoft.com/kb/929102/en-us.
Posted in Microsoft Server | Leave a comment

Configure iSCSI for ESX on Windows Server using Starwind

There were a few obsticles I had to overcome to get this working:
1. Had to disable Windows Firewall on iSCSI NIC on windows server to allow the iSCSI traffic to pass.
2. Had to ensure there was an outgoing iSCSI rule on the ESX firewall allowing the ESX host to connect to the iSCSI target (windows server).
3. Had to add a 2nd Service Console on the vSwitch used for iSCSI so the service console could communicate on the iSCSI network.
Posted in Microsoft Server, VMware | Leave a comment

DPM and SQL 2005 Reporting Services Issues

Had two issues:-
1. After applying SQL 2005 post SP2 security update (KB948109) the SQL 2005 Reporting Services would fail to start.
2. After starting the SQL 2005 Reporting Services service and clicking on the Reporting tab in DPM would report and error with IIS (code 3013). This was on Win 2008 Standard x64 – IIS 7.0.
Resolutions were as follows:-
1. Added the ServicesPipeTimeout setting to the registry to increase the timeout to 60 seconds. See previous blog post for info on how to do this.
2. Problem and resolution below:
How to fix— Data Protection Manager error 3013 SQL reporting services
This error led me to a KB article from Microsoft KB938245 which explains the
error.
At the bottom of the article you’ll find this text:
Problem
When you run a script to configure the virtual directory for the report
server, you receive the following error message:
HTTP Error 403.1 Forbidden
You have attempted to run a CGI, ISAPI, or other executable program from a
directory that does not allow executables to run.
Cause of Problem
This problem occurs because of a new permission requirement in IIS 7.0. This
permission requirement is for ISAPI extensions that use a wildcard (*) script
mapping.
Workaround for Problem
To work around this problem, follow these steps:
1. Click Start, click Run, type inetmgr, and then click OK.
2. In Internet Information Services (IIS) Manager, expand Web Sites, expand
Default Web Site, and then click the virtual directory for the report server.
3. Under Features View, double-click Handler Mappings.
4. Under Actions, click Edit Feature Permissions.
5. Click to select the Scripts check box, and then click OK.
Posted in Microsoft Server | Leave a comment

Change the Windows Time service configuration on the previous PDC emulator

Use the following procedure to change the Windows Time service configuration on the previous PDC emulator after you transfer the role to a new domain controller. The previous PDC emulator will now automatically synchronize time with the domain hierarchy, getting it’s time from the new reliable time source.

Administrative Credentials

To perform this procedure locally on the PDC emulator, you must be a member of the Administrators group. To perform this procedure from a remote computer, you must be a member of the Domain Admins group.

To change the Windows Time service configuration on the previous PDC emulator
  1. Open a Command Prompt.
  2. Type the following command and then press ENTER:

    w32tm /config /syncfromflags:domhier /reliable:no /update

  3. Type the following command and then press ENTER:

    net stop w32time

  4. Type the following command and then press ENTER:

    net start w32time

Posted in Microsoft Server | Leave a comment

Configure an external time source on PDC Emulator

This computer is configured to hold the primary domain controller (PDC) emulator operations master role (also known as flexible single master operations or FSMO) in the forest root domain. This computer should not use itself as a time source. Configure an external time source as the authoritative time source for the forest, or configure a member domain controller as the time source peer. The configuration must be done manually. Perform the following procedure on the computer that is logging the event to be resolved.

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To configure a manual time source peer:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type w32tm /config /manualpeerlist:server,0x8, /syncfromflags:manual /update, where server is the name of the time source that you want to configure, and then press ENTER.
  3. Restart the Windows Time service. At the command prompt, type net stop w32time & net start w32time, and then press ENTER.
  4. Resynchronize the Windows Time service client with the time source peer. At the command prompt, type w32tm /resync, and then press ENTER.

To learn more about the Windows Time service and related tools, see Windows Time Service Tools and Settings (http://go.microsoft.com/fwlink/?LinkID=42984).

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that the Windows Time service is synchronizing correctly:

  1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  2. At the command prompt, type W32TM /resync, and then press ENTER.
  3. At the command prompt, type W32TM /query /status, and then press ENTER.This command displays the status of the Windows Time service synchronization. The Last Successful Sync Time line of the output displays the date and time that you ran the W32TM /resync command in the previous step. Also, check the computer name that is shown as the Source. This should be the name of a domain controller (or an administrator-configured time server) in the same Active Directory domain as the local computer.

To verify that the Windows Time service synchronized successfully with its time source, confirm that Event IDs 35 and 37 appear in Event Viewer. If there was a recovery from a previous failure to synchronize with the time source, you also see Event ID 138, which indicates that the Windows Time service is synchronized correctly.

Posted in Microsoft Server | Leave a comment

FTP Job and CRONTAB in ESX

I have setup an FTP job to copy the vmksummary.html file to my webserver so it can be served from the web. To set this up I had to:-
  • Enable ftpClient on ESX firewall
  • Enable Passive Port range in IIS and on ESX firewall (See other Blog post)
  • Create a FTP script in /vmimages on ESX server
  • Run chmod a+x ftpscript.sh
  • Run crontab -e
  • Enter 0 5 * * * /vmimages/ftpscript.sh line to execute script at 5am every day. More detail can be found at http://www.adminschoice.com/docs/crontab.htm.
FTP script contains:-
#!/bin/sh
ftp -p -n <webserveripaddress> <<END_SCRIPT
quote USER <username>
quote PASS <password>
lcd /var/log
cd esx
put vmksummary.html
quit
END_SCRIPT
exit 0
Posted in VMware | Leave a comment

Usage Analysis not displaying results in SharePoint v3

The WSS_WPG group on the server contains the nt authority\network service account which needs Modify permissions to the C:\WINDOWS\system32\logfiles\STS directory to be able to write log files. Read and Execute on the C:\WINDOWS\system32\logfiles\W3SVCxxxxxxxx directory (applicable to the SharePoint site) is also required so that SharePoint can read the web server log files in order to generate it’s own for the Site Usage reports.
Also ensure the Windows SharePoint Services Timer Service is running the Usage Analysis jobs successfully.
Posted in Microsoft Server | Leave a comment

Delaying start of Exchange System attendant service

To resolve this problem you can delay the start of the Microsoft Exchange System Attendant, by adding the BootPause registry key:
HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/MSExchangeSA/Parameters
Add a DWORD_value BootPause, and set its value (decimal) to the number of seconds you want the Microsoft Exchange System Attendant to wait before starting after the system has  booted, set the value to 120 or less.
Posted in Microsoft Server | Leave a comment

Setting Service Dependancies

To set a service dependancy, navigate to the service you want to delay under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\, click Edit, and then click Add Value. Create a new value name “DependOnService” (without the quotation marks) with a data type of REG_MULTI_SZ, and then click OK. When the Data dialog box appears, type the name or names of the services that you prefer to start before this service with one entry for each line, and then click OK.
I have used this to delay netlogon until DNS has started, and also exchange until netlogon has started.
For details please refer to Microsoft KB : 193888
Posted in Microsoft Server | Leave a comment