Archive for the ‘Uncategorized’ Category

« Older Entries

Error 0x180f0633 When Attempting to Add a Domain Controller (DC) to an Existing Domain

Tuesday, July 27th, 2010

If you get the following error when running DCPROMO.EXE please continue reading.

The operation failed because:

This Active Directory Domain Services installation requires domain configuration changes, but whether these changes have been made on the Active Directory Domain Controller [SERVER] is undetermined. The installation process has quit. Extended error Extended error: DSID – 0x180f0633 0000208D: NameErr: DSID-031001E4, problem 2001 (NO_OBJECT), data 0, best match of:

‘CN=[SERVER],CN=Servers,CN=[SITE],CN=Sites,CN=Configuration,DC=[...]‘ 32 .

“The system cannot find the file specified.”

This error can occur if you have not granted necessary permissions to read data in the directory. For more information, please see article 936241 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=88420).

Now, being as helpful as they usually are Microsoft has gone and deleted the KB article referenced in the error message. Fantastic. Beautiful, boys. But as far as I can tell this error usually occurs after a domain controller (DC) is ungracefully demoted (see: Microsoft KB216498).

The fix for me has consistently been transferring all FSMO roles to a remaining DC. Of course one would think carefully following the NTDS metadata cleanup procedure (referenced above) should have already taken care of this, but I’ve noticed this condition several times now, prompting me to wonder if the procedure should be updated to at least hint at this condition.

Keep in mind that the FSMO role transfer will likely be a forceful seizure if the downed DC was the operations master for the FSMO role causing this error. This shouldn’t be an issue for most cases, but it’s worth noting.

Posted in Uncategorized | No Comments »

Importing Time Fields into a Microsoft Access Database

Monday, June 7th, 2010

If you’re attempting to import times into a Microsoft Access database (.mdb) it’s important to realize that it will only work if the data is in 24-hour format (example: 13:52:09). Times including the “AM/PM” portion will generate type conversion errors, even though they’re a valid format…in just about any other scenario.

Thanks Microsoft… *sigh*

Tags:
Posted in Uncategorized | No Comments »

Adobe CS5 Trials Download Links

Tuesday, May 11th, 2010

Here are direct download links for the Adobe CS5 trials, all in English:

Tags: , , , , ,
Posted in Uncategorized | No Comments »

Create a shortcut to lock Windows

Monday, March 8th, 2010

This one is very simple. I wanted to duplicate the “Lock Screen” applet in Ubuntu in Windows, and thankfully it doesn’t take much.

  1. Create a new shortcut by right-clicking in the “free” space on your Desktop (or elsewhere, such as the Quick Launch folder in Windows Explorer) and select New | Shortcut.
  2. For the “Location” field enter: %windir%\system32\rundll32.exe user32.dll, LockWorkStation
  3. Hit Next and then type whatever you like for a name; “Lock” seems appropriate.

Bingo bango boom. Done. Try it out.

Tags:
Posted in Uncategorized | No Comments »

VMware Server on a Domain Controller (DC)

Tuesday, November 3rd, 2009

You may be wondering if it’s a bright idea to install VMware Server on a Windows domain controller (DC). People may have told you it isn’t a great idea…and it isn’t. But the last time I checked most small businesses don’t have a coffer full of gold lying around, so sometimes us IT folk have to compromise and work with what we’ve got–more often than not a single server (often a DC) or at most two or three (personally I never recommend a single server setup, but there are plenty of them out there).

So…given maybe one or two servers, it’s going to be difficult to get everything running smoothly without a little virtual machine (VM) magic. Sorry folks–installing just about anything other than the built-in roles on a Windows server is opening up the possibility of conflicts, so let’s minimize that probability by installing only one third-party software that’s been hammered on by millions of companies: VMware Server. I think we’ll take our chances.

So what do we need to do to make things with VMware smoother? A few things:

  • Evaluate and upgrade the hardware if necessary. Hopefully a $100 of RAM won’t be a hard sell. I wouldn’t recommend anything less than 4GB on a Windows Server 2008 box with one (1) VM, 6GB for two (2) VM’s, etc. It’s worth noting if you’re running Windows Server 2003 in the VM (or Linux) you can probably get away with halving those figures.
  • If you’re running a domain controller as a VM never pause or take a snapshot of it. Active Directory (AD) depends on servers being able to increment sequence numbers (USN’s) to keep things in sync. If the VM is reverted to an old snapshot the USN’s will get out of sync, and you’ll start noticing differences in the AD database. Needless to say that’s not good.
  • You should disable any NAT or host-only interfaces in VMware and only use bridging. Multi-homed DC’s (more than one network card) are a no-no, something that is well documented around the Net. Just make sure all the VM’s are configured accordingly. Your architecture might include host-to-guest communication over a private subnet–but I’ve found that most small business setups aren’t quite that “complicated”. VMware bridged connections use an existing network interface and don’t create new ones like the NAT and host-only options do. In a nutshell a DC will register all of its NIC’s in DNS even if you tell it not to (via TCP/IP | DNS properties page). If one of those registered NIC’s is unaccessible to the primary subnet (the one to which all the domain-joined workstations are attached) then you’ll start noticing timeouts in your DNS and AD queries. Depending on the number of registered NIC’s, DNS timeout configuration, network speed and other variables you may not notice any immediate problem, however there will most definitely be intermitent slowdowns with file sharing, login and password changes, along with various other issues specific to the environment.

In short just be careful when configuring and administering the host environment and you should have a smooth VMware/DC experience.

Tags: , , ,
Posted in Uncategorized | No Comments »

A service pack fails to apply to Microsoft SQL Server with error 0×7358, 0×80070534 or “No account mapping”

Friday, October 23rd, 2009

Assumes:

  • Microsoft SQL Server 2005
  • Microsoft Windows XP, Micrsoft Windows Server 2003

Fix:

  1. Reboot or otherwise restart the SQL Server service. A failed update will generally leave the service stopped or in an unpredictable state.
  2. In Microsoft SQL Server Management Studio (or similar) execute the following:
     
    EXEC sp_validatelogins
    GO
     
  3. This should generate a list of SIDs/accounts that are no longer present in Windows. If no accounts are listed then proceed with this procedure with caution. You might have run into another issue.
  4. Determine the current Windows group names of the SQL Server accounts (Start | Run | “lusrmgr.msc”). They will be in the form SQLServer2005*$CompName$Instance.
  5. Download/obtain PsGetSid from Sysinternals/Microsoft.
  6. Use PsGetSid to get the SID’s of these groups:
     
    psgetsid groupname
     
  7. In the Windows Registry navigate to HKLM\Software\Microsoft\Microsoft SQL Server\MSSQL.x\Setup, where “.x” is the instance of SQL Server with the issue (usually “.1″, for a single instance install).
  8. Note the data in the following values: SQLGroup, AGTGroup, FTSGroup, ASGroup. These keys map to the Windows groups like so:
      
    SQLServer2005MSSQLUser$CompName$Instance > SQLGroup
    SQLServer2005SQLAgentUser$CompName$Instance > AGTGroup
    SQLServer2005MSFTEUser$CompName$Instance > FTSGroup
    SQLServer2005???$CompName$Instance > ASGroup
  9. Replace all SID’s in the Registry that differ from the Windows groups (match up according to above table).
  10. Attempt to change the SQL Server service account through the SQL Server Configuration utility. If the change succeeds this fix most likely worked.
  11. Apply any service packs and/or updates.

Tags:
Posted in Uncategorized | No Comments »

Windows Vista / Windows 7 Activation Error 0x8007232B

Monday, October 12th, 2009

If you get this error while attempting to activate Windows…

Windows_NT_6.x_Activation_KMS_DNS_Error
…then re-enter your product key. That’s it.

You’re most likely using an enterprise copy of Windows Vista or Windows 7 (or Windows Server 2008 or R2) that’s set to activate using a KMS key, instead of a MAK key. A KMS key requires a license server on the network to activate against, which if you’re at home or in a smaller business one probably doesn’t exist. Re-entering the product key forces Windows to activate against the Microsoft server(s).

Tags: , ,
Posted in Uncategorized | No Comments »

Using a DNS alias (CNAME) to access file shares on a Windows host

Wednesday, July 29th, 2009

Most of the time it’s a good idea to assign each service its own DNS alias (CNAME) which points to the host the service is currently running on. This way if the service should need to be moved to another server, the DNS alias can simply be pointed to the new host. I might, for instance, map my clients to \\print01, even though the actual server is named zeus. Zeus might one day decide to take an extended nap and not boot, but I can easily install the printers on apollo, quickly change the DNS–and not have to change all 42 clients. Needless to say very beneficial.

Unfortunately for us Windows administrators the Server service (LanmanServer) that exposes all those wonderful file shares to the network doesn’t like DNS aliases much–by default.

Why this is–I have no idea for sure. One would guess there’s a security reason behind it, but I’d only be speculating.

Luckily there’s a documented workaround.

Simply change the following and then reboot:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters|DisableStrictNameChecking(DWORD):1

Once that change has been made you’ll be able to access those shares via the host name along with the alias now as well.

Tags: , , ,
Posted in Uncategorized | No Comments »

How to be kind to your fellow system administrators

Thursday, May 28th, 2009
  1. Document procedures that are specific to the line-of-business applications in use.
  2. Do not document (but do reference) procedures that are outlined elsewhere (MSDN, publisher’s Web site, etc.).
  3. Log out of a server when you’re not going to be using it for a while. Do not leave important configuration steps half done.
  4. Automate processes that are redundant or lengthy to perform by hand. There’s nothing better than getting Windows installed without having to answer “Typical TCP/IP settings” and without the need to install update KBabcxyz.
  5. Ask questions to clarify a particular problem/oddity. e.g. Why is there only one virtual machine running on this server?
  6. Don’t assume that something is the way it is (read: not optimal) just because whoever did it is a moron. Many times cost dictates what can be done and more importantly what can’t be done.
    Note: Sometimes you are working with morons.
  7. Make yourself available during the work day and at a reasonable level otherwise. E-mail. Cell. Text. There’s no reason why a problem at work should be held up for hours/days because you were too inconsiderate or lazy to give a 30-second answer to a non-trivial question.
  8. Recognize when delegating a task to a co-worker is better than doing it yourself. If your co-worker is more efficient, experienced or excited to do a task give it to them. You are not always God’s gift to IT.
  9. Do not rush. Do not jump to make changes. No matter how urgent something is there’s a good chance you’ll make mistakes that your co-workers (or you) might have to clean up if you did things too fast, thereby cutting into the variable you were trying to minimize in the first place: time.
  10. Learn something new anytime you can and then teach it. Don’t become the bottleneck for information in your organization. It just makes you the forever go-to guy for everything.

Tags:
Posted in Uncategorized | No Comments »

An Easy Way to Explore and Transfer Files on a Windows Mobile 5/6 Device from Ubuntu 8.10

Saturday, March 28th, 2009

Just to make something clear, this method of enabling file exploring/transfer is intended to be as simple as possible. I’m sure newer builds of OpenSync, SynCE and the various other packages would produce better results–after spending a day or more trying to get them to work. This method does not require compiling or the addition of repositories. It uses the packages that come with Ubuntu.

Our goal is to get the GNOME VFS URI “synce:///” to work. Nothing more, nothing less. Luckily for us, VFS is deprecated in Nautilus (read: it doesn’t work), so we’ll use another completely out-of-the-blue application called GPE File Manager to browse via VFS.

General notes:

  • This works with Ubuntu 8.10 (Intrepid). I have no idea whether this works in any other release.
  • Turn off the “password lock” feature in Windows Mobile; it causes problems.
  • Make sure “Enable advanced network functionality” is enabled on your Windows Mobile device (under ActiveSync settings).
  • Some of the packages listed below are probably unnecessary for browsing files. You can use them for syncing the device.
  • Don’t confuse GNOME VFS with the Kernel’s VFS. Two different beasts.
  • This post assumes you know how to install packages and run commands. No hand holding.
  • You will need to have “Universe” enabled in package sources.

Install the following packages:

  • multisync
  • multisync-tools
  • odccm
  • opensync-plugin-file
  • opensync-plugin-synce
  • synce-gnomevfs
  • synce-hal
  • synce-multisync-plugin
  • synce-sync-engine
  • synce-trayicon
  • gpe-filemanager

Run (in this order):

  • synce-sync-engine
  • synce-trayicon

Connect the Windows Mobile device to the computer. Ensure that the SynCE Tray Icon…err…icon indicates connectivity.

Open the GPE File Manager (“gpe-filemanager”) and browse to “synce:///”. You should see the files on your device.

Very nice!

Tags: , ,
Posted in Uncategorized | No Comments »

« Older Entries