Tuesday, July 31, 2012

Event ID 27 from W32time in sytem event log

In this case XP client machine was member of domain, and its system event log was filling up with warning event id 27 :

Time Provider NtpClient: The response received from domain controller dcname.domain.name is missing the signature. The response may have been tampered with and will be ignored.
The client machine was configured manually with one of the domain controllers as ntp server, and type parameter in HKLM\SYSTEM\CurentControlSet\Services\W32Time\Parameters\Type was AllSync. After changing type into NT5DS as should be ( since client machine was member of domain ) , and restarting windows time service, there was no warning event anymore in system event log. After restarting the time service there was informational event 35 that time service is synchronizing with one of the domain controllers (and it was not the one that was added manually).

Friday, July 27, 2012

Error event 12293 in application log for Security-SPP on KMS server

In my case KMS was activated on windows server 2008 R2, with dns publishing option enabled, and server started to log event 12293 in its application log:

Publishing the Key Management Service (KMS) to DNS in the 'domain.name' domain failed.
This server didn't register its SRV dns record. In same domain there was already another KMS server, and reason for this event and behavior was that this new kms server didn't have the permission to update already existing _VLMCS srv record. Resolution for this kind behavior was to add permission for _vlmcs dns record for the newly activated KMS server. There is also microsoft KB for this event http://support.microsoft.com/kb/2553863 .

Monday, July 16, 2012

Check disk running on every reboot

In my case server was running on Windows Server 2003, and on every reboot check disk was triggered. The reason for this kind of behaviour was that disk drive D: was marked as dirty, and chkdsk was never ending the tests on restart. You can check if the drive is marked as dirty using fsutil :

D:\>fsutil dirty query d:
Volume - d: is Dirty

Marking the drive as NOT dirty, can be done using chkdsk /r.

Email stuck in submission queue

In my case there were Exchange 2010 servers with mailbox, cas and hub roles installed with Forefront Protection for exchange 2010, and there was one email message that was stuck in submission queue and quarantined in forefront for exchange due to a realtime timeout error for archives. In order to remove this message from submission queue I have used remove-message cmdlet :

Get-Message -Filter {Fromaddress -eq "email address"} -Server name.of.server | Remove-Message

If you have stuck messages without sender, in a filter for fromaddress add "<>" .

How to delete all volume shadow copies ?

In my case server was running out of free space on system partition, and in order to free some space I wanted to delete volume shadow copies. Server was running on Windows Server 2003. One way to delete all volume shadow copies with confirmation is using vshadow.exe:

vshadow.exe -da
More on how to use vshadow.exe on http://msdn.microsoft.com/en-us/library/windows/desktop/bb530725(v=vs.85).aspx .