Error events in system event log after P2V conversion

In this case I was converting (P2V) HP ProLiant DL 360 G4 server with Windows Server 2003 operating system installed. The conversion has completed successfully, and the VM was running as should, but the following error events were logged in system event log on every reboot:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Description:
The cpqasm2 service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Description:
The HP ProLiant System Management Interface Driver service depends on the cpqasm2 service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7001
Description:
The HP ProLiant System Shutdown Service service depends on the HP ProLiant System Management Interface Driver service which failed to start because of the following error:
The dependency service or group failed to start.

All HP Software related to the old hardware was successfully uninstalled, but these three services were still trying to start. Here is the output of sc (service control) query for those services:

 



In order to prevent these services from starting in VM, I have deleted those services using sc delete, since they were absolutely not needed by the operating system, because the system now was running as virtual machine. Here is the screenshot of the output of sc command:

 

Happy P2V conversion ! :)

 

The event log is corrupt

In my case I was unable to see events in Application event log on Windows Server 2003. The following error message was popping out :

Simple resolution for this error is to clear affected event log, and new events will start to log in.
 

How to request SAN web server certificate from windows server 2003 CA ?

By default, Windows Server 2003 CA does not issue certificates with SAN extension. To enable CA to accept certificate requests with SAN attribute, type in the following command:

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

and restart the certificate services service.

Use the following procedure for submitting certificate request for web server certificate, using web enrollment page http://CAservername/certsrv . After filling up the identifying information, in attribute box, type the needed SAN attributes in following form :

san:dns=dns.name&dns=dns.name2&dns=dnn.name3&dns=....

For example: if web server is responding on its name (https://server.name) and alias name (https://aliasserver.name), resulting attribute string looks like:

san:dns=server.name&dns=aliasserver.name.

Quickly archive log files on daily basis

In this case server was creating log files few in a second and by the end of the day there were tons of logs in the folder, and manipulations with those files was painful. So, I decided to make a scheduled task which will archive log files older then one day, and delete them after they were added to the archive. I was using rar as archiving solution, and here is the command for the task:

"C:\Program Files\winrar\rar.exe" a -ag -df -to1d -x*.rar  destinationfolder\archivename- sourcefolder\*.*

• a will add files to archive
• -ag will stamp archive name with current date
• -df will delete files after archiving
• -to1d will process files older than 1 day
• -x*.rar will exclude rar files in archive if any

Archive name will look like: archivename-YYYYMMddhhmmss.rar .

How to find disabled user accounts in AD with attributes for proxy address, phones or sip set

Here are simple ldap queries for finding user accounts using active directory user and computers, which are disabled and have following attributes set:

• Proxy address

(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(proxyAddresses=*)))

• SIP

(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(msRTCSIP-PrimaryUserAddress=*)))

• Phone numbers

(&(&(objectCategory=person)(objectClass=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2)(|(mobile=*)(telephoneNumber=*))))

Event ID 27 from W32time in sytem event log

In this case XP client machine was member of domain, and its system event log was filling up with warning event id 27 :

Time Provider NtpClient: The response received from domain controller dcname.domain.name is missing the signature. The response may have been tampered with and will be ignored.

The client machine was configured manually with one of the domain controllers as ntp server, and type parameter in HKLM\SYSTEM\CurentControlSet\Services\W32Time\Parameters\Type was AllSync. After changing type into NT5DS as should be ( since client machine was member of domain ) , and restarting windows time service, there was no warning event anymore in system event log. After restarting the time service there was informational event 35 that time service is synchronizing with one of the domain controllers (and it was not the one that was added manually).

Check disk running on every reboot

In my case server was running on Windows Server 2003, and on every reboot check disk was triggered. The reason for this kind of behaviour was that disk drive D: was marked as dirty, and chkdsk was never ending the tests on restart. You can check if the drive is marked as dirty using fsutil :

D:\>fsutil dirty query d:
Volume - d: is Dirty

Marking the drive as NOT dirty, can be done using chkdsk /r.

How to delete all volume shadow copies ?

In my case server was running out of free space on system partition, and in order to free some space I wanted to delete volume shadow copies. Server was running on Windows Server 2003. One way to delete all volume shadow copies with confirmation is using vshadow.exe:

vshadow.exe -da

More on how to use vshadow.exe on http://msdn.microsoft.com/en-us/library/windows/desktop/bb530725(v=vs.85).aspx . 

Enabling ipv6 on Windows Server 2003 DNS

IPv6 is not by default enabled on Windows Server 2003, installing ipv6 can be done from control panel (Network Connections -> Properties -> Install -> Protocol -> Add -> Microsoft TCP/IP version 6) . Assigning manual IPv6 address is not possible via GUI, so we'll use netsh :

netsh interface ipv6 add address [interface=]string [address=]ipv6address

for example: netsh interface ipv6 add address interface="Local Area Connection" address=2001:520:432:cafe::543

You can view ipv6 routing table using :

netsh interface ipv6 show routes

Adding gateway for this network interface can be done also with netsh, for example:

netsh interface ipv6 add route ::/0 "Local Area Connection" 2001:520:432:cafe::1

To configure DNS to listen over IPv6, install Windows Support Tools from installation cd rom from \Support\Tools\suptools.msi. Execute:

dnscmd /config /EnableIPv6 1

and restart the DNS service.

Using nslookup you can test the functionality of the DNS

Unable to reboot remote system

In my case remote workstation was XP and a user was unable to connect using remote desktop client, after disconnecting from the same computer couple of minutes ago. I have decided to initiate reboot of the client workstation using:

shutdown /f /r /m \\computername,

but the machine was hung up, and I tried to initiate same command again but the response was :

A system shutdown is in progress.(1115)

 

After waiting few more minutes the client workstation was not rebooted.

Because there was no one around the client machine to see what's happening on the monitor, and the user desperately needed to establish remote connection to the client workstation I have decided to kill the winlogon process. Using PSKill from PSTools suite I have executed:

pskill -t \\computername winlogon

and the remote workstation was rebooted. Note that killing winlogon process is nearly the same as pulling the plug on the machine.

Tcpsvcs.exe process memory usage continuously growing

In my case Wndows Server 2003 DC with dhcp server and DNS dynamic update enabled, tcpsvcs.exe process memory usage was continuously growing. Here are the counters for handle count and private bytes for tcpsvsc.exe, after reboot of the server:

After 30+ days, tcpsvcs.exe has occupied around 500MB:

After applying microsoft hotfix for this issue kb 939928 http://support.microsoft.com/kb/939928/en-us , tcpsvcs.exe memory leak was fixed. After 30+ days, tcpsvcs.exe process has occupied only ~ 13MB :

Userenv Event ID 1053 "Windows cannot determine the user or computer name"

In my case system was running on Windows Server 2003 R2 with latest patches installed. Network interfaces ware teamed with default settings using hp network utility. The machine was member of domain and following event was logged in application event log :

Event Type: Error

Event Source: Userenv

Event Category: None

Event ID: 1053

Date:  3/5/2012

Time:  5:20:09 PM

User:  NT AUTHORITY\SYSTEM

Description:

Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Network interface settings for DNS were correct and servers reachable. Server was connected on two manageable cisco switches. After enabling portfast on both interfaces, problem was resolved and error event disappeared.