Source: http://techreport.com/forums/viewtopic.php?f=6&t=83272
What is the longest time you've ever had to wait for Server 2008 or 2008
R2 to finish "Preparing to configure Windows. . . "? At this point it
got stuck for well over and hour and a 1/2 so I had to force shut it
down. Boot into safe mode which apparently did something enough to make
it boot up into Safe Mode (With and Without Networking). But whenever I
try to tell it to boot normally, I get that forever drawn out
"Preparing to configure Windows. . . " BS screen. I've attempted to
remove the Update Cache folder as I've read in multiple posts, but that
did nothing.
I'm at a point where I can either wait and hope that
this message isn't BSing me, or I can take a more proactive approach.
Anyone here have a solution to getting 2008 R2 to revert really quick
back to before the updates attempted to install, or has waiting a long
time paid off?
I've also seen notes regarding "Pending.xml"
Opening this file showed at the top that it had "Revert" = Yes, but I've
yet to see any progress on start up, thanks to Microsofts lack of
informational "progress bars", which don't even exist anymore. I've
read some places stating to delete it... others saying it would be a
huge mistake to do that since your system wouldn't be able to revert
changes on half installed updates. My "Pending.xml" is at 14-15MB,
which seems quite big for a file of that type /shrug.
/Sigh, why can't Microsoft just get their damn updates in orders
Source: http://techreport.com/forums/viewtopic.php?f=6&t=83272
Answer
Source: http://techreport.com/forums/viewtopic.php?f=6&t=83272
OK... Very presumptuous of you to post this not knowing the situation
fully. How about the customer didn't want to spend the cash to purchase
updated backup software, or even want me to come in to do anything as
of the last 6 months to save money? Yet I've managed on my own time to
make manual Acronis backups once a week. Its not my first option to try
restoring an image to a system, as that has nasty side effects
sometimes too, its a last resort. Hmmm, funny because all customers
want a full time tech, but they don't want to pay for one.
Anyhow,
I fixed the issue. Was able to get it to boot into Safe Mode. Removed
the SoftwareDistribution folder under C:/Windows (it rebuilds itself on
the next update process). I read enough to know DO NOT
remove or rename the "Pending.xml" file. Although this might get you
back into loading into windows, apparently it leaves your entire server
install dead in the water for all future updates, no way to patch it and
you have to backup/rebuild from scratch.
After removing the
"SoftwareDistribution" folder, I was able to disable Avast from the
services, which allowed windows to boot normally to the point where it
could revert the broken updates.
You know it really bothers the
heck out of me for you to jump the gun Ryu. Since when has the first
reaction of ANYONE on TR been to berate a member asking for assistance,
regardless of their situation. You should be ashamed to be a
moderator/admin and talking down to a member who simply asked for help
by the one group they trust for some help
Source: http://techreport.com/forums/viewtopic.php?f=6&t=83272
Sunday, April 21, 2013
Friday, April 19, 2013
Terminal Server slow when printing documents - bloated print spooler registry hive
source: http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/42f8e930-c50b-4166-88f4-4832ea9e2f13/
source: http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/42f8e930-c50b-4166-88f4-4832ea9e2f13/
- Alan/Patrick,
Hi, sorry, went away on leave for a while so didn’t respond.Alan – our case was REG:112081612189183.For someone who has been dealing with MS support for about 20 years, this was the most disappointing of any support call I’ve ever had raised – to have the call shut down, without a perfmon trace, process explorer analysis, or hang dump analysis (of spooler) – and simply blame “3<sup>rd</sup> party drivers” without any proof – is utterly deplorable.Anyway, for anyone’s benefit who has similar problems – trying to do direct printing from RDS – I’ve managed to get a solution working.Here are the details;- A nightly print spooler clean-up script that;
- Stops the spooler
- Deletes the entire key under “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider”
- Re-creates the key (empty) and sets the value "RemovePrintersAtLogoff"=dword:00000000
- Note, this was vital. MS support had recommended we set this to 1, along with some other keys (InactiveGuidPrinterAge, InactiveGuidPrinterTrim) with specific values. If we used these MS support recommended values, our RDS serer would not enumerate printers for more than 3-4 hours before requiring a restart of the spooler.
- Restart the spooler
- Map a printer (just to make sure it works)
- Clean up the USERS\.DEFAULT\Printers key on all existing servers
- There was heaps of crap here, the default user NTUSER.DAT was over 800MB in size
- Modify the security on the registry, using GPO to deny SYSTEM write access as below, to stop the crap writing here again;
- USERS\.DEFAULT\Printers
- Deny Set value
- Deny Create Subkey
- USERS\.DEFAULT\Printers
- Run NGREGOPT on all servers to compress the DEFAULT and SOFTWARE hives back down.
- Even though we had deleted the crap from “Client Side Rendering Print Provider” and the DEFAULT user hive, the registry files were still large of course, and needed to be compressed to reduce paged pool usage.
- Note, make sure no users are on the server when this is run !
With the nightly spooler ‘refresh’ and the registry security changes, we are no longer seeing any problems. In addition the paged pool has gone down from 5GB to 1GB – which I believe was related to the registry bloat that had occurred previously. Cleaning up the keys and using NGREGOPT has fixed this.In addition, I am running a spooler check script every 30 minutes on each of the 13 servers. This script checks how long it takes to enumerate the printers for the specific test user. If it takes more than 20 seconds, we get an alert.Since I have made the changes above, we no longer have any printing problems… touch wood.. even using HPD 5.4 for most printers, and other (RICHO) 3<sup>rd</sup> party drivers.If anyone wants the scripts (the spooler refresh or the check script) let me know on david.frith<at>glfconsulting.com.auta - A nightly print spooler clean-up script that;
-
Has anyone tried this hotfix?
http://support.microsoft.com/kb/2778831 -
Dale - wow, that sounds like the hotfix we are after
about time Microsoft !
Gee, makes me even more angry that our support call was closed on us by Microsoft blaming 3rd party drivers ...
It will be on our farm within 2 weeks, and I'll try removing the nightly registry clean up - but looking at the article, it sounds 99% sure to solve the problem
source: http://social.technet.microsoft.com/Forums/en-US/winserverprint/thread/42f8e930-c50b-4166-88f4-4832ea9e2f13/
Check the size of the Registry ad hives
source: http://superuser.com/questions/374270/determine-size-of-registry %windir%\System32\config and %USERPROFILE%\NTUSER.DAT.
The config folder will be hidden, but contains all the registry hives,
EXCEPT for the HKEY_CURRENT_USER, which is the NTUSER.DAT filesource: http://superuser.com/questions/374270/determine-size-of-registry
Thursday, February 21, 2013
Diagnosing Application slow down loading issues on Server 2008 / SBS
source: http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/84a04045-9194-4ab8-8206-d3a4f1ac810f/
Based on your description, this application slow issue has the following possible causes:
-Network issue
-Machine performance issue
-Third party application problems
First, we can collect a netmon trace log from server and client to check if there is any network issue.
Then, if network is working well, we can collect a perfmon to check if there is performance related problems.
At last, if the machine performance is OK, we need involve vendor to check the third party application problems.
Here I would like to list the two tools I mentioned for your reference:
Network trace log
============
Please collect network trace log on both the affected client and the server while reproducing the problem. To do this,
a. Download Microsoft Network Monitor Tool from the following link and install it on the two servers.
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f
b. Start Network Monitor at "Start" ->"Program"-> "Microsoft Network Monitor 3.4" -> "Microsoft Network Monitor 3.4" on the two machines.
c. On the left-panel, select LAN connection on the machine and select corresponding connection on the client.
d. Click "Tools", click "Options", switch to the "Capture" tap, and set the "Temporary capture file size (MB)" to 200 on the two machines.
e. Click "New Capture", click "Start" on the Capture menu in the two Network Monitor windows.
f. Now from the affected Windows 7 client, copy a 16KB txt file to reproduce the issue.
g. Once the problem occurs, click "Stop" on the Capture menu on the two machines, and click "File"->"Save as" to save the captured files.
Performance Monitor log
====================
a. Click Start and choose Run, and input "perfmon" (without quotation mark).
b. On the left pane, unfold the "Monitor Tools" item, right click "Performance Monitor" and choose New -> Data Collector Set.
c. Specify a name and a path for the log file and click Next to finish the setting.
d. Under "Data Collector Sets" -> "User Defined", click the set you just created, right click the System Monitor Log in the right pane, and click Properties.
e. In the Performance Counters section, please add the following items one by one:
- Memory (All counters)
- Network Interface (All counters, and All instances)
- Physical Disk (All counters and All instances)
- Process (All counters, and All instances)
- Processor (All counters, and All instances)
f. Set Sample interval according to the following chart for appropriate setting of time interval:
If the issue occurs... Set Update Interval to...
========== =========================
Monthly 2 hours (7200 seconds)
Weekly 30 minutes (1800 seconds)
Daily 5 minutes (300 seconds)
Every 4 hours 5 seconds
More frequently 1 second
g. Click OK to save and close the dialog box.
h. In the let pane, right click the set you just created, and start the logging.
i. Wait for the issue reoccurs. After the hang issue reoccurs, stop logging.
Hope it helps!
Best Regards,
Ruby Cheng
source: http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/84a04045-9194-4ab8-8206-d3a4f1ac810f/
Based on your description, this application slow issue has the following possible causes:
-Network issue
-Machine performance issue
-Third party application problems
First, we can collect a netmon trace log from server and client to check if there is any network issue.
Then, if network is working well, we can collect a perfmon to check if there is performance related problems.
At last, if the machine performance is OK, we need involve vendor to check the third party application problems.
Here I would like to list the two tools I mentioned for your reference:
Network trace log
============
Please collect network trace log on both the affected client and the server while reproducing the problem. To do this,
a. Download Microsoft Network Monitor Tool from the following link and install it on the two servers.
http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f
b. Start Network Monitor at "Start" ->"Program"-> "Microsoft Network Monitor 3.4" -> "Microsoft Network Monitor 3.4" on the two machines.
c. On the left-panel, select LAN connection on the machine and select corresponding connection on the client.
d. Click "Tools", click "Options", switch to the "Capture" tap, and set the "Temporary capture file size (MB)" to 200 on the two machines.
e. Click "New Capture", click "Start" on the Capture menu in the two Network Monitor windows.
f. Now from the affected Windows 7 client, copy a 16KB txt file to reproduce the issue.
g. Once the problem occurs, click "Stop" on the Capture menu on the two machines, and click "File"->"Save as" to save the captured files.
Performance Monitor log
====================
a. Click Start and choose Run, and input "perfmon" (without quotation mark).
b. On the left pane, unfold the "Monitor Tools" item, right click "Performance Monitor" and choose New -> Data Collector Set.
c. Specify a name and a path for the log file and click Next to finish the setting.
d. Under "Data Collector Sets" -> "User Defined", click the set you just created, right click the System Monitor Log in the right pane, and click Properties.
e. In the Performance Counters section, please add the following items one by one:
- Memory (All counters)
- Network Interface (All counters, and All instances)
- Physical Disk (All counters and All instances)
- Process (All counters, and All instances)
- Processor (All counters, and All instances)
f. Set Sample interval according to the following chart for appropriate setting of time interval:
If the issue occurs... Set Update Interval to...
========== =========================
Monthly 2 hours (7200 seconds)
Weekly 30 minutes (1800 seconds)
Daily 5 minutes (300 seconds)
Every 4 hours 5 seconds
More frequently 1 second
g. Click OK to save and close the dialog box.
h. In the let pane, right click the set you just created, and start the logging.
i. Wait for the issue reoccurs. After the hang issue reoccurs, stop logging.
Hope it helps!
Best Regards,
Ruby Cheng
source: http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/84a04045-9194-4ab8-8206-d3a4f1ac810f/
Tuesday, January 8, 2013
Saving and configuring Folder securit audit logs
source: http://www.petri.co.il/forums/showthread.php?t=52923
Hi
I'd like to ask for some help and discussion about forum member's experiences and approaches to Windows file auditing. My network is a Windows 2008 Domain. There are 35 machines in the domain.
I was playing around with this yesterday and enabled auditing on our Windows 2008 Storage Server. I did this via the local security policy: Security Settings>Local Policies>Audit Policies>Audit object access and checked both success and failure. I had also set this via the default domain policy.
Next, I turned on auditing for Authenticated Users for one folder and all its subfolders. There were about 15 - 20 people accessing data from this folder. I turned on the following Success Audit settings for the folder: Traverse folder/execute file, List folder/read data, Create files/write data, Create folders/append data, Delete subfolders and files and Delete.
Just before I did this I saved and cleared the Security log and configured it to archive events when the log exceeded 20MB.
Everything worked as it should - I could see security events being logged that showed Event ID's 5140 Share accessed, 4656 handle requested, 4658 handle closed, 4663 attempt to access object, and 4660 object deleted.
What I was not was not expecting was that the security log would log so many events. In one hour 380MB of logs had been archived. One of the archived logs (remember they are 20MB each), was created and archived in just 20 seconds, but on average it took about 10mins for the 20MB limit to be reached.
So, after an hour's worth of logging I turned auditing off at both the local and GPO level, and removed auditing from the folder.
Today, I enabled auditing via the local security policy only, leaving the GPO auditing settings alone (Audit object access = Not defined), and set up auditing for the same folder exactly as it was configured yesterday. The logging is far less intense than it was yesterday. In nearly three hours the log is just over 3MB in size which is quite acceptable (or is it?).
So, what did I do wrong? Is it wrong to have both GPO and local security policy audit settings duplicated? What sort of log size do others see when object access auditing is turned on? Any good tips or tricks out there that anyone would like to share?
Thanks!
source: http://www.petri.co.il/forums/showthread.php?t=52923
Hi
I'd like to ask for some help and discussion about forum member's experiences and approaches to Windows file auditing. My network is a Windows 2008 Domain. There are 35 machines in the domain.
I was playing around with this yesterday and enabled auditing on our Windows 2008 Storage Server. I did this via the local security policy: Security Settings>Local Policies>Audit Policies>Audit object access and checked both success and failure. I had also set this via the default domain policy.
Next, I turned on auditing for Authenticated Users for one folder and all its subfolders. There were about 15 - 20 people accessing data from this folder. I turned on the following Success Audit settings for the folder: Traverse folder/execute file, List folder/read data, Create files/write data, Create folders/append data, Delete subfolders and files and Delete.
Just before I did this I saved and cleared the Security log and configured it to archive events when the log exceeded 20MB.
Everything worked as it should - I could see security events being logged that showed Event ID's 5140 Share accessed, 4656 handle requested, 4658 handle closed, 4663 attempt to access object, and 4660 object deleted.
What I was not was not expecting was that the security log would log so many events. In one hour 380MB of logs had been archived. One of the archived logs (remember they are 20MB each), was created and archived in just 20 seconds, but on average it took about 10mins for the 20MB limit to be reached.
So, after an hour's worth of logging I turned auditing off at both the local and GPO level, and removed auditing from the folder.
Today, I enabled auditing via the local security policy only, leaving the GPO auditing settings alone (Audit object access = Not defined), and set up auditing for the same folder exactly as it was configured yesterday. The logging is far less intense than it was yesterday. In nearly three hours the log is just over 3MB in size which is quite acceptable (or is it?).
So, what did I do wrong? Is it wrong to have both GPO and local security policy audit settings duplicated? What sort of log size do others see when object access auditing is turned on? Any good tips or tricks out there that anyone would like to share?
Thanks!
source: http://www.petri.co.il/forums/showthread.php?t=52923
SBS 2008 and Terminal Server CALS Licensing
source: http://forums.techsoup.org/cs/community/f/20/p/27644/96161.aspx#96161
When you purchase SBS 2008 you actually get two licenses. One for the SBS 2008 running on one computer ( this is the SBS package which includes Windows Server 2008, Exchange, WSUS, Hyper-V, and other stuff) and also a license for a 2nd Windows Server 2008 that can run on an additional computer.
The main SBS computer's Client Access Licenses (CALs)- (in your case 5 ) can be used to access that computer locally, or to access it remotely using a feature called Remote Web Workplace (RWW). This is not terminal services.
If you install the Server 2008 license on a second computer and join it to the SBS domain, then you can install Terminal Services and the Terminal Services license manager on that second server. At that point you have to purchase Terminal Services CALs (TS CALs) and install them into the license manager. These are NOT the same as the server CALs that came with SBS 2008.
Terminal Services presents a remote desktop to each licensed user or device when they log in. Remote Web Workplace allows each user to control and use his workstation remotely just as if he was sitting at his desk.
I suggest buying the "Windows Small Business Server 2008 Administrator's Companion" by Russel and Crawford for additional understanding of SBS. Its not hard to use SBS, but you do need to learn some server technologies which can be more easily grasped by reading rather by trying to figure it out.
Hal
When you purchase SBS 2008 you actually get two licenses. One for the SBS 2008 running on one computer ( this is the SBS package which includes Windows Server 2008, Exchange, WSUS, Hyper-V, and other stuff) and also a license for a 2nd Windows Server 2008 that can run on an additional computer.
The main SBS computer's Client Access Licenses (CALs)- (in your case 5 ) can be used to access that computer locally, or to access it remotely using a feature called Remote Web Workplace (RWW). This is not terminal services.
If you install the Server 2008 license on a second computer and join it to the SBS domain, then you can install Terminal Services and the Terminal Services license manager on that second server. At that point you have to purchase Terminal Services CALs (TS CALs) and install them into the license manager. These are NOT the same as the server CALs that came with SBS 2008.
Terminal Services presents a remote desktop to each licensed user or device when they log in. Remote Web Workplace allows each user to control and use his workstation remotely just as if he was sitting at his desk.
I suggest buying the "Windows Small Business Server 2008 Administrator's Companion" by Russel and Crawford for additional understanding of SBS. Its not hard to use SBS, but you do need to learn some server technologies which can be more easily grasped by reading rather by trying to figure it out.
Hal
Saturday, January 5, 2013
How to Configure SBS 2008 to Host POP3/IMAP4
How to Configure SBS 2008 to Host POP3/IMAP4
19 Sep 2008 9:00 AM
[Today's post comes to us courtesy of Shawn Sullivan]
Today’s post will discuss the steps necessary to allow your SBS 2008 server to host POP3 and IMAP4 services for external clients. This process consists of four parts:
Enabling POP3/IMAP4 on SBS 2008
After SBS 2008 setup completes, the POP3 and IMAP4 services are both stopped and set to manual for startup type. You can run the services.msc console to start them and change the startup type to automatic.
Launch the Exchange Management Console as administrator and expand Server Configuration > Client Access and click on the POP3 and IMAP4 tab. Here you can view the banner string, binding, authentication, connection, and retrieval settings for both services.
Launch the Exchange Management Shell as administrator and run Get-ImapSettings | fl or Get-PopSettings | fl to get the complete list of configuration settings in one list.
By default, both the POP3 and IMAP4 services require a TLS authenticated connection using an X.509 certificate. Exchange setup creates a certificate matching the server’s internal fully qualified domain name (FQDN) and configures both services to use it for TLS. When you run the “Internet Address Management Wizard” to configure you external FQDN, another certificate matching your external address is created and configured for POP3 and IMAP4 services. You can view your exchange certificates in the Exchange Management Shell with Get-ExchangeCertficate:
You need to change the certificate that POP3 and IMAP4 uses for TLS to the certificate that has been created by the “Internet Management Address Wizard”. This is done either through the management console or shell.
Run the Set-PopSettings or Set-ImapSettings with the –X509CertificateName option and enter the name of the certificate:
Or open the properties of POP3 or IMAP4, click on the Authentication tab, enter the certificate name.
Port forwarding POP3/IMAP4 through your firewall to the SBS 2008 server
For POP3, you need to open either TCP 110 or 995. For IMAP4, open either TCP 143 or 993, depending on whether you are configuring the client to encrypt the traffic with SSL or not. Whatever ports you are opening, they need to point to the IP address of the SBS 2008 server.
Windows Firewall is enabled on SBS 2008 by default with exceptions for both POP3 and IMAP4. Configuration changes will not be necessary.
Configuring POP3/IMAP4 settings on the client
Other than choosing the FQDN of the server you are connecting to and configuring user account settings, there are a couple of things to note about client setup.
To comply with Exchange’s default settings, Microsoft clients like Outlook, Outlook Express, or Windows Mail will need to configure POP3 to connect using SSL (port 995).
For IMAP, Outlook 2007 will allow you to authenticate with TLS using port 143. Earlier versions of Outlook, Outlook Express, and Windows Mail will need to connect using SSL (port 993).
If you are configuring your SBS 2008 server as your outgoing SMTP server, then you will need to authenticate using TLS on port 587. Once again, full details in the following blog post: How to Configure Trusted SMTP Relay in Exchange on SBS 2008.
Today’s post will discuss the steps necessary to allow your SBS 2008 server to host POP3 and IMAP4 services for external clients. This process consists of four parts:
- Enabling the POP3/ IMAP4 services on the SBS 2008 server.
- Port forwarding POP3 /IMAP4 through the firewall to the SBS 2008 server.
- Configuring Exchange 2007 for authenticated client SMTP relay.
- Configuring POP3/IMAP4 and SMTP settings on the client.
Enabling POP3/IMAP4 on SBS 2008
After SBS 2008 setup completes, the POP3 and IMAP4 services are both stopped and set to manual for startup type. You can run the services.msc console to start them and change the startup type to automatic.
Launch the Exchange Management Console as administrator and expand Server Configuration > Client Access and click on the POP3 and IMAP4 tab. Here you can view the banner string, binding, authentication, connection, and retrieval settings for both services.
Launch the Exchange Management Shell as administrator and run Get-ImapSettings | fl or Get-PopSettings | fl to get the complete list of configuration settings in one list.
By default, both the POP3 and IMAP4 services require a TLS authenticated connection using an X.509 certificate. Exchange setup creates a certificate matching the server’s internal fully qualified domain name (FQDN) and configures both services to use it for TLS. When you run the “Internet Address Management Wizard” to configure you external FQDN, another certificate matching your external address is created and configured for POP3 and IMAP4 services. You can view your exchange certificates in the Exchange Management Shell with Get-ExchangeCertficate:
You need to change the certificate that POP3 and IMAP4 uses for TLS to the certificate that has been created by the “Internet Management Address Wizard”. This is done either through the management console or shell.
Run the Set-PopSettings or Set-ImapSettings with the –X509CertificateName option and enter the name of the certificate:
Or open the properties of POP3 or IMAP4, click on the Authentication tab, enter the certificate name.
Port forwarding POP3/IMAP4 through your firewall to the SBS 2008 server
For POP3, you need to open either TCP 110 or 995. For IMAP4, open either TCP 143 or 993, depending on whether you are configuring the client to encrypt the traffic with SSL or not. Whatever ports you are opening, they need to point to the IP address of the SBS 2008 server.
Windows Firewall is enabled on SBS 2008 by default with exceptions for both POP3 and IMAP4. Configuration changes will not be necessary.
Configuring POP3/IMAP4 settings on the client
Other than choosing the FQDN of the server you are connecting to and configuring user account settings, there are a couple of things to note about client setup.
To comply with Exchange’s default settings, Microsoft clients like Outlook, Outlook Express, or Windows Mail will need to configure POP3 to connect using SSL (port 995).
For IMAP, Outlook 2007 will allow you to authenticate with TLS using port 143. Earlier versions of Outlook, Outlook Express, and Windows Mail will need to connect using SSL (port 993).
If you are configuring your SBS 2008 server as your outgoing SMTP server, then you will need to authenticate using TLS on port 587. Once again, full details in the following blog post: How to Configure Trusted SMTP Relay in Exchange on SBS 2008.
source: http://blogs.technet.com/b/sbs/archive/2008/09/19/how-to-configure-sbs-2008-to-host-pop3-imap4.aspx
Subscribe to:
Comments (Atom)