Archive for the ‘microsoft’ Category

« Older Entries
Newer Entries »

Odd Windows DNS Issue…….

Thursday, January 21st, 2010

Hmmmm, something is up with DNS at work. Randomly (anything from a week to 2 months) it seems to stop resolving .co.uk for some domains (especially www.bbc.co.uk) ? Nothing recorded in the eventlog for the times while it is behaving like this. Restarting DNS server fixes the problem for a while until it breaks again.

I recently patched server 2008 to SP2 as I found some issues that were fixed in that SP (like incomplete zone transfers which broke some stuff a while back).

But the service pack does not seem to have fixed this random sulking occuring in DNS.

For now I have enabled DNS debugging to a file on the system and restarted DNS, now I will need to patiently wait for it to act up again so I can have a peek and see if anything looks amiss.

I can find nothing solid on google either. If I ever get to the bottom of it I’ll re-post here, but in the mean time if anyone has any ideas let me know as I am stumped.

Tags: ,
Posted in dns, microsoft, windows | No Comments »

Reluctant MCSE……

Saturday, January 16th, 2010

Yep…..guess it probably about time to get my Microsoft certifications in order. My current ones are either :

a) Valid but horribly out of date
b) Lapsed completely

Well, the last MS exam I sat was back when NT4 was considered all the range !

So I’ll be procuring a box set of the core essentials books from MS press and spending a lot more nights at home.

Would also be cool to find a study group based in London (if such a thing exists, a quick skim of the first few pages of Google yielded nothing).

Will probably post progress and notes here as I go along (in the hope that it could help others).

Tags: , ,
Posted in mcse, microsoft | No Comments »

Kaspersky NDIS 6 Filter Causes Network Loss…..

Wednesday, August 19th, 2009

We use Kaspersky for anti virus in the office. It’s an ok product, no better or worse than any others I have worked with. It did however turn out to be the cause of an issue that I was unable to figure out for a while now.

On x64 bit Vista systems, when moving large files across the network, the PC would suddenly loose it’s network connection. The network icon in the system tray would get a little yellow warning triangle on it and the status would indicate a connectivity issue.

It did not do this on systems that did not have kaspersky installed how ever. So I tried disabling the x2 Kaspersky services (anti virus and network agent). While this made the problem happen less, it did not go away completely, if I copied x3 or x4 large files (2gb+ in size each) at the same time, the network connection would drop again.

The problem was made even worse because there was no way to get the connection back without restarting the machine. Disabling and re-enabling the interface did not work, using netsh to reset the interface and winsock also did not work. The machine would become unstable and need a power cycle in the end.

I thought perhaps it was being caused by using bad network interface card drivers, so I downloaded the latest ones from the vendor web site but still the connection dropped under heavy load.

And then I spotted it. while checking the driver details for the network interface. kaspersky had added a protocol stack component that I knew nothing about, the ‘kaspersky NDIS 6 filter’.

kaspersky ndis 6 filter

kaspersky ndis 6 filter

Checking on the kaspersky site, it seems that this is a network level embedded packet interceptor. as packets arrive and leave the network card interface, the NDIS driver intercepts them for scanning to try to determin if the packet contains malicious content. It would seem that under heavy network load, the intercepts become too much and it trashes the network stack beyond repair.

Disabling this component by clearing it’s checkbox and unbinding it from the network stack seems to have fixed the issue and I was able to copy x8+ large files (2GB+) simultaneously without any connection issue. It also seems to have corrected a more minor issue I was experiencing with system pauses when network operations were happening.

I hope this helps anyone else having these issues.

Tags: , , ,
Posted in kaspersky, vista | 3 Comments »

Change Of h’E'art……

Friday, August 7th, 2009

Further to my recent post regarding the RTM version of Windows 7 in Europe being suffixed with the letter ‘E’ and having no browser installed by default, it would seem MS have had a change of heart.

The European version will now ship with IE installed just like the rest of the world. But in order  to keep the European Commission happy, shortly after the end user setup has completed, Microsoft will push a ballot software application onto the machine allowing the user to chose a different browser to be installed and configured as the default if they wish.

I can’t imagine MS are too happy using their platform to promote software from competitors, but it seems to be the best way to satisfy the EU that everyone is being given a fair choice.

e

Tags: , ,
Posted in microsoft, windows 7 | No Comments »

Everything Starts With An ‘e’……..

Wednesday, July 22nd, 2009

Just read this post (admittedly, a little behind the times, but I have been very busy). It seems that in Europe, MS are being forced to remove IE from Windows 7 when it launches, and to comemerate this, all European versions of Windows 7 will have an ‘e’ appended to the product name (so for instance Windows 7 Home Premium ‘E’).

I cannot believe that with all the ‘smarts’ that work at MS this is the best idea they could come up with. The cost of x2 completely sets of packaging for US and EU materials !! And, seeing as what I suspect what will end up happening is a link on the desktop entitled ‘click here to install a web browser’ that will simply…..no wait for it…..download and install IE from the MS site, I have to ask  ‘what’s the point ?’

Without this link for dummies, they would also appear to have created and chicken and egg type scenario (at least for the lowest demonination of user). If you have no browser on your PC, how do you download a browser ? Yes, I know the smarter among us can just ftp/sftp one down from our favourite downloads site, but I dont fancy trying to talk my parents through that particular operation on a week day evening :o(

Why not simply force MS to incude a bunch of the top browsers. That way people (even dumb ones) could just sample and then remove (or ignore if they have the disk space) the ones they don’t like ?

It also looks like there will be no upgrade option for Europe either. So clean installs all round with the gnashing of teeth as people realise they didn’t get everything off that they needed before wiping the system.

What I still find more outrageous is that MS are still inflicting their version of paint on people and the EU have not said a word…….!!

e

Tags: , ,
Posted in microsoft, windows, windows 7 | No Comments »

Where Did Everybody Go ?……

Friday, July 17th, 2009

When creating dynamic distribution groups (DDG) on Exchange server 2007 (distribution lists (DL) where the members are derived from an ldap query) you need to specify the active directory container where the query is to be applied !!

Failure to specify this will result in the query scope being set to the default ‘domainname/users’ container (not a problem if this is where your users happen to be, mine do not !!). The problem was that the power shell command to get the members of a DDG was working fine for me, but the exchange management console was not (the console was right).

I created a ‘test’ DDG and set it to include all users who had a mailbox. I then sent it an email and……nothing happened. I used message tracking to find where my message was going and saw

EventID : Expand, RecipientCount : 0   Since there are no recipients, the Expand Event within the Routing task was not followed by a transfer or delivery

When exchange was expanding the DDG to get the members there were none :o(

It was around this time I spotted an available parameter for DDG, -RecipientContainer. The recipient container was currently set to ‘domainname/users’ which is not where my user objects are located, they are in ‘domainname/our stuff/user/<dept>’ where each <dept> is a departmental subfolder (allows me a lot of control for group policy objects !).

I adjusted the DDG –recipientcontainer to ‘domainname/our stuff’ and presto, the list bursts into action and everyone gets an email. The ldap query seems to be recursive as all users in all sub containers were affected.

So for exchange DDG’s it not just what you make, but where you point it too that matter :oO

msexch

Tags:
Posted in exchange 2007, microsoft | No Comments »

x64 Bit sysprep.xml Answer File

Monday, June 29th, 2009

Note to self……..when imaging a x64 bit system, you need to create and use a x64 bit answer file using the windows system image manager (SIM) and a x64 bit install.wim file to generate the catalog !!

Very important, do not forget this again :os

x64 bit

x64 bit

Tags: ,
Posted in imaging, vista, windows | No Comments »

iBroken !!….

Sunday, June 28th, 2009

So the title of this post should be something like ‘iphone will not sync with itunes on vista with roaming profile folders’, but I couldn’t resist, ibroken sums it up so well :o)

Yep, my iphone won’t work with my office PC. Well, mine does obviously as I am an administrator with god like powers on our office network. But for my poorer cousins, the standard user, they have their environment subtley controlled for them via the use of microsoft group policies.

The policies in place are not restrictive in nature. They are  simply there to help make certain things transparent to them or make my life easier as an admin and give me some peace of mind about my users data.

The one causing the breakage of the iphone sync is the roaming user profile folder(s). We use roaming profiles to allow people in the office to be able to login to any desktop and have their personal settings follow them around. We also redirect the ‘documents’ folder to a network location so that all their files are in one place and backed up for security.

Under Windows Vista, the user profile folder(s) structure changed a bit. in  Windows XP, user profiles were stored in”C:\Documents and Settings”, but in Windows Vista they are now stored in “C:\Users\”. in order to maintain backwards compatibilty with earlier windows software, Windows Vista has a junction point for ‘C:\Documents and Settings” that points it to “C:\Users” (a junction point is a bit like a shortcut but it will also work in DOS). The junction point makes sure that any application trying to access “C:\Documents and Settings” gets directed to “C:\Users”

Microsoft also changed the structure of the folders that make up the user profile under Windows Vista

\Documents and Settings\<user>\Application Data

now points to


\Users\<user>\AppData\Roaming

and


\Documents and Settings\<user>\Local Settings\Application Data

now points to


\Users\<user>\AppData\Local

And I *think* this may be where the problem is. NTFS juntion points can only point to another location on the local file system, not a netwok location. itunes will be trying to access “C:\Documents and Settings\scottb\Local Settings\Application Data”, and will be hitting the junction point that redirects it to “C:\Users\scottb\AppData\Romaing”. With folder redirection turned off the story ends here, the location is still on the local filesystem, itunes simply follows the new file path and backups up the iphone in the correct location.

But we have this folder redirected to a network share using a group policy, the “C:\Users\scottb\AppData\Romaing” gets further redirected to a network share file path……and it all just fails.

At this time however, this is only a theory as I cannot understand why only itunes is affected like this and not any other apps (who must also be getting the network redirect for the AppData folder !).

More on this [as|when|if] I figure it out………

ibroken

ibroken

Tags: ,
Posted in apple, iphone, vista | 1 Comment »

Just Plain Weird !!!……

Wednesday, June 24th, 2009

I wracked my brain to come up with a title for this one, but I was simply stumped for how to describe this event

I decided I would allow the MS updates tool to download and install IE8, after all I am running Vista and should really try and keep up with all MS mainstream product versions.

The download kicked off ok and then it installed and required a reboot, which I agreed to…….then I entered the MS twlight zone ?!!

x2 issues/bugs/errors/conditions/*features* seemed to occur as result of installing IE8. The first was that while IE8 would load and display a web page no problem, it would not open a link in a new tab. The tab would launch and then sit there doing nothing. This behaviour was also apparant for trying to right click and launch a link in a new IE8 window. It just did nothing. However, just clicking on a link would load the page into the current tab ok. This meant a morning of getting used to navigating backwards and forwards through my browsing history, which was cumbersome to say the least.

Then I discovered another little gem. Windows explorer would no longer open folders in the same window. Every folder I double clicked opened in a new explorer window. I checked my folder options and changed and applied some settings and then reset them back and applied them to be certain the options were being set, but Vista refused to take this onboard and continued to clutter up my desktop. Right clicking a folder and selecting explore (which was bolded as the context default option by the way) worked ok, but double click was broken :o(

Owing to a deploy of the new site being in progress while this was going on (note to self:: never upgrade your system again during critical moments. grrrrrrrr !!) I had to tolerate this behaviour for the better part of the morning, I now have mild RSI of the second finger on my hand from all the right clicking I had to do (I almost dropped to a DOS prompt to get the work done it got that bad).

Then, while trying to figure out why I had some on page controls missing on the new version of the site, I launched IE8 as administrator……..and it all went back to normal. Possibly a coincidence, but I know where I’m hedging my bets. Just annoying that if permissions was the problem at the time, UAC did not kick in and advise me so (and how come after launching IE8 as admin IE8 and explorer are working fine for me as non admin ??)

Like I said, just plain weird :oD

weird

Tags: ,
Posted in vista, windows | No Comments »

WMI Restart Windows Services

Wednesday, June 10th, 2009

Ok

So the title for this post isn’t smart or quippy. and there is a very good reason for this. I needed a script that could restart a windows service or services. I couldn’t find any good ones :o(

I searched using various combinations of the words “wmi, windows, services, restart, start, stop”. While I found a lots of scripts, they all lacked a certain resiliancy that I like in my automation solutions. Essentially they all went something like this (the wmi has been translated into an english procedure so everyone can understand)

  • connect to windows using wmi
  • find all the services
  • select the one that we are interested in using a for/next loop
  • send it a stop signal
  • wait for some random amount of time (between 1 and 2 mins say !)
  • send the same service a start signal
  • move on to the next service
  • exit the script when we have restarted all the services we want to do

Anyone see the problem ? How long do you give a windows service to stop sucessfully ?  Or start for that matter ! These scripts all seemed to wait for a minute or two, and then procede with the assumption everything happend ok. At some point, that kind of thinking with software will bite you in the ass. Here was what I was looking for

  • connect to windows using wmi
  • find all the services
  • select the one that we are interested in
  • check it current state (running or stopped)if the service is stopped, send it a start signal
  • check every 10 seconds for 5 mins that the status has switched to running
  • if the service does not go into a running state after mins, email an smtp address advising the service is misbehaving and then exit the script
  • if the service is already in a running state, send it a stop signal
  • check every 10 seconds for 5 mins that the status has switched to stopped
  • if the service does not go into a stopped state after mins, email an smtp address advising the service is misbehaving and then exit the script
  • if the service does go into a stopped state within 5 mins, run the section of code for starting a service
  • again, monitor the servce to make sure it does restart, if not for any reason, send a warning email

Using this method no assumptions are made about the running state of the service, or it’s response to being told to stop/start. Worst case scenario, it fails to do what it is told and you get an email warning you the you need to intervene manually, at least the failure is known about and can be managed.

The code for this is shown below. Feel free to copy and adapt to suit your own purpose(s) :oD

'needs be run with administrator privileges in oder to work ! we are doing stuff to services after all !!
'the script gives each service x5 mins to change it's state. if this had not occured within that time
'the script sends a failure email and exits

'define the computer name and the services we want to restart. use "." for local host
'the service names are based on their display names, not their short form/function names !
'define the counter used to determin when 5 mins has elapsed
strComputer = "."
arrServices = Array("Kaspersky Administration Server", "Kaspersky Anti-Virus", "Kaspersky Anti-Virus Script Interceptor Dispatcher", "Kaspersky Lab Cisco NAC Posture Validation Server", "Kaspersky Network Agent")
Dim Count

'loop through each service
For each strService in arrServices
	'connect using standard monkier
	Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	'get an array containing all services
	Set objItems = objWMIService.ExecQuery ("Select * from Win32_Service")
	'for each service compare it's display name to the current one we are looking for
	For each objService in ObjItems
		'if we get a service display name match
		If objService.DisplayName = strService Then
			'display the current service along with it's current state
			wscript.echo "service name = " & objService.DisplayName & " currently :: " & objService.State
			'if it is currently running, attempt to stop it
			If objService.State = "Running" Then
				wscript.echo ""
				wscript.echo "stopping service..."
				wscript.echo ""
				objService.StopService()
				'wait for 10 seconds, then refresh our view of the current object state
				wscript.sleep 10000
				objService.Refresh_
				'if the service is still not in a stopped state, repeatedly re-check the object status every 10 seconds
				'we also check how many times we have already cheked and exit is it is greater than 29 (30*10seconds = 5mins)
				'initialise counter
				Count = 1
				'start checking comparison loop for 'stopped' condition
				'we need to update the objService.State view using objService.Refresh_ for each iteration to make sure we are seeing the
				'current state of the service
				While objService.State <> "Stopped"
					objService.Refresh_
					'for testing/debuging on the console, tell the user what is going on
					'this will not show up when the script is run as a scheduled job
					wscript.echo ""
					wscript.echo "waiting for service to Stop :: current count = " & Count
					wscript.echo ""
					'wait 10 seconds then increase the counter by 1
					wscript.sleep 10000
					Count = Count + 1
					'if we have reached 30 attempts then bow out and send an email advising manual intervention
					If Count > 29 then
						SendFailedMsg
						wscript.echo "service has taken too long to respond. aborting script"
						wscript.quit
					Else
					End if
					'otherwise we have not reached 30, go round again
				Wend
				'once the service has stopped, let us know
				wscript.echo "service is now " & objService.State
				'now attempt to restart the service, making sure it is definateley stopped first
				If objService.State = "Stopped" Then
				wscript.echo ""
				wscript.echo "attempting to restart service " & objService.DisplayName
				wscript.echo ""
				objService.StartService()
				'wait 10 seconds, the refresh our view of the current object state
				wscript.sleep 10000
				objService.Refresh_
				'if the service is not in a running state, repeatedly re-check the object status every 10 seconds
				'we also check how many times we have already cheked and exit is it is greater than 29 (30*10seconds = 5mins)
				'initialise counter
				Count = 1
				'start checking comparison loop for 'running' condition
				'we need to update the objService.State view using objService.Refresh_ for each iteration to make sure we are seeing the
				'current state of the service
				While objService.State <> "Running"
					objService.Refresh_
					'for testing/debuging on the console, tell the user what is going on
					'this will not show up when the script is run as a scheduled job
					wscript.echo ""
					wscript.echo "waiting for service to Start"
					wscript.echo ""
					'wait 10 seconds then increase the counter by 1
					wscript.sleep 10000
					Count = Count + 1
					'if we have reached 30 attempts then bow out and send an email advising manual intervention
					If Count > 29 then
					SendFailedMsg
					wscript.echo "service has taken too long to respond. aborting script"
					wscript.quit
					Else
					End if
					'otherwise we have not reached 30, go round again
				Wend
				'once the service has started, let us know
				wscript.echo ""
				wscript.echo "service is now " & objService.State
			Else
				'otherwise, if the service must already stopped for some reason ? check first, and attempt to start it
				If objService.State = "Stopped" Then
					wscript.echo ""
					wscript.echo "attempting to restart service " & objService.DisplayName
					wscript.echo ""
					objService.StartService()
					'wait 10 seconds, the refresh our view of the current object state
					wscript.sleep 10000
					objService.Refresh_
					'if the service is not in a running state, repeatedly re-check the object status every 10 seconds
					'we also check how many times we have already cheked and exit is it is greater than 29 (30*10seconds = 5mins)
					'initialise counter
					Count = 1
					'start checking comparison loop for 'running' condition
					'we need to update the objService.State view using objService.Refresh_ for each iteration to make sure we are seeing the
					'current state of the service
					While objService.State <> "Running"
						objService.Refresh_
						'for testing/debuging on the console, tell the user what is going on
						'this will not show up when the script is run as a scheduled job
						wscript.echo ""
						wscript.echo "waiting for service to Start"
						wscript.echo ""
						'wait 10 seconds then increase the counter by 1
						wscript.sleep 10000
						Count = Count + 1
						'if we have reached 30 attempts then bow out and send an email advising manual intervention
						If Count > 29 then
						SendFailedMsg
						wscript.echo "service has taken too long to respond. aborting script"
						wscript.quit
						Else
						End if
						'otherwise we have not reached 30, go round again
					Wend
					'once the service has started, let us know
					wscript.echo "service is now " & objService.State
					wscript.echo ""
					End If
				End If
			End If
		End If
	Next
Next

SendSucessMsg

Sub SendFailedMsg()
    Set objEmail = CreateObject("CDO.Message")
    objEmail.From = "email@yourcompany.com"
    objEmail.To = "email@yourcompany.com"
    objEmail.Subject = "KAV Recycle failed on objEmail.Textbody = "KAV services recycle failed on . Please check services manually"
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "yourmailserver.company.com"
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
    objEmail.Configuration.Fields.Update
    objEmail.Send
End Sub

Sub SendSucessMsg()
    Set objEmail = CreateObject("CDO.Message")
    objEmail.From = "email@yourcompany.com"
    objEmail.To = "email@yourcompany.com"
    objEmail.Subject = "KAV Recycle suceeded on . Hooray !!"
    objEmail.Textbody = "KAV services recycle completed OK on :o)"
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "yourmailserver.company.com"
    objEmail.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
    objEmail.Configuration.Fields.Update
    objEmail.Send
End Sub

Once I got this script to run in an admin enabled DOS prompt window, the next step was to run it as a job via the job scheduler under windows. You need to run the job as the SYSTEM user, and tick the box to ‘run with highest available permissions’ in order for this to work. Running as a scheduled job, there is no console to display the output for the job, but you can have the services panel loaded and keep refreshing the view to see your services status changing as the script runs through them.

Overall result will be you get an email advising of a sucessful recycle of your services, or a failure one with a note to check what’s going on.

Enjoy :oD

Tags:
Posted in microsoft, scripting, vbscript, windows | 2 Comments »

« Older Entries
Newer Entries »