Is the server a VM

Issue: Have you ever worked at a large company and get someone telling you their server is a VM but you can’t locate it?

What might have happened:

  1. the servers name was changed at on the VM or OS and someone has the new or old name and it no longer synced correctly
  2. out of date inventory/cmdb
  3. it could be physical
  4. DNS alias

A workaround:

Here are some commands that will help track down the system, you can twink a few of these commands to get additional data. You will need access to the server OS that you are trying to track down for these commands to work.

dmidecode -t system | grep ‘Manufacture\|Product\|Version\|Serial Number\|UUID’
dmesg | grep -i hypervisor (maybe)

wmic computersystem get model,name,manufacturer,systemtype
ipconfig /all

prtdiag -v | head -3
/usr/sbin/ifconfig -a
arp -a
/usr/bin/netstat -pn | grep SP
ipadm show-addr (solaris 11+)
uname -n

How to change SRM DB password

The issue:

You need to change or already did change your database password that site recovery manager is using. In my case someone change the password and didn’t update it in SRM so the service wouldn’t start anymore.

The Fix:

  1. open cmd
  2. navigate to your SRM install directory and then the bin folder
  3. installcreds.exe -key db:databasename -u databaseuserid
  4. enter your new password



TSM error ANS2310E


TSM for VE will sometimes give error ANS2310E The create snapshot task is disabled on the virtual machine ‘*’. As a result, the virtual machine cannot be backed up.


If the VM is getting vmotioned or storage vmotioned, snapshot tasks will fail and this error will be created.


Retry the backup job at a later time after the vmotion is complete.

The case of the missing mouse on windows 2012 via rdp

Issue: No mouse pointer after you RDP to some windows 2012 servers, seems to be more common from linux systems. Also in my research it seems this fix works for slow mouse pointers too in RDP


  1. launch control panel
  2. click on mouse options
  3. click on the pointers tab
  4. uncheck “enable pointer shadow”

If you need keyboard shortcuts:

  1. windows key +R for run command
  2. then “control main.cpl”
  3. uncheck “enable pointer shadow” *use tab if needed to select option.




RDP error Local Security Authority cannot be contacted

The error:

Remote Desktop Connection: An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote Computer: hostname or ip

The issue:

Seems to happen more on 2012 server but if you have Network Level Authentication enabled it will not prompt you for a GUI change password option if you have change password at next logon selected. This error could happen for other reasons as well

One of the possible fixes:

  1. uncheck change password at next logon if its selected
  2. use a different tool to change your password at first logon

Additional info can be found at

Change password in RDP for 2012

Ctrl + Alt + End will create the same screen as Ctrl + Alt + Delete on your workstation. Useful on 2012 if you need to change your password via RDP.

File copy error

The Error: Error 0x80090006: Invalid Signature

Screen Shot 2014-05-13 at 2.43.31 PM

The Problem: We have had a few vmware VMs with some file copy problems. And they have produced some very odd messages.

The Workaround: Is to vmotion them to a new host. Seems to be an issue with the hosts physical network cards and network corruption.

Event ID 4227

Warning: Before making any registry changes or system change make sure you have backed up you system and registry.

The issue:

Log Name:      System
Source:        Tcpip
Date:          12/2/2013 11:52:26 AM
Event ID:      4227
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxxxxx
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

The fix:

  • First use TCPview or netstat to view how many ports and connections are in use

Fix 1:

You can check the registry and via the command line to see the dynamic port pool size. And change it as need be.

To do it via registry key view HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort and see what that value is set to. Note this key might not exist you can create it if need be. To do this as command line “netsh int ipv4 show dynamicport tcp” you can see more examples at if you are running out of ports you can use the command to increase the pool or change the reg key to complete this task.

Fix 2:

This might also be caused by the connection wait delay, if you have this problem you will find lots of connections in a time_wait status in TCPview or netstat.

If this is your problem you can adjust the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay to resolve this issue. Note again this key might not exist


Additional helpful link:

vea warning v-47-1-200

The problem: message v-47-1-200 comes up when you try to remove the last disk from a dynamic cluster volume group

The solution: offline the disk group from Microsoft fail over cluster, this will export the group in vea. once exported you can import the group again as a local dynamic group. You will then be able to remove that last disk.

large system volume information folder

The problem:

A very large “system volume information” folder at the root of one of your windows drives. My issues turned out to be shadow copies from C drive stored on D. And D was low on space.

More Information:

The fix (for VSS/volume shadow copies):

  1. Checked the volume shadow copies and they where disabled on both C and D (but C drive listed 90GB used on D drive)
  2. As they where disabled to run in the first place (my guess is my backup software created them)
  3. I stopped “volume shadow copy” service
  4. Start “volume shadow copy” service
  5. Checked shadow copies and reported 0 used for both C and D drive.


If you need to perform this on windows past 2003 view