Is the server a VM

Issue: Have you ever worked at a large company and get someone telling you their server is a VM but you can’t locate it?

What might have happened:

  1. the servers name was changed at on the VM or OS and someone has the new or old name and it no longer synced correctly
  2. out of date inventory/cmdb
  3. it could be physical
  4. DNS alias

A workaround:

Here are some commands that will help track down the system, you can twink a few of these commands to get additional data. You will need access to the server OS that you are trying to track down for these commands to work.

Linux:
dmidecode -t system | grep ‘Manufacture\|Product\|Version\|Serial Number\|UUID’
dmesg | grep -i hypervisor (maybe)
ifconfig
hostname

Windows:
wmic computersystem get model,name,manufacturer,systemtype
ipconfig /all
hostname

Solaris:
prtdiag -v | head -3
/usr/sbin/ifconfig -a
arp -a
/usr/bin/netstat -pn | grep SP
ipadm show-addr (solaris 11+)
hostname
uname -n

The case of the missing mouse on windows 2012 via rdp

Issue: No mouse pointer after you RDP to some windows 2012 servers, seems to be more common from linux systems. Also in my research it seems this fix works for slow mouse pointers too in RDP

Workaround:

  1. launch control panel
  2. click on mouse options
  3. click on the pointers tab
  4. uncheck “enable pointer shadow”

If you need keyboard shortcuts:

  1. windows key +R for run command
  2. then “control main.cpl”
  3. uncheck “enable pointer shadow” *use tab if needed to select option.

References:

https://support.microsoft.com/en-us/kb/192806

https://support.microsoft.com/en-us/kb/126449

bonus https://social.technet.microsoft.com/Forums/windows/en-US/3dcd8f57-3efc-46e9-b2e1-34e61f3ddb3d/remote-desktop-connection-mouse-slow-with-windows-2012?forum=winserver8gen

 

RDP error Local Security Authority cannot be contacted

The error:

Remote Desktop Connection: An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote Computer: hostname or ip

The issue:

Seems to happen more on 2012 server but if you have Network Level Authentication enabled it will not prompt you for a GUI change password option if you have change password at next logon selected. This error could happen for other reasons as well

One of the possible fixes:

  1. uncheck change password at next logon if its selected
  2. use a different tool to change your password at first logon

Additional info can be found at https://blog.mnewton.com/articles/Solution-RDP-The-Local-Security-Authority-cannot-be-contacted/

Change password in RDP for 2012

Ctrl + Alt + End will create the same screen as Ctrl + Alt + Delete on your workstation. Useful on 2012 if you need to change your password via RDP.

File copy error

The Error: Error 0x80090006: Invalid Signature

Screen Shot 2014-05-13 at 2.43.31 PM

The Problem: We have had a few vmware VMs with some file copy problems. And they have produced some very odd messages.

The Workaround: Is to vmotion them to a new host. Seems to be an issue with the hosts physical network cards and network corruption.

Event ID 4227

Warning: Before making any registry changes or system change make sure you have backed up you system and registry.

The issue:

Log Name:      System
Source:        Tcpip
Date:          12/2/2013 11:52:26 AM
Event ID:      4227
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxxxxx
Description:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

The fix:

  • First use TCPview or netstat to view how many ports and connections are in use

Fix 1:

You can check the registry and via the command line to see the dynamic port pool size. And change it as need be.

To do it via registry key view HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort and see what that value is set to. Note this key might not exist you can create it if need be. http://technet.microsoft.com/en-us/library/cc938196.aspx. To do this as command line “netsh int ipv4 show dynamicport tcp” you can see more examples at http://support.microsoft.com/kb/929851/en-us if you are running out of ports you can use the command to increase the pool or change the reg key to complete this task.

Fix 2:

This might also be caused by the connection wait delay, if you have this problem you will find lots of connections in a time_wait status in TCPview or netstat.

If this is your problem you can adjust the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay http://technet.microsoft.com/en-us/library/cc938217.aspx to resolve this issue. Note again this key might not exist

 

Additional helpful link:

http://www.ittrainingday.com/2012/12/windows-server-tcp-port-starvation.html

large system volume information folder

The problem:

A very large “system volume information” folder at the root of one of your windows drives. My issues turned out to be shadow copies from C drive stored on D. And D was low on space.

More Information:

https://blogs.msdn.com/b/oldnewthing/archive/2003/11/20/55764.aspx?Redirected=true

The fix (for VSS/volume shadow copies):

  1. Checked the volume shadow copies and they where disabled on both C and D (but C drive listed 90GB used on D drive)
  2. As they where disabled to run in the first place (my guess is my backup software created them)
  3. I stopped “volume shadow copy” service
  4. Start “volume shadow copy” service
  5. Checked shadow copies and reported 0 used for both C and D drive.

 

If you need to perform this on windows past 2003 view http://blog.itprohelp.com/2010/04/system-volume-information-folder-it.html

Windows User profiles

This is going to be a mixed topic about user profile management.

Note: never delete a user profile out of Documents and Settings or Users. This will only remove the profile’s data, but not its information in the registry. This will cause errors later like unknown profiles.

How to correctly remove Windows profiles

  1. Open System in Control Panel.
  2. On the Advanced tab, under User Profiles, click Settings.
  3. Under Profiles stored on this computer, click the user profile you want to delete, and then click Delete.

Automated way to remove profiles

  • Use command line tool “delprof.exe”, works great for a terminal server’s with hundreds of profiles.
  • Tool can be downloaded from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=5405
  • You can find some good scripts as well just make sure they delete the registry data for the profile as well.

How to delete profiles with “NTUSER.DAT in use

  1. Make sure the user is not logged in
  2. reboot system, if reboot did not unlock ntuser.dat move on
  3. download “User Profile Hive Cleanup Service” from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=6676
  4. install
  5. reboot
  6. ntuser.dat should no longer be in use.
  • Note: this sometimes will also clean up profiles listed as unknown
  • Note: most “unlock” utilities will not unlock this .dat file.

Task Scheduler error {0}

The Error:

“The selected task “{0}” no longer exists. to see the current task, click refresh”

The Problem:

A task is out of sync with task scheduler

The Fix:

  1. make sure you have a backup of your C drive before you try the below steps
  2. Open task scheduler
  3. click the top most tree
  4. Count the number of errors you click ok on.
  5. close task scheduler (must do this step as you will only get the error once)
  6. Open task scheduler
  7. expand the task tree (don’t click on the top of the tree)
  8. start going down the tree task by task and click on each one. Record what tasks give you the errors and until you find all of them you counted in step 3
  9. go to %SystemFolder%\Tasks
  10. find the tasks that gave you the error and delete them.
  11. reopen task scheduler and the errors should be gone if completed correctly.

In my case I only had one with an error and it was disk defrag, so I opened up disk defrag and disabled the schedule and re-enabled it to recreate the window task.

Dr watson log and dmp location large

Problem:

Docuemnts and Setttings>userid>local settings> application Data>microsoft>Dr watson file: drwtsn32.log and file: user.dmp might be large and using up valuable space.

Fix:

Dr watson is activated at time of an program crash, its safe to delete these two files if you don’t need the data or if they are just old.