large system volume information folder

The problem:

A very large “system volume information” folder at the root of one of your windows drives. My issues turned out to be shadow copies from C drive stored on D. And D was low on space.

More Information:

The fix (for VSS/volume shadow copies):

  1. Checked the volume shadow copies and they where disabled on both C and D (but C drive listed 90GB used on D drive)
  2. As they where disabled to run in the first place (my guess is my backup software created them)
  3. I stopped “volume shadow copy” service
  4. Start “volume shadow copy” service
  5. Checked shadow copies and reported 0 used for both C and D drive.


If you need to perform this on windows past 2003 view


Windows User profiles

This is going to be a mixed topic about user profile management.

Note: never delete a user profile out of Documents and Settings or Users. This will only remove the profile’s data, but not its information in the registry. This will cause errors later like unknown profiles.

How to correctly remove Windows profiles

  1. Open System in Control Panel.
  2. On the Advanced tab, under User Profiles, click Settings.
  3. Under Profiles stored on this computer, click the user profile you want to delete, and then click Delete.

Automated way to remove profiles

  • Use command line tool “delprof.exe”, works great for a terminal server’s with hundreds of profiles.
  • Tool can be downloaded from Microsoft
  • You can find some good scripts as well just make sure they delete the registry data for the profile as well.

How to delete profiles with “NTUSER.DAT in use

  1. Make sure the user is not logged in
  2. reboot system, if reboot did not unlock ntuser.dat move on
  3. download “User Profile Hive Cleanup Service” from Microsoft
  4. install
  5. reboot
  6. ntuser.dat should no longer be in use.
  • Note: this sometimes will also clean up profiles listed as unknown
  • Note: most “unlock” utilities will not unlock this .dat file.

Task Scheduler error {0}

The Error:

“The selected task “{0}” no longer exists. to see the current task, click refresh”

The Problem:

A task is out of sync with task scheduler

The Fix:

  1. make sure you have a backup of your C drive before you try the below steps
  2. Open task scheduler
  3. click the top most tree
  4. Count the number of errors you click ok on.
  5. close task scheduler (must do this step as you will only get the error once)
  6. Open task scheduler
  7. expand the task tree (don’t click on the top of the tree)
  8. start going down the tree task by task and click on each one. Record what tasks give you the errors and until you find all of them you counted in step 3
  9. go to %SystemFolder%\Tasks
  10. find the tasks that gave you the error and delete them.
  11. reopen task scheduler and the errors should be gone if completed correctly.

In my case I only had one with an error and it was disk defrag, so I opened up disk defrag and disabled the schedule and re-enabled it to recreate the window task.

FreeBSD jail how to access and connect

Quick reference list for working with freenas and jails/freebsd jails.

“jls” to list jails

“jexec 1 /bin/tcsh” to connect to jail 1 (might have to run as root or sudo)

Bonus package management:

"pkg_add -v -r " to install software in jail

"pkg_info" view all installed software in jail

"pkg_info | grep 'package name'" view details on one package

Dr watson log and dmp location large


Docuemnts and Setttings>userid>local settings> application Data>microsoft>Dr watson file: drwtsn32.log and file: user.dmp might be large and using up valuable space.


Dr watson is activated at time of an program crash, its safe to delete these two files if you don’t need the data or if they are just old.

Server hangs from RDP reboot


Do a GUI reboot from RDP session, and RDP closes/no longer works but never reboots server because windows hung. (mostly found out by checking console)

Best way to try and prevent:

use shutdown command

“shutdown /r” may need /f option, also switches could be different depending on  your windows version.

RDP Access Denied do to licensing

WARNING: as always use at your own risk and take a backup of your registry before trying.


RDP Access Denied when logging in.

What is needed:

  • Windows 2008 R2
  • Remote Desktop Services role
  • AD logins
  • May also have failed to renew license events in the event log

Log Name: System
Source: Microsoft-Windows-TerminalServices-RemoteConnectionManager
Date: xxxxxxxx
Event ID: 1028
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: xxxxxx
The remote session could not be established from remote desktop client xxxxxx because its license could not be renewed.

How to check for bug: connect to server via RDP console mode (mstsc /admin) with same login if it works you are getting this bug.


There is a known bug with Windows 2008R2 and the Terminal Services Role with Remote Desktop. Once installed if the following is not performed any user trying to log onto the server using AD credentials will not be allowed to logon.

The registry key affecting this behavior must be created and set. This change is only required on those servers hosting the Remote Desktop Role.

  1.  Go to start menu, run , and type regedit and choose enter.
  2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server
  3. Create a DWORD value called (IgnoreRegUserConfigErrors) and assign the value 1 to this property.

No reboot required will work for any new RDP connections

This could also be related to token size too, may want to check if you are getting kerberos errors because of token size

How to restart RDP without rebooting windows

WARNING: Test this process before you try it on an production system, to make sure you like the results and have the process down.


RDP has stopped working but your server still work just users can’t connect to modify applications

The most common fix is to reboot windows, because “Remote Desktop Services” aka TermService can’t be restarted at least thats the case on 2003 as the option is grayed out. This will also create an outage just for a remote control issue and thats not always desirable.

The fix: (remotely)

from command line

  1. tasklist /s \\servername /svc /fi “imagename eq svchost.exe” (locate PID for TermService)
  2. taskkill /s \\servername /pid xxxx (may need /f to force, UAC might give problems as well)
  3. sc \\servername start TermService

The Fix: (local, using remote admin card/other remote control software/other remote command line)

From command line

  1. tasklist /svc /fi “imagename eq svchost.exe” (locate PID for TermService)
  2. taskkill /pid xxxx (may need /f to force, UAC might give problems as well)
  3. sc \\servername start TermService

more helpful RDP troubleshooting

WER folder too big


C:\ProgramData\Microsoft\Windows\WER is large possibly GB’s of data.


The configuration of Windows Error reporting is configured wrong. Large amounts of data are stored in this location before the error’s are reported to microsoft. If the setting is not to send automatically then this folder is just going to grow.


Windows Error reporting is used to report errors to microsoft and then pooled and the largest offenders are repaired via patches etc. Also reports solutions if your problem has already been fixed.

Solution 1: (recommended)

  1. change Windows Error reporting setting’s to auto send (found in server manager)
  2. open control panel>problem reports and solutions
  3. select all>right click> check for solution
  4. the folder should be small after this

Solution 2: (if you are worried about security)

  1. disable windows error reporting
  2. open control panel>problem reports and solutions
  3. select all>right click> delete
  4. folder should be small

Cluster Administrator access is denied

Warning: following the below steps could harm your system if you don’t know what you’re doing, please have a up-to-date backup.

Problem: Domain account and local admin both in local administrators group, get an error when trying to access cluster with cluster administrator. An error occurred attempting to open cluster node ‘name’. access is denied. Error ID: 5 (00000005)

The possible Fix: check registry setting HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa and key LMCompatibilityLevel if that is set to 1 you might have this problem. Other things could effect cluster admin and give this error, this is one of them.

  1. backup registry
  2. run regedit
  3. navagate to HKLM\System\CurrentControlSet\Control\Lsa
  4. LMCompatibilityLevel
  5. if set to 1 change to 2 (other options could work in your environment, also no reboot should be needed)
  6. Cluster administrator should now work