Event ID 4227

Warning: Before making any registry changes or system change make sure you have backed up you system and registry.

The issue:

Log Name:      System
Source:        Tcpip
Date:          12/2/2013 11:52:26 AM
Event ID:      4227
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxxxxx
Description:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

The fix:

• First use TCPview or netstat to view how many ports and connections are in use

Fix 1:

You can check the registry and via the command line to see the dynamic port pool size. And change it as need be.

To do it via registry key view HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort and see what that value is set to. Note this key might not exist you can create it if need be. http://technet.microsoft.com/en-us/library/cc938196.aspx. To do this as command line “netsh int ipv4 show dynamicport tcp” you can see more examples at http://support.microsoft.com/kb/929851/en-us if you are running out of ports you can use the command to increase the pool or change the reg key to complete this task.

Fix 2:

This might also be caused by the connection wait delay, if you have this problem you will find lots of connections in a time_wait status in TCPview or netstat.

If this is your problem you can adjust the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay http://technet.microsoft.com/en-us/library/cc938217.aspx to resolve this issue. Note again this key might not exist

 

Additional helpful link:

http://www.ittrainingday.com/2012/12/windows-server-tcp-port-starvation.html

Windows User profiles

This is going to be a mixed topic about user profile management.

Note: never delete a user profile out of Documents and Settings or Users. This will only remove the profile’s data, but not its information in the registry. This will cause errors later like unknown profiles.

How to correctly remove Windows profiles

1. Open System in Control Panel.
2. On the Advanced tab, under User Profiles, click Settings.
3. Under Profiles stored on this computer, click the user profile you want to delete, and then click Delete.

Automated way to remove profiles

• Use command line tool “delprof.exe”, works great for a terminal server’s with hundreds of profiles.
• Tool can be downloaded from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=5405
• You can find some good scripts as well just make sure they delete the registry data for the profile as well.

How to delete profiles with “NTUSER.DAT in use“

1. Make sure the user is not logged in
2. reboot system, if reboot did not unlock ntuser.dat move on
3. download “User Profile Hive Cleanup Service” from Microsoft https://www.microsoft.com/en-us/download/details.aspx?id=6676
4. install
5. reboot
6. ntuser.dat should no longer be in use.

• Note: this sometimes will also clean up profiles listed as unknown
• Note: most “unlock” utilities will not unlock this .dat file.

Server hangs from RDP reboot

Problem:

Do a GUI reboot from RDP session, and RDP closes/no longer works but never reboots server because windows hung. (mostly found out by checking console)

Best way to try and prevent:

use shutdown command

“shutdown /r” may need /f option, also switches could be different depending on  your windows version.

How to restart RDP without rebooting windows

WARNING: Test this process before you try it on an production system, to make sure you like the results and have the process down.

Problem:

RDP has stopped working but your server still work just users can’t connect to modify applications

The most common fix is to reboot windows, because “Remote Desktop Services” aka TermService can’t be restarted at least thats the case on 2003 as the option is grayed out. This will also create an outage just for a remote control issue and thats not always desirable.

The fix: (remotely)

from command line

1. tasklist /s \\servername /svc /fi “imagename eq svchost.exe” (locate PID for TermService)
2. taskkill /s \\servername /pid xxxx (may need /f to force, UAC might give problems as well)
3. sc \\servername start TermService

The Fix: (local, using remote admin card/other remote control software/other remote command line)

From command line

1. tasklist /svc /fi “imagename eq svchost.exe” (locate PID for TermService)
2. taskkill /pid xxxx (may need /f to force, UAC might give problems as well)
3. sc \\servername start TermService

more helpful RDP troubleshooting

http://support.microsoft.com/kb/2477176

How to create custom computer policy adm from registry

The problem:

Had to change the default regional settings on windows server 2003 so an application would show data correctly, it was installed as US regional settings but was used in EU. So come to find out that windows does not have a system-wide regional setting. At installation the default profile is set with what was picked at installation. And that default profile is used for all user accounts that get created so after an account is created it stores its own regional settings (currency, date, time, etc). Well come to find out that this is all stored in the registry and we have the option to do a login script, local GPO, domain level GPO, or just delete all the current user profiles. I went with local GPO as it was only for a few systems.

Waring: Make sure you backup your system before you do the steps below and if you don’t know what you’re doing in the registry you may not want to do this as it could destroy your system.

The fix:

1. Make a copy of registry as a backup
2. Make the change as the current user, to the regional settings you want (control panel>regional and language options) on advanced tab check apply all settings to current user and default profile (this will change it for your userid and all new ones)
3. Make a copy of new changes (export reg key HKEY_CURRENT_USER>Control Panel>International) Note: HKEY_USERS>.DEFAULT>Control Panel>International is the default user settings but you DON’T want to copy this one.
4. user a reg to .adm converter tool or create the .adm yourself (RegToADM from the nuts.exe package from http://yizhar.mvps.org/)
5. copy new adm file to C:\windows\inf
6. open gpedit.msc
7. add your new .adm file to the User Configuration>Administrative Templates (right click add/remove templates, then add and find your new .adm file)
8. change your filter options (have administrative templates highlighted and view>filtering, uncheck only show policy settings that can be fully managed. Otherwise you will not see your settings)
9. enable all your new settings (go to your newly created folder under User Configuration>Administrative Templates that the .adm file created, this will now update all current user profiles with the new settings after they login)
10. May need to reboot if its not working well with your applications

Helpful links if you need more help

http://support.microsoft.com/kb/924852
http://support.microsoft.com/?kbid=323639
http://www.windowsitpro.com/article/registry2/jsi-tip-0311-regional-settings-in-the-registry-
http://yizhar.mvps.org/
http://support.microsoft.com/kb/225087
https://www.youtube.com/watch?v=Up0Sd_R8KNM
https://groups.google.com/forum/?fromgroups#!topic/microsoft.public.win2000.group_policy/HbN-0gfR_MU
https://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx?Redirected=true

Windows Print queue status offline

I had a painful printer the other day that was listing its queue status as offline, after troubleshooting it to find out is was online was a big pain. I would ping the printer IP address but the queue listed as offline. So I restarted the printer spooler no help. The solution was a miss configuration in the printer port that was created by someone else.

1. So go to the printer queue on your print server or from print management
2. Click ports
3. Configure port
4. (helpful to take a screenshot of current settings) try to enable/disable SNMP status and update the protocol to see if that fixes your status.

Mine was the SNMP status it was enabled and was telling the queue it was down.

Print Server was windows 2003

How to debug a VM with a serial port

1. Get your VM in Vmware workstation or Vmware server (with windows running as the host)
2. Add a serial port to the vm
3. Configure the serial port as

   

4. Configure Msconfig

   

5. Reboot
6. Configure BIOS (may not be needed) change serial port A and B

   

7. Install Debugging Tools for Windows
8. Open Windbg
9. Configure Symbol path (srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols)
10. save workspace

    

11. Configure Kernel Debug

    

12. Save workspace
13. Go to debug>break
14. And it should connect

How to align Windows disks in VMware with Netapp disk

Warning: Always have a backup before you perform disk alignments in windows

How to check Drive alignment in windows:

1. run “System Information” (msinfo32.exe in Start-> Run)
2. and select Components .. Storage .. Disks
3. scroll to the bottom and you will see the Partition Starting Offset information.
4. This number needs to be perfectly divisible by 4096.
5. The default .vmdk, you will see the Partition Starting Offset set to 32,256  (32,256 / 4096 = 7.875)
6. and thus this file system is not correctly aligned.

 Align C Drive

To do this after a P2V or after the fact

http://blogs.netapp.com/storage_nuts_n_bolts/2009/01/mbrscanmbralign.html to use mbrscan and mbralign in the ESX console to align, you will need to go to the host the VM is running on to do the steps (not for ESXi because they are part of netapp host tools that needs to be installed)

New VM

create your vm and use a boot disk before you install the OS to align the disk (follow align other disk section)

How to align other windows disks

Important warning: If you do these steps on C drive you will lose your data

Note: if you have a misaligned disk you will need to create a new disk perform the steps and migrage the data, After you have added a new disk to your VM and NOT formated it follow the below steps, this might work with the align C drive steps to save recreating and migrating data, but have not tried it.

1. CMD>diskpart
2. DISKPART> list disk (disks should be listed)
3. DISKPART> select disk # (This selects the disk drive)
4. DISKPART> list partition (This step should result in a message stating “There are no partitions on this disk to show.” This message confirms the disk is blank)
5. DISKPART> create partition primary align=64
6. Viewing the disk using “System Information” the Partition Starting Offset is now 65,536… 65,536 / 4096 = 16, and thus this file system is properly aligned to the storage blocks.
7. Format it

Another note: is currently VMware converter does not align your harddrives this will need to be done after you do your P2V, and you do not need these steps for Windows 2008 it should be aligned from the install.

How to manage Termial services via Command line

I came a cross a problem when trying to connect to a system with the GUI Termical Services manager, had to use a different username and password and it came back as fail to login with the run as. I needed to clear some of the old disconnected sessions for a windows 2000 server. So I came a cross this blog http://weblogs.asp.net/owscott/archive/2003/12/30/Managing-Terminal-Services-Sessions-Remotely.aspx. about how to use qwinsta /server: and rwinsta /server: to view and disconnect the sessions, I did already have a IPC$ connection to the server with the user name that i needed not sure if that is why i did not get prompted for a user name and password via command line.

 

Another great resource http://technet.microsoft.com/en-us/library/cc775998(v=ws.10).aspx

Speed Up Windows 2003

Warning: Perform a system backup before making changes to your registry

There is a registry setting that is enabled for 2003 that is now disabled in 2008/Vista. This updates the last-accessed time of a file when applications open, read, or write to the file. This plays a part on Virtualized servers do to a increase in Disk I/O and CPU load.

http://www.microsoft.com/whdc/system/sysperf/Perf_tun_srv.mspx is a whitepaper from microsoft about this setting

HKLM\System\CurrentControlSet\Control\FileSystem\NTFSDisableLastAccessUpdate