Event ID 4227

Warning: Before making any registry changes or system change make sure you have backed up you system and registry.

The issue:

Log Name:      System
Source:        Tcpip
Date:          12/2/2013 11:52:26 AM
Event ID:      4227
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      xxxxxxxx
Description:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

The fix:

• First use TCPview or netstat to view how many ports and connections are in use

Fix 1:

You can check the registry and via the command line to see the dynamic port pool size. And change it as need be.

To do it via registry key view HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\MaxUserPort and see what that value is set to. Note this key might not exist you can create it if need be. http://technet.microsoft.com/en-us/library/cc938196.aspx. To do this as command line “netsh int ipv4 show dynamicport tcp” you can see more examples at http://support.microsoft.com/kb/929851/en-us if you are running out of ports you can use the command to increase the pool or change the reg key to complete this task.

Fix 2:

This might also be caused by the connection wait delay, if you have this problem you will find lots of connections in a time_wait status in TCPview or netstat.

If this is your problem you can adjust the HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\TcpTimedWaitDelay http://technet.microsoft.com/en-us/library/cc938217.aspx to resolve this issue. Note again this key might not exist

 

Additional helpful link:

http://www.ittrainingday.com/2012/12/windows-server-tcp-port-starvation.html

Task Scheduler error {0}

The Error:

“The selected task “{0}” no longer exists. to see the current task, click refresh”

The Problem:

A task is out of sync with task scheduler

The Fix:

1. make sure you have a backup of your C drive before you try the below steps
2. Open task scheduler
3. click the top most tree
4. Count the number of errors you click ok on.
5. close task scheduler (must do this step as you will only get the error once)
6. Open task scheduler
7. expand the task tree (don’t click on the top of the tree)
8. start going down the tree task by task and click on each one. Record what tasks give you the errors and until you find all of them you counted in step 3
9. go to %SystemFolder%\Tasks
10. find the tasks that gave you the error and delete them.
11. reopen task scheduler and the errors should be gone if completed correctly.

In my case I only had one with an error and it was disk defrag, so I opened up disk defrag and disabled the schedule and re-enabled it to recreate the window task.

winsxs and installer out of control

WARINING: doing anything to the folders below could inpact your system. Make sure you know what your doing and have a full back up and OS image created. This could make your system unusable. 

So if your here I’m guessing your running out of space on your C drive. And used a tool (windirstat) to scan your C drive and find out what folders are using all your space up. Well I’m also guessing that C:\Windows\winsxs and C:\Windows\Installer (this is basically the old $NTUninstall and $NtServicePackUninstall on XP/2003) are at the close to the top if not the top.

Well some back story on what the two folders do and what can you do to get some of you space back

Folder winsxs:

Well this folder is your “component store” for the “add and remove component” or “server roles” features of windows. They look up the required files from this folder and all other OS files hard link back to this folder. Every patch or SP will add a new copy of ever changed core file to this folder kinda like a version repository.

What to do with Winsxs:

1. Well first off DONT DELETE IT you might as well wipe your harddrive
2. Make your SP level Permanent, you can run VSP1CLN.EXE (Vista SP1)/COMPCLN (2008 SP2)/DISM (2008),  to make your service pack permanent and then will remove all files needed before that service pack (note: this exe might be named different on each OS version or SP release, look at item 4 under sources)
3. or you can compress the folder (right click>properties>advanced>compress contents to save disk space) Doing this will take a lot of time based on the size, and with any compression will slow down the input and output speed of the reads and writes to this location. And based on the function of this folder might slow your OS down as long as this folder is compressed.
4. nothing and expand your partition or backup and restore on a new larger disk

Sources:

1. http://blog.dampee.be/post/2011/12/04/Remove-Service-Pack-on-Windows-Server-2008-R2-(Compcln).aspx
2. https://blogs.technet.com/b/askcore/archive/2008/09/17/what-is-the-winsxs-directory-in-windows-2008-and-windows-vista-and-why-is-it-so-large.aspx?Redirected=true
3. http://answers.microsoft.com/en-us/windows/forum/windows_vista-files/to-use-or-not-to-use-compclnexe-that-is-the/cd93be4b-6e09-4419-b74e-0417f1273dc0
4. http://support.microsoft.com/kb/2592038

Folder installer:

This folder is used for some program uninstallers and patch uninstallers

1. I don’t recommend you delete this
2. It can be moved until needed. (don’t really recommend moving this off your computer, most like you will lose it) If you have a D drive you can move it over to that drive. You might want to zip/7zip it or use some other archive program to make it smaller
3. use msizap utility to remove orphaned files, this is a developer tool and is dangerous if you dont know what your doing.
4. Compress it (right click>properties>advanced>compress contents to save disk space) could slow down installing and uninstalling software
5. nothing and expand your partition or backup and restore on a new larger disk

Folder SoftwareDistribution (bouns topic #1)

This folder is used for Windowupdate and on older systems will keep failed patch installers in this folder. So if this folder has a few GB of data in it, you might want to do something about it

1. stop the windows update service, move it to a different drive, start windows update service. It will then recreate this folder
2. Compress it if you dont really want to mess with it

$NTUninstall and $NtServicePackUninstall (bouns topic #2)

The older version of the installer folder

1. Move and compress to a different drive incase you need them later. Or just compress it

Other system space saving you can try “Disk Cleanup” http://windows.microsoft.com/en-US/windows-vista/Delete-files-using-Disk-Cleanup

 

$hf_mig$ (bouns topic #3)

DO NOT DELETE

Used for window updates and migration “When a security update, critical update, update, update rollup, driver, or feature pack installs GDR version files, the hotfix files are also copied to the %windir%\$hf_mig$ folder. This supports migration to the appropriate files if you later install a hotfix or service pack that includes earlier versions of these files.”

1. you can compress the folder if its two large.

How to create custom computer policy adm from registry

The problem:

Had to change the default regional settings on windows server 2003 so an application would show data correctly, it was installed as US regional settings but was used in EU. So come to find out that windows does not have a system-wide regional setting. At installation the default profile is set with what was picked at installation. And that default profile is used for all user accounts that get created so after an account is created it stores its own regional settings (currency, date, time, etc). Well come to find out that this is all stored in the registry and we have the option to do a login script, local GPO, domain level GPO, or just delete all the current user profiles. I went with local GPO as it was only for a few systems.

Waring: Make sure you backup your system before you do the steps below and if you don’t know what you’re doing in the registry you may not want to do this as it could destroy your system.

The fix:

1. Make a copy of registry as a backup
2. Make the change as the current user, to the regional settings you want (control panel>regional and language options) on advanced tab check apply all settings to current user and default profile (this will change it for your userid and all new ones)
3. Make a copy of new changes (export reg key HKEY_CURRENT_USER>Control Panel>International) Note: HKEY_USERS>.DEFAULT>Control Panel>International is the default user settings but you DON’T want to copy this one.
4. user a reg to .adm converter tool or create the .adm yourself (RegToADM from the nuts.exe package from http://yizhar.mvps.org/)
5. copy new adm file to C:\windows\inf
6. open gpedit.msc
7. add your new .adm file to the User Configuration>Administrative Templates (right click add/remove templates, then add and find your new .adm file)
8. change your filter options (have administrative templates highlighted and view>filtering, uncheck only show policy settings that can be fully managed. Otherwise you will not see your settings)
9. enable all your new settings (go to your newly created folder under User Configuration>Administrative Templates that the .adm file created, this will now update all current user profiles with the new settings after they login)
10. May need to reboot if its not working well with your applications

Helpful links if you need more help

http://support.microsoft.com/kb/924852
http://support.microsoft.com/?kbid=323639
http://www.windowsitpro.com/article/registry2/jsi-tip-0311-regional-settings-in-the-registry-
http://yizhar.mvps.org/
http://support.microsoft.com/kb/225087
https://www.youtube.com/watch?v=Up0Sd_R8KNM
https://groups.google.com/forum/?fromgroups#!topic/microsoft.public.win2000.group_policy/HbN-0gfR_MU
https://blogs.technet.com/b/askds/archive/2007/08/14/deploying-custom-registry-changes-through-group-policy.aspx?Redirected=true

Microsoft Backup and VHD oh my

This is a multi part post, it has 3 how to’s inclued.

The main problem that started this was how do you get Backup and restore to backup your file incase you over write one of them and you only have one hdd. Well by default you can’t you are SOL. But you can fool backup and restore to thinking there is a second drive in your system. In windows 7 you can create a VHD (Virtual Drive) and have it mounted as a drive letter. But after a reboot they are not mounted again so we need to automate this as well so backup and restore will not fail.

So first we will create the VHD that we will us for backup and restore. For mine I created a expanding VHD so it would grow as need be for the backup. You can also find a more detailed howto here http://www.howtogeek.com/howto/5291/how-to-create-a-virtual-hard-drive-in-windows-7/

Then after created we need to attach the VHD and format the drive as you want it.

Then we need to go to Backup and Restore and configure it to use this new VHD, I skipped the creation of the image to save space as if the harddrive fails its gone as well.

Then we need to create the automation to attach the VHD at startup. You can get a howto here http://angler.wordpress.com/2010/03/11/windows-7-auto-mount-vhds-at-startup/ the comments also have away to do it with powershell.

We will create a batch file the uses diskpart with the script command

Then we will create a scheduled task to run this batch file. NOTE: if you use the howto link the bat file has “” around the path this could cause you to get a error 0x1 in scheduled tasks and no mounted VHD, you can remove the ‘”” or look here http://support.microsoft.com/kb/951246

scheduled task to run Microsoft Security Essentials

Problem: wanted to automate Microsoft security essentials to run a full scan monthly along with the weekly quick that it has by default.

Fix: We can create a scheduled task to run the command line version of MSE. This will keep the scheduled that is in the client plus you will get a second scheduled scan, you can do much more with the command line version of MSE if your needs are different, like file, full or quick.

Pick the SYSTEM account. This is an admin account and needs no password for scheduled tasks.

This is for it to run monthly

For the action this .exe is located in your program files and scan 2 is a full scan.

 

Update for Windows 8.1 and Windows Defender: http://www.winhelp.us/configure-windows-defender-in-windows-8.html

Enable Godmode in Windows

Note: The below where created for windows developers as shortcuts, so they may not be useful to some people; also please make a backup of your system be for enabling any of the undocumented items below. Not all of they work with all versions of windows and may cause different effects if you try.

To create the Godmode folder:

1. create a new folder where you want it to be
2. rename it “GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}”

This was tested in Windows 7 Ultimate 64Bit

Note: that xxxxx.{xxxx-xxx-xx-x-xxx-x-x} the xxxxx. in front can be any name you want that is what the folder will really be named at the end, dont modify the data in the {}.

Other items you can create:

{00C6D95F-329C-409a-81D7-C46C66EA7F33}
{0142e4d0-fb7a-11dc-ba4a-000ffe7ab428}
{025A5937-A6BE-4686-A844-36FE4BEC8B6D}
{05d7b0f4-2121-4eff-bf6b-ed3f69b894d9}
{1206F5F1-0569-412C-8FEC-3204630DFB70}
{15eae92e-f17a-4431-9f28-805e482dafd4}
{17cd9488-1228-4b2f-88ce-4298e93e0966}
{1D2680C9-0E2A-469d-B787-065558BC7D43}
{1FA9085F-25A2-489B-85D4-86326EEDCD87}
{208D2C60-3AEA-1069-A2D7-08002B30309D}
{20D04FE0-3AEA-1069-A2D8-08002B30309D}
{2227A280-3AEA-1069-A2DE-08002B30309D}
{241D7C96-F8BF-4F85-B01F-E2B043341A4B}
{4026492F-2F69-46B8-B9BF-5654FC07E423}
{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}
{78F3955E-3B90-4184-BD14-5397C15F1EFC}

How to hide unwanted accounts from windows login screen

How to hide a windows account from the login screen list

NOTE: Make sure your system is backed up before making changes to your registry!

1. From Run launch regedit.exe
2. Move to key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList” NOTE: that most likely SpecialAccounts and UserList will not be there so just create two new sub-keys.
3. Under UserList create a new DWORD (32bit) Value, and name it the userID of the account you want hidden (this is not the display name)
4. Make sure the value is set to 0 (this should be the case by default)
5. To enable the account again just change the value to 1
6. Log off or restart for this setting to take effect.