Archive for Windows Server 2003

How to troubleshoot a locked account that keeps locking in Active Directory

// October 13th, 2009 // No Comments » // Windows Server 2003, Windows Server 2008

  1. Login to a domain controller and download the Account Lockout Tools from Microsoft (http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en)
  2. Extract the Contents to a directory on the server
  3. Open LockoutStatus.exe
  4. Select File and choose Select Target
  5. Type the user name that is locked and hit OK
  6. All the domain controllers should show up with the user state of the account.  If you look at the far right there is a table column.
  7. Now choose the domain controller that enabled the lock and right-click on it choose Set Netlogon Logging
  8. Check the box for Misc Debug to enable logon errors to be recorded and click OK (this sets the flag for DBFlag to 0×4 under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters)
  9. Now right-click the original lock domain controller and choose Unlock Account.  Right-click a DC and choose Refresh All.  If any DC is still showing the account locked then right-click on that DC and choose Unlock Account.
  10. Once the account is locked again right-click on the DC that originated the lock and choose Open Netlogon Log
  11. Scroll to the bottom of the log and look for [LOGON] entries and then look at the error code at the end.  If it is 0×000006A the account is being submitted with a bad password.  This line entry should also list the IP or the Computer name where the bad logon attempt originated.
  12. If the Netlogon.log file is too big then you can go to the DC and use nlparse.exe included in the Account Lockout Tools to choose which flags you want to parse from a Netlogon.log file and dump to a CSV.  The Netlogon.log is located in C:\Windows\Debug\ on a DC.  The output from nlparse.exe will dump a file to that same directory called Netlogon.log –Out.csv.

After finding the root cause of the lockout it’s advised to go back in and disable the Misc Debug flag to minimize the amount of logging being done in the Netlogon.log file.

Microsoft releases Microsoft IT Environment Health Scanner

// August 10th, 2009 // No Comments » // SBS 2008, Windows Server 2003, Windows Server 2008

This tool is great for any consultant or IT technician who needs to validate a domain’s health before going through an upgrade process.    This is just one more tool that Microsoft has released that makes our job even easier.  Here’s a description courtesy of Microsoft:

“The Microsoft IT Environment Health Scanner is a diagnostic tool that is designed for administrators of small or medium-sized networks (recommended up to 20 servers and up to 500 client computers) who want to assess the overall health of their network infrastructure. The tool identifies common problems that can prevent your network environment from functioning properly as well as problems that can interfere with infrastructure upgrades, deployments, and migration.

When run from a computer with the proper network access, the tool takes a few minutes to scan your IT environment, perform more than 100 separate checks, and collect and analyze information about the following:

  • Configuration of sites and subnets in Active Directory
  • Replication of Active Directory, the file system, and SYSVOL shared folders
  • Name resolution by the Domain Name System (DNS)
  • Configuration of the network adapters of all domain controllers, DNS servers, and e-mail servers running Microsoft Exchange Server
  • Health of the domain controllers
  • Configuration of the Network Time Protocol (NTP) for all domain controllers”

You can download it here:

http://www.microsoft.com/downloads/details.aspx?FamilyID=dd7a00df-1a5b-4fb6-a8a6-657a7968bd11&displaylang=en

Fixing Offline Files Corruption and errors

// April 22nd, 2009 // No Comments » // Windows Server 2003, Windows XP

One of the biggest problems with offline files is when a different user gets someone other person’s offline folder sync stuck in their profile.  When this happens the person will go to log off and get an error every time because they don’t have the proper rights to the folder.  An easy fix for this is to format the Offline Files database on the local machine.  There are two ways to do this.  You can either edit the registry and add the following key and then reboot:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache
Key Name: FormatDatabase
Key Type: DWORD
Key Value: 1
Or you can do the following and then reboot:
  1. In Folder Options, on the Offline Files tab, press CTRL+SHIFT, and then click Delete Files. The following message appears:
    The Offline Files cache on the local computer will be re-initialized. Any changes that have not been synchronized with computers on the network will be lost. Any files or folders made available offline will no longer be available offline. A computer restart is required.

    Do you wish to re-initialize the cache?

  2. Click Yes two times to restart the computer.
I’ve used these techniques to fix issues from Windows hard locking to clearing out the Offline Files list for a user who was trying to sync to a folder they didn’t have the rights to do so.  This is a very handy tip to keep in your tool bag at all times.
Reference: http://support.microsoft.com/kb/230738

Terminal Server Fallback Printer Driver – Windows Server 2003

// April 20th, 2009 // No Comments » // Windows Server 2003

One of the most frustrating aspects of managing Terminal Services is printing.  Citrix has made great strides with the Citrix Universal Print Driver, but some people don’t want to spend the money on Citrix.  Microsoft addressed some of the issues with Windows Server 2003 SP1.  They added something called the Terminal Server Fallback Printer Driver Behavior as an option for Client Redirection.  Basically what they did is chose a HP driver to use for both PCL and PS printing that automatically passes the print job to the local printer driver on the client.  This all happens without having to install 50,000 printer drivers on the server.  Of course this isn’t perfect because if you need advanced options like choosing different trays it may not work well.  However, if your users only use basic printing functions then I suggest trying it out before looking at third party options.

You can read more here:  http://technet.microsoft.com/en-us/library/cc731963.aspx

Please note that they have the wrong location listed for the options though as the following is where you can find it: Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Client/Server data redirection.

Basically if it is set to not configured or disabled the fallback driver will not work.  You have to set it to enabled and choose the appropriate option.  I’ve found that using Show both PCL and PS if one is not found offers the best compatibility for printing.  If it doesn’t work well for you then try using just PCL or just PS.  Let me know how if it helps you.

Windows Server 2003 SP2 + Excel Files = Open Files Reporting the Wrong User

// March 2nd, 2009 // No Comments » // Windows Server 2003

There is a huge bug in Service Pack 2 for Windows Server 2003 and the indexing filter.  If you use the indexing filter and Excel files in the 97-2003 format then please visit the following Microft KB to fix it:

http://support.microsoft.com/default.aspx/kb/954820

I had a huge file server with thousands of Excel 97- 2003 format files (this does not affect .xlsx files) and I was getting reports constantly that an administrator on the network had the file opened but that wasn’t the case.  I could check the open files on the server and see it was someone else but the user was getting the error showing a different user having it locked.  The server I was working on had indexing disabled but evidently the catalog was still showing the errors.  I ended up deleting the catalog for the server and rebooting to fix the problem after adding the exclusion for .xls files.  I still can’t believe Microsoft doesn’t have a fix for this other than excluding the files.

If anyone else out there has experienced this please let me know.

How to fix VSS errors in Windows XP and 2003.

// August 13th, 2008 // 8 Comments » // Troubleshooting, Windows Server 2003, Windows XP

I use Mozy Home to backup my laptop online so I don’t lose confidentials files or important documents in the event of a hard drive crash.  Well for some reason my laptop started hard locking when Mozy would start so I had to disable it so I could keep working.  Well today I decided to fix it after another hard lock.  I opened up Event Viewer and had the following error:

After seeing this I immediately go and check the VSS writers on my Windows XP solution by opening a command prompt and typing “vssadmin list writers.”   Of course this shows all the proper writers.  So next I check the shadows by typing “vssadmin list shadows” and instantly I get an error: Error: 0×8000ffff.

At this point I realize that VSS is essentially broke on my machine.  I remembered seeing a KB article awhile ago with Microsoft for repairing VSS after a corrupt registry subkey called subscriptions.  If you want to check out the KB article go here or simply use the following instructions, which I slightly edited for Windows XP.

Resolution

1. Click Start, click Run, type Regedit, and then click OK.

2. Locate and then click the following registry subkey:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions

3. On the Edit menu, click Delete, and then click Yes to confirm that you want to delete the subkey.

4. Exit Registry Editor.

5. Click Start, click Run, type services.msc, and then click OK.

6. Right-click the following services one at a time. For each service, click Restart:

  • COM+ Event System
  • COM+ System Application
  • Microsoft Software Shadow Copy Provider
  • Volume Shadow Copy

7. Click Start, click Run, type cmd, and then click OK.

8. At the command prompt, type vssadmin list writers, and then press ENTER.

9. If the VSS writers are now listed, close the Command Prompt window. You do not have to complete the remaining steps. If the VSS writers are not listed, type the following commands at the command prompt. Press ENTER after each command.

  • cd /d %windir%\system32
  • net stop vss
  • net stop swprv
  • regsvr32 ole32.dll
  • regsvr32 oleaut32.dll
  • regsvr32 vss_ps.dll
  • vssvc /register
  • regsvr32 /i swprv.dll
  • regsvr32 /i eventcls.dll
  • regsvr32 es.dll
  • regsvr32 stdprov.dll
  • regsvr32 vssui.dll  (does not work in Windows XP)
  • regsvr32 msxml.dll
  • regsvr32 msxml3.dll
  • regsvr32 msxml4.dll

Note The last command may not run successfully.

10. At the command prompt, type vssadmin list writers, and then press ENTER.

11. Confirm that the VSS writers are now listed.

12. At the command prompt, type vssadmin list shadows and then press ENTER.

13. Confirm that there are no errors listed.  On Windows XP you should see: No shadow copies present in the system.

14. Congratulations your machine should work again with any VSS compatible programs.