Posts tagged Server
VMware Last Resort System Recovery
Dec 4th
This might not be the best way to go about restoring your system. But for me my iSCSI disk decided to do something crazy and after restarting it, my servers were not able to start up again. Basically I had to re-add the host system to my VMware servers for it to start again, as I was getting a configuration error.
- First remove the troubled server from your servers list. Becareful to Remove from Inventory and not Delete from disk.
- SSH into your VMware server and go to the /vmfs/volumes directory and then into the path where your troubled VMDK is residing.
- I like to have the directory name the same as my machine name, so I move the directory to a different name before readding the system otherwise /vmfs/volumes/<storename>/domainad readded will become /vmfs/volumes/<storename>/domainad_1 or something weird like that.
- Start by adding a new virtual machine and select custom.
- Type in the machine name. Again I like to keep things clean so I use the previous system name.
machinename
- Select the datastore where the problem system resides.
Select datastore where troubled system is.
- From here on you need to make sure that you select the same settings as you had before otherwise the system will not start up.
Machine Version Type
OS Type
CPU Count
Memory Amount
NIC Card
Selecting the disk type is really important. I picked the wrong one initially and the OS would crash as soon as it started loading what I assume was the disk drivers.
Disk Controller Type
- From here it is important that you select the Use an existing virtual disk option to restore your system back to working order.
Use an exisiting virtual disk
Select the original VMDK from the datastore
- Complete the configuration and go back to the terminal window. Again in keeping everything clean, you need to move the VMDK that you just reconfigured to the proper directory. Otherwise you will have a system taking up two directories.
- From the old directory, you only need to move the <servername>.vmdk and the <servername-(type)>.vmdk to the newly created directory.
- After moving the virtual disks over, edit the <servername>.vmx file and change the (depending on disk count) scsi0:0.fileName from the oldpath to the newpath.
- Save the changes and exit out of the terminal.
- With luck, you can start up your server again and should have no problems getting it to start.
I initially got the idea from the VMware KB article located here.
Windows Server Time Services
Nov 18th
One thing that I think no one cares a great deal about is if their clock is off by a minute or two. Unfortunately, when running computers they do. Even a slight variation in the time can mean a difference from your computers talking to each other to rejecting each other due to security policy violations. In this case because there is a clock skew. So just wanted to write on how to setup an authoritative time server in your Windows AD environment. AD is pretty picky about the time and its the easiest place to setup the authoritative time server for your domain, as all your domain joined PCs will sync pretty quickly if the AD server makes a time shift. This will work on any version of Windows Server Domain Controllers (2000/2003/2008) that I know of. You can even do it on XP, Vista, Win7, but on the desktop there is an extra tab to modify the time server source directly. Also when you join a computer to a domain it will pull the time from the domain controller.
Configuring the Windows Time service to use an external time source
To configure an internal time server to synchronize with an external time source, follow these steps:
- Change the server type to NTP. To do this, follow these steps:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type
Change type to NTP
- In the right pane, right-click Type, and then click Modify.
- In Edit Value, type NTP in the Value data box, and then click OK.
- Your modified value should look as such:
Changed to NTP Type
- Set AnnounceFlags to 5. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\AnnounceFlags
Change the AnnounceFlags Value
- In the right pane, right-click AnnounceFlags, and then click Modify.
- In Edit DWORD Value, type 5 in the Value data box, and then click OK.
- The modified value should look as such:
Changed AnnouncedFlags Value
- Locate and then click the following registry subkey:
- Enable NTPServer. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer
Enable the NTP Server
- In the right pane, right-click Enabled, and then click Modify.
- In Edit DWORD Value, type 1 in the Value data box, and then click OK.
- Your changed value should look as such:
Enabled NTP Server
- Locate and then click the following registry subkey:
- Specify the time sources. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
- In the right pane, right-click NtpServer, and then click Modify.
- In Edit Value, type Peers in the Value data box, and then click OK.
Modifying the NTP Servers List
Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0×1 to the end of each DNS name. If you do not append ,0×1 to the end of each DNS name, the changes made in step 5 will not take effect. You can add additional NTP servers with a single character “space” between the ‘,0×1′ and the next server. Look at my screenshot below for a visual explanation. I recommend setting three as this is usually the standard for NTP. You can go to the NTP Pool website here to find what servers work best for you. Closer to you is always better. In my case, I used the Japan pool.
Modified NTP Server Source List
- Locate and then click the following registry subkey:
- Select the poll interval. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient\SpecialPollInterval
- In the right pane, right-click SpecialPollInterval, and then click Modify.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Change the default polling period
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes. This will tell your domain controller to communicate with the NTP pool servers that you just set to make sure that it is within the correct time boundaries.
Modified Poll Interval Time
- Locate and then click the following registry subkey:
- Configure the time correction settings. To do this, follow these steps:
- Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxPosPhaseCorrection
- In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
- In Edit DWORD Value, click to select Decimal in the Base box.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
- Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\MaxNegPhaseCorrection
- In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
- In Edit DWORD Value, click to select Decimal in the Base box.
- In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Modify the Correction Time
Note TimeInSeconds is a placeholder for a reasonable value, I usually use double what I set the poll interval to. In this case 30 minutes or 1800 seconds. The value that you select will depend upon the poll interval, network condition, and external time source.
Modified Phase Correction Time
- Locate and then click the following registry subkey:
- Quit the registry editor.
- At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time
Restart the Time Services
- The time then almost immediately updated to the correct time as you can see in the next two pictures of the corrected time and also in the event log (eventvwr.msc)
Updated to correct time
Event Log of Time Services
I hope that this helps anyone who is trying to setup an authoritative time server in their Windows Domain network. It’s not really hard. Just make sure if you are changing multiple machines that the time you are modifying isn’t terribly huge. (ie. half a day or something.) If you change one AD machine and the clock jumps forward or back half a day (probably due to a time zone setting) the other servers will loose trust between the other machines. Authentication processes will stop working and whatever else is based on those servers trusting each other. A snowball of problems so just might want to keep that in mind.
This process was taken from the Microsoft article source KB816042.
Setting up a KMS Server
Nov 10th
Really don’t know why I had so much trouble trying to set this up the first time around I attempted it before. Thankfully I got it working this time. For me, how to set up the server wasn’t really the issue. It was trying to understand Microsoft’s legal wording for the licensing that is very confusing.
The key is trying to figure out this chart:
| Volume product group | Windows products | Key type | Products activated by key type |
|---|---|---|---|
| Windows Vista | Windows Vista Business
Windows Vista Enterprise |
KMS | Windows Vista Business
Windows Vista Enterprise |
| Windows 7 | Windows 7 Professional
Windows 7 Enterprise |
KMS | Windows Vista Business
Windows Vista Enterprise Windows 7 Professional Windows 7 Enterprise |
| Windows Server 2008 R2
Server Group A: |
Windows Web Server® 2008 R2
Windows Server 2008 R2 HPC Edition Windows HPC Server 2008 R2 |
KMS_A | Windows Server 2008 R2 Group A
Windows Server 2008 Group A Windows Vista Volume Editions Windows 7 Volume Editions |
| Windows Server 2008 R2
Server Group B |
Windows Server 2008 R2 Standard
Windows Server 2008 R2 Enterprise |
KMS_B | Windows Server 2008 R2 Group A
Windows Server 2008 Group A Windows Server 2008 R2 Group B Windows Server 2008 Group B Windows Vista Volume Editions Windows 7 Volume Editions |
| Windows Server 2008 R2
Server Group C |
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 for Itanium-Based Systems |
KMS_C | Windows Server 2008 R2 Group A
Windows Server 2008 Group A Windows Server 2008 R2 Group B Windows Server 2008 Group B Windows Server 2008 R2 Group C Windows Server 2008 Group C Windows Vista Volume Editions Windows 7 Volume Editions |
As great as they have it all listed it up, it still wasn’t very clear to me. Does my desktop clients need their own KMS server? Do the servers need their own? Whats with all the different types? Basically if you have five servers or 20,000 desktops you can do it with one server. (I don’t know if I would want to authenticate 20,000 desktops with one server though) Basically when you are looking at your licensing level take note if you are just KMS, KMS A, B, or C. Depending on what type you are, let’s say that I am a KMS_B type. That means everything in the KMS_B, KMS_A, and KMS are available for you to use on the one KMS server to authenticate all those different types of services. Keep in mind to check your license count on Microsoft’s website. Also note, that in order for the KMS to “start working” (ie. with Microsoft) you need to pass a minimum count threshold, 5 servers or 25 desktops. Exact detailed numbers can be found here. The great news about the new KMS is that a virtual machine instance counts towards your server and/or desktop count. The KMS Service can run on any type of machine you want. Windows Servers or Windows Desktops. Just keep in mind that you need to enter your KMS key from Microsoft, and just as I stated before the level key that you register will work back down to sole KMS key type. Just don’t expect a Vista/7 KMS key to start activating your 2003/2003R2/2008/2008R2 servers anytime soon. On to the installation.
- Get your KMS (A/B/C) Key from Microsoft.
- Prepare a machine for key registration. Older systems key managing newer systems (eg. 2003 to manage 2008R2) will need a KMS Update to work properly.
- On the patched and prepped system, run the following command:
cscript C:\windows\system32\slmgr.vbs /ipk <Your KMS Key>
- Make sure to restart the licensing services via the following command:
net stop slsvc && net start slsvc
- Check your DNS to make sure the KMS is listed there, using the following command:
nslookup -type=srv _vlmcs._tcp
You should get a listing back as follows:
_vlmcs._tcp.domain.net SRV service location: priority = 0 weight = 0 port = 1688 svr hostname = kms.domain.net kms.domain.net internet address = x.x.x.x*Note* Be sure to make sure that the KMS server has port 1688 open to accept KMS requests.
- The system will go off register and then you can begin to register clients. Remember the minimum threshold count before all the systems will activate.
Additional useful commands:
If for some reason you didn’t make the count within the initial grace period you can “reset” the timer for another 30 days. (3 times MAX)
cscript %windir%\system32\slmgr.vbs /rearm
On a KMS installed version of Windows to force a registration check run:
cscript %windir%\system32\slmgr.vbs /ato
Should one of your previous systems be allowed to join the KMS pool you can change the system key using the following list and then this command:
cscript %windir%\system32\slmgr.vbs /ipk
You can check on the running count of systems as well by running the following command from the KMS Server:
cscript %windir%\system32\slmgr.vbs /dli
For more detailed license information run:
cscript %windir%\system32\slmgr.vbs /dlv
Should the KMS server not show up in DNS browse to your DNS entries and remove any previous information that is in the DNS Server > Forward Lookup Zones > > _tcp > then remove any _VLMCS records. And reregister the working KMS server by:
cscript %windir%\system32\slmgr.vbs /sdns
Hope this helps anyone who is having trouble setting up a KMS Server. Also take a look at Technet listing here for a detailed list of commands and other useful information.
Userenv and Outlook Connection Error
Nov 19th
There was a problem with a client PC today using Windows XP and Office 2007.
Outlook 2007 was reporting the Exchange server as Offline and would not reconnect to the Exchange server. Looking through the Eventlog, there was a Userenv error of 1517. This probably had a part in causing the system to not connect correctly to the Exchange server.
If you have a system that is experiencing a Userenv 1517 error:
Windows saved user <user name> registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
The resolution I found for this was to:
- Open the “Active Directory Users and Computers”
- Locate the “Computer” object and reset it.
- Remove the PC from the domain.
- Add the PC back into the domain.
This seemed to fix the Userenv error.
Once this was fixed, there was still the Outlook Connection Error on the same account with different PCs. With the following error:
Cannot open your default email-folders. You must connect to Microsoft Exchange with the current profile before you can synchronize your folder with your offline folder files.
The steps I took to resolve this were:
- Deleting the account from the Control Panel > Mail area .
- Open the folder where the OST/PST files are stored and remove all files but the PSTs. (You can move the OST file to another location if you do not want to delete it quite yet).
- I am not sure if this helped but I also ran the command “outlook.exe /cleanprofile” (For 2007)
- Then I opened the dysfunctional account in the Webmail system.
- (The trickiest part?) Refresh the webmail and let it talk to the Exchange server for a bit. In my case it was about 5 minutes. Right after logging into webmail and then trying to run Outlook again still generated the same error.
- After waiting for a short while, restarting Outlook worked again and the user could access mail again.
Why I had to log into webmail and wait I really don’t know. But it seemed to fix whatever connection/sync problems the user was having.
Hope this helps anyone that might encounter the same problem.
Recent Comments