When creating scheduled reports in the SEP Mgmt console, be sure to check your filter settings after creating (see image below). The default filter is just for the past 24 hour period and also includes all clients SEPM can see. If you want to set a different coverage interval, such as weekly or monthly, or apply the report just to specific clients or sub-groups, you need to create and save a custom filter. [more]
I was working on rebuilding our Office Communication Server from scratch a short while ago. There were many gotcha’s in this entire process, but the one I want to touch on happened near the end of the rebuild process. The Front-End Server Service and Monitoring Agent service refused to start up, even after several reboots of the server and repairs of the installation. Errors in the event log reported the “Worker process exited prematurely” and referenced RTCHost.exe. By now, Google had become my close friend and guardian.
What happened is the update, KB967831, shuts down the Front End Server (as well as the other OCS services) to patch and then attempts to fire all the services back up. See this article about the update. If MSMQ is not installed, the RtcQmsAgent service (monitoring agent) will not start up, causing the Front-End server to fail. From the blog: [more]
On a good note, you can install MSMQ to get around the unfortunate "server killer" situation.
With Server 2008, you can run ServerManagerCmd -i MSMQ-Services and ServerManagerCmd -i MSMQ-Server.
With Server 2003 x64, it is a little more complex as an automation task but can be done using the details mentioned here.
The RtcQmsAgent service will no longer fail to start. At that point, you should be able to install all of the QFE1 updates successfully.
I ran those two commands (even though I thought I had already installed MSMQ earlier using the Server Manager GUI) and then attempted to start the services. Success!
For researching disk space usage I usually recommend the windirstat program (http://windirstat.info). One problem I had recently is related to the fact that no user, not even an administrator has access to the "System Volume Information" folder. This folder contains the system restore points (on the C: drive) and probably other system stuff that you should not mess with.
Since the tools we use to investigate disk space usage do not have access to "System Volume Information" folder, that folder is just missing from the display given. However, windirstat has an option to turn on the display of "Missing" space. This section will show the difference of the size of the disk minus the total of all files found. A Windows Vista machine at a customer site was running out of space and this missing space was taking up most of it. System Restore was enabled and the help text said it could take up to 15%. I turned system restore off, rebooted, and the space came back. I turned it back on, checked it a couple of times over the next week the "Missing" space did not seem to be growing.
We use VMware Workstation a lot during our information security audit work and have lots of times when we just need to copy a file or two to or from a virtual machine and it would be nice to not have to wait to startup the VM, login, copy, etc.
VMware has a Virtual Disk Development kit (http://www.vmware.com/support/developer/vddk/) that contains a helpful tool for this problem. There is only a 32-bit Windows version but it works on 64-bit systems. Among other tools, the kit includes a handy command line utility called vmware-mount, also known as VMware Disk Mount. You'll find the utility in C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin. [more]
Once it's mounted, you can work with that disk in Explorer, just like any other disk. To mount a local .VMDK to the M: drive, use the command:
vmware-mount M: {pathToVMDKFile}
You can even use this tool to mount remote .VMDKs, either on other Windows hosts or ESX/ESXi hosts. Here's some quick syntax to connect to a disk on a remote ESX/ESXi host:
vmware-mount K: "[storage1] WinXP/WinXP.vmdk" /i:ha-datacenter/vm/WinXP /h:esx3 /u:root /s:secret
You can get all the command line hints from the tool's documentation.
I was recently assigned a task for one of our customers in West Texas to get their servers checking in with WSUS correctly. After talking to a coworker, I found out that since we deploy every virtual machine from a template that has the OS already installed on it. Each virtual machine deployed will have the same “SusClientID” for WSUS that the template has. Here are several steps that you can go through in order to issue each machine a new “SusClientID”: [more]
Following those steps will recreate the string and that system should begin reporting in with a different SusClientID.
I recently worked on a problem where a user had a PC with a network printer added utilizing HP’s Univeral Print Driver. The user RDP’s to a Terminal Server and this “local” network printer is redirected through to their Terminal Server Session. When the user attempted to print to the redirected network printer, they received the following error message:
"The selected printer 'HP Universal Printing PCL6' is not a supported HP device"
Printing from the PC to the network printer as well as printing from the TS directly to the network printer worked. [more]
Knowing that the UPD utilizes bidirectional communication when printing, it is my best guess that this was not working via the TS port that was created when the redirected network printer was auto-generated at login. This behavior does not occur with all model printers.
I enabled and configured SNMP with an established SNMP community name on both the network printer port on the print server as well as through the Web Interface on the network printer. Once that was done, printing via the redirected network printer worked.
I was recently helping a bank network support client install an update to a Jack Henry application named Yellowhammer. Normally we save the installation file to the network of that certain program just for organizational purposes.
Upon reading the instruction I just save the .exe file to the user's PC because I wanted to see what files needed to be updated. However, upon running the installation it just opened a GUI that setup a connection back to Jack Henry. We closed out the program to begin saving the program to the network. When we did this ALL THE DESKTOP ITEMS DISAPPEARED from the user's PC. [more]
After looking into what files were unzipped I came across a file name “cleanup.bat” which deleted whatever folder these files were located, and in our case it happened to be the Desktop folder.
I am just curious as to what would have happened if I saved this anywhere else. So for future reference, check for a cleanup.bat file in any Jack Henry Installation.
While checking the syslog messages around the times of the Internet disruptions at customer site, I found that the timestamp recorded by the ISA server sometimes did not match the timestamp recorded by the border router. After some digging, I found that the clock on the ISA server was extremely slow, and would get off by five minutes in a matter of hours. Since five minutes is the magic number before domain authentication fails, this made me concerned. [more]
I found that the ISA is set to synchronize time with the VMhost, and that the VMhost’s clock had not been properly set. It had a date of January 26 (on February 17). VMware time synchronization is a little funny, in that if the guest is behind the host then the guest’s time just gets updated, but if the guest is ahead of the host then the host slows the guests clock until the time gets synchronized again. Thus, the ISA server’s clock was slow because of the VMware time synchronization, and the native Win32Time process was correcting the problem periodically.
Our current best practice is to a) synchronize the VMhosts to public time servers, b) synchronize virtualized domain controllers to the VMhosts, and c) utilize native Win32Time to synchronize domain members.
VMware PowerCLI is a set of Windows PowerShell snapins that provide access to the VMware infrastructure just like the vSphere client. It has 165 commandlets. This will connect directly to hosts just like the vSphere client will, so it can be used to manager smaller installations. While very powerful scripts can be used for doing just about anything, here are some simple examples:
There are many scripts already written and available on the net, so search around before going to very much trouble to write your own. [more]
You can download PowerCLI from http://communities.vmware.com/community/vmtn/vsphere/automationtools/powercli. This page has several links, including a link to a getting started guide.
A network support customer with DSL had lost Internet access over the weekend. They tried rebooting the DSL modem and Linksys WRT54G router to no avail. When I got onsite, I connected to the router’s wireless as well as Ethernet port with my laptop and confirmed that there was no Internet access. I connected to the web management interface of the router which had a complex password, so the customer likely had not gone in and changed anything.
I could see that the router had successfully obtained a public IP address, gateway, and DNS servers from the ISP. There was an internal ping utility built into the router, and I was able to use it to successfully ping the DNS servers and gateway IP addresses. When I tried from the connected PC, I could ping the router’s public interface, but not the gateway of the router or the DNS servers.
I looked through the settings to see if I could find any reason that traffic was dying going through the router and could not find anything. I then backed up the configuration of the router to my laptop and did a factory reset. After the router came back up, I was able to access the Internet through the router and ping everything. [more]
I uploaded the configuration file back on to the router and it broke the connection again. I decided at this point to factory reset again and manually set the password and SID on the unit back to the previous settings. It is my guess at this time that the configuration on the router had become corrupted.