DCDIAG /TEST:DNS fails with errors regarding root hint servers

21. September 2009
Comments (0)

I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing "DCDIAG /TEST:DNS" with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.

The error looked something like this:

P:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.DOMAIN.COM
            Domain: DOMAIN.com


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
                  Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
                  Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
                  Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
                  Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
                  Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
                  Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
                  Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
                  Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (192.58.128.30)
                  Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)

               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 128.63.2.53 (h.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53

            DNS server: 128.8.10.90 (d.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90

            DNS server: 192.112.36.4 (g.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4

            DNS server: 192.203.230.10 (e.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10

            DNS server: 192.228.79.201 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201

            DNS server: 192.33.4.12 (c.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12

            DNS server: 192.36.148.17 (i.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17

            DNS server: 192.5.5.241 (f.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241

            DNS server: 192.58.128.30 (j.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30

            DNS server: 193.0.14.129 (k.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129

            DNS server: 198.41.0.4 (a.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: DOMAIN.com
               DC01                    PASS PASS FAIL PASS WARN PASS n/a

         ......................... DOMAIN.com failed test DNS


It looks pretty horrific - DNS is failing at a basic level! It turns out that the actual issue is an old version of DCDIAG.EXE. After several hours and a lot of head scratching I checked the versions of the DCDIAG.EXE (normally c:\Program Files\Support Tools\dcdiag.exe) and "Lo! And Behold!" the version was different. I downloaded the Windows Server 2003 Support Tools R2, uninstalled the old version (v5.2.3790.1800) and installed the new one (v5.2.3790.3959).

Et voila! The working test...


P:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: SITE\DC01
      Starting test: Connectivity
         ......................... DC01 passed test Connectivity

Doing primary tests

   Testing server: SITE\DC01

DNS Tests are running and not hung. Please wait a few minutes...

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : DOMAIN

   Running enterprise tests on : DOMAIN.com
      Starting test: DNS
         Test results for domain controllers:

            DC: DC01.DOMAIN.COM
            Domain: DOMAIN.com


               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure
DOMAIN.com.

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
               ________________________________________________________________
            Domain: DOMAIN.com
               DC01                    PASS PASS PASS PASS WARN PASS n/a

         ......................... DOMAIN.com passed test DNS

Networking, Windows Server, Windows Server 2003 , , , ,

Multi-homed Domain controller logs Event ID 1030 and 1058

10. September 2009
Comments (0)

I recently had an issue where a hosting environment was registering a lot of Netlogon Event 1030/1058 issues, being unable to find the Group Policy objects or download them. In this example, the server DC is the domain controller for DOMAIN.LCL.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date:  10/09/2009
Time:  06:24:29
User:  NT AUTHORITY\SYSTEM
Computer: DC
Description:
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date:  10/09/2009
Time:  06:24:29
User:  NT AUTHORITY\SYSTEM
Computer: DC
Description:
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=DOMAIN,DC=LCL. The file must be present at the location <\\DOMAIN.LCL\sysvol\DOMAIN.LCL\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>. (Windows cannot find the network path. Verify that the network path is correct and the destination computer is not busy or turned off. If Windows still cannot find the network path, contact your network administrator. ). Group Policy processing aborted. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

On the affected machines, when navigating to \\DOMAIN.LCL there were no shares available, however navigating to \\DC shows the NETLOGON and SYSVOL shares. Pinging DOMAIN.LCL and then the DC showed that the IP addresses were not the same as expected, DOMAIN.LCL was resolving to the backup network, whereas DC was resolving to the servers LAN IP.

I checked the DNS records for the server, which were correct. Investigating the adaptor binding settings under Control Panel > Network Connections > Advanced > Advanced Settings showed that the backup network's adaptor was first in the list. I moved the adaptor for the LAN to the top of the list and OK'd my way out. I restarted the NETLOGON service and the issue was solved.

Windows servers have never been particularly good at being multi-homed, especially domain controllers. My advice comes from some bitter experience...

  • If you have multiple network adaptors for extra bandwidth/redundancy/resiliance, then I would strongly recommend using Teamed adaptors, most of the major manufacturers' drivers and management software support it. This will eliminate any issues with multi-homing because as far as the server is concerned, it has one adaptor.
  • If you have multiple network adaptors for different network segments and you're using RRAS to route between them, I would strongly suggest not using a Domain Controller at all for this purpose. Better yet, buy a hardware router.
  • If you have multiple network adaptors for different purpose networks (e.g. a LAN, a backup network and an iSCSI network) then make sure you do the following:
    • Disable "File and Printer Sharing for Microsoft Networks" and "Client for Microsoft Networks" on all but the LAN adaptor.
    • Ensure that your LAN adaptor is the FIRST adaptor in the bindings in the advanced network settings.

 Hope that helps!

Active Directory, Networking, Windows Server 2000, Windows Server 2003, Windows Server 2008 , , , , ,

How to force the removal of Folder Redirection from specific user accounts

3. April 2009
Comments (0)

We have a folder redirection policy in place for all of our users in combination with a roaming profile policy - this policy is applied to the OU that contains our users. Unfortunately this policy was accidently linked to the root of our domain too, causing our Domain Admin users to be redirected too - something we do not want. When the mistake was discovered, the policy was unlinked, but the redirection remained (despite being set to revert when users fall out of scope). I tried re-applying the policy, modifying the out of scope policy and then moving the Domain Admin user out of scope, but it failed to remove the folder redirection.

In the end, the solution was straight forward enough:

Create a new OU (I used "Temp") and move the affected user(s) there:

image

Create and link a new Group Policy Object to the new OU. Name it something descriptive so you know what it is in future - Folder Redirection Removal.

image

Edit the group policy, drill down to User Configuration > Windows Settings > Folder Redirection and right click - properties on each folder you want to reset. Set the setting to “Basic – Redirect everyone’s folder to the same location” and set the target folder location to “Redirect to the local userprofile location”.

image

Select the settings tab and make sure the Policy Removal setting is set to “Redirect the folder back to the local userprofile location when the policy is removed.”

image

Set that for each folder you want to reset. Close the Group Policy Object Editor, and GPMC. Log onto the user's account on each computer you want to remove the redirection on - in my case, several servers. Check the location of the redirected folders to make sure it’s been removed. Once you’re sure, you can move your user back to the correct OU.

Active Directory, User Profiles, Windows Server 2003, Windows Vista, Windows XP , , , , , , ,

Powershell script to zip all .bak files in a folder structure, then delete the .bak

20. January 2009
Comments (0)

Our development SQL server is a monster...there are many many databases, and hundreds, if not thousands of backup files. With each patch tested on the software we sell, there is a new backup. With each client deployment, a new database. With each new major version, a new database. Backups of the new databases inevitably occur, and so we have more files, in more folders - most of which need to be kept in case of roll-backs, bugs or deployment issues.

This all adds up to a bit of an administrative nightmare, especially since the backups eat away at my storage at a phenomonal rate. Zipping the .bak files is great, but since each DB has it's own backup folder, it can become a bit of a nightmare to go through, zip and delete the .baks. For my first real foray into using PowerShell, I decided I'd write a script to take the legwork out of it for me.

# Powershell Script to recurse input path looking for .bak files, Zip them # and delete the .bak. function out-zip {   Param([string]$path)   if (-not $path.EndsWith('.zip')) {$path += '.zip'}   if (-not (test-path $path)) {     set-content $path ("PK" + [char]5 + [char]6 + ("$([char]0)" * 18))   }   $ZipFile = (new-object -com shell.application).NameSpace($path)   $input | foreach {$zipfile.CopyHere($_.fullname)} | out-null } $FileCount =0 $FilesZipped =0 $FilesDeleted =0 $InputPath = $args[0] if($InputPath.Length -lt 2) {     Write-Host "Please supply a path name as your first argument" -foregroundcolor Red     return } if(-not (Test-Path $InputPath)) {     Write-Host "Path does not appear to be valid" -foregroundcolor Red     return } $BakFiles = Get-ChildItem $InputPath -Include *.bak -recurse Foreach ($Bak in $BakFiles) { write-host "File: $Bak" -foregroundcolor Yellow $ZipFile = $Bak.FullName -replace ".bak", ".zip" if (Test-Path $ZipFile) {     Write-Host "$ZipFile exists already, aborted." -foregroundcolor Red } else {     Get-Item $Bak | out-zip $ZipFile     if(Test-Path $ZipFile)     {         $Response = read-host -prompt "Please wait for zip to complete then type c<enter> to continue..."         if($Response = "c")         {             $FilesZipped++             Remove-Item $Bak.FullName             if(Test-Path $Bak.FullName)             {                 Write-Host "File not deleted, manually remove $Bak.Fullname" -foregroundcolor Red             }             else             {                 Write-Host "OK" -foregroundcolor Green                 $FilesDeleted++             }         }         else         {             Write-Host "File delete aborted by user" -foregroundcolor Red         }     } } $FileCount++ } Write-Host Files found: $FileCount Write-Host Files Zipped: $FilesZipped Write-Host Files Deleted: $FilesDeleted

Obviously, this is not something I'd recommend you running lightly without serious testing on your own systems - that said, I hope it helps! I make no warantee or any kind of promise that you won't lose data by running this! It's just an exercise in PowerShell for me.

PowerShell, Windows Server 2003 , ,

Windows update or installer fails to install with error "You do not have permission to update Windows Server 2003. Please contact your system administrator."

20. January 2009
Comments (0)

I was just installing PowerShell on one of my Windows Server 2003 servers, when I encountered the error "You do not have permission to update Windows Server 2003. Please contact your system administrator." Odd, especially considering that I was installing as the Domain Administrator, and that user should have more than enough permissions. A little bit of digging led me to MSKB 888791 which shows the permissions that are required in Group Policy to install the update. Check that your applicable GPO has the following permissions for your user:

  • Back up files and directories
  • Restore files and directories
  • Manage auditing and security log
  • Take ownership of files or other objects
  • Shutdown the system
  • Debug programs

 Once I found the missing permission (in this case, an Exchange 2003 installation had removed the "Manage auditing and security log" permission) and added it back in, I ran the command "gpupdate /force", logged off and back on again on the offending server and retried the installation. The error disappears and the installation is a success!

 

Windows Server 2003, Windows Updates , , , , , ,

How to configure Windows Server 2003 Enterprise and SQL 2005 to use more then 4GB RAM

9. October 2008
Comments (0)

32-bit processors have a limitation of only being able to directly address 4GB RAM - their architecture was never designed to address more. 64-bit processors get around that limitation by being able to us 64 bits to address RAM (potentially 16,777,216 GB), but what do you do if you have an application that won't work on a 64-bit copy of Windows, but does need to utilise more than 4GB of RAM?

The answer is to use PAE (Physical Address Extensions) and AWE (Application Windowing Extensions). I blundered through PAE a little while back, and found that it didn't work as expected because I was using Server 2003 Standard. PAE is only available as part of Server 2003 Enterprise and Datacenter edition.

Back to the problem at hand, I have a memory hungry application that sits on a Windows Server 2003 Enterprise box with SQL server 2005 installed.

Firstly, we need to enable PAE to allow the 32-bit operating system to address memory over the 4GB limit. This is configured by adding the /PAE switch to the boot.ini.

We also need to repartition the 4GB of Virtual Address Space (VAS) that 32-bit Windows can address by using the /3GB switch in the boot.ini. This allows 3GB of RAM to processes running in "Application Mode" and 1GB RAM to the "Kernel Mode". If you're using more the 16GB of memory don't use the /3GB switch as PAE/AWE will need 2GB of RAM in the Kernel Mode.

The memory intensive applications will run in, you guessed it, Application Mode and will therefore be able to utilise the extended memory provided through PAE and AWE.

Since SQL server will run in the Application Mode memory partition and is AWE aware, it can be configure to reside entirely in AWE managed memory.

The user account that is used to run SQL server must be granted the "Lock Pages in Memory" right and the "AWE Enabled" setting in the configuration of SQL server must be set to "1". We also need to set the "Max Server Memory" to stop SQL server consuming all the AWE memory available. The "Min Server Memory" does not need to be configured as AWE memory is not released by SQL server.

Once that is all configured and a reboot applied, SQL server should only consume about 256mb in task manager, the rest having been loaded into AWE memory and not viewable from the Task manager.

Windows Server 2003, SQL Server 2005 , , , , , ,

I've achieved my MCSE

10. September 2008
Comments (0)

Well, I've been away with my friends at Firebrand again and guess what...MCSE Windows Server 2003!

  • 70-293 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
  • 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
  • 70-298 Designing Security for a Microsoft Windows Server 2003 Network

Active Directory, Microsoft, Windows Server 2003

Utilising more than 4GB of RAM with Windows Server 2003 Standard Edition - Enabling /PAE /3GB

15. July 2008
Comments (1)

We recently needed to upgrade one of our applications, and the new version requires an addition server instead of the application and SQL it requires a back end search, a front end web server and a SQL server. The specifications of the new server which are "required" to qualify for support are pretty high. The problem is that the actual processor usage is very light, and it is very hard to justify buying a whole new server that I know is going to be barely used.

The alternative plan was to virtualise the servers, make use of the existing physical hardware, upgrade the RAM and add a couple of drives to the RAID array, which we opted for because it would cost less than £300, instead of £3000.

I forgot, however, the 4GB limitations of Windows Server 2003. 32 bit processors cannot address more than 4GB of RAM, so to get round that you can use Physical Address Extensions (using the /PAE switch in the boot.ini) which enables you to utilise more than the standard 4GB.

Typically a 32 bit system with 4GB RAM will allow 2GB for the kernel, and 2GB for the Applications to use. This means that each application can virtually address up to 2GB of RAM. You can change this balance using the /3GB option in the boot.ini to allow 3GB for applications. Think carefully before doing this!

To enable PAE:

  1. Right click "My Computer", select "Properties"
  2. Select the "Advanced" tab and click the "Startup and Recovery" button
  3. Under "System startup" you can click "Edit" to open the boot.ini file.
  4. BE CAREFUL! You can render you OS unbootable! Add the /PAE and /3GB options to the startup (see below for an example) Save, OK and reboot.

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows Server 2003, Standard" /PAE /3GB /fastdetect

It's worth noting that if you have DEP (Data Execution Protection) turned on then PAE will be turned on by default. DEP is on automatically in Windows Server 2003 SP1 - you'll see the /noexecute=[policy level] in the boot.ini

VMWare, Windows Server 2003 , , , , , , , ,

Adding a Windows 2003 domain controller to your existing Windows 2000 domain

8. April 2008
Comments (0)

I was adding a shiny new domain controller to my server farm earlier today, we have just two Windows 2000 SP4 domain controllers on old kit and they are due to retire. With the hardware selected, purchased and a fresh copy of Windows Server 2003 R2 installed, I set to installing Active Directory. DCPromo.exe fires up and I go through the configuration steps until...

"The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003. Use the Adprep command-line tool to prepare both the forest and the domain. For more information about using the Adprep, see Active Directory Help.

The version of the Active Directory schema of the source forest is not compatible with the version of Active Directory on this computer."

A quick rootle around TechNet shows a simple solution on KB917385 - on your Schema Master (normally your first DC in the domain, unless you've changed it) pop in the second CD of your R2 install and run:

[CD]:\CMPNENTS\R2\ADPREP\Adprep.exe /forestprep

That's as far as the knowledgebase article takes you, which does resolve that specific error, but not the next one you're likely to encounter, especially if you've got more than one DC, and/or more than one domain. For each DC in your domain you will also need to run:

[CD]:\CMPNENTS\R2\ADPREP\Adprep.exe /domainprep /gpprep

Now back on your new R2 server you can fire up DCPromo.exe and install Active Directory as per normal. Daniel Petri has an excellent article on how to install and test your new domain controller that you can follow, I've installed countless domain controllers and I still refer back to that article.

Active Directory, Windows Server 2003 , , , , ,

Using NTDSUtil to transfer FSMO Roles by command line

7. January 2008
Comments (0)
I’ve just removed a domain controller (DC) from my root domain, the very first server not only in the domain, but the forest. The roles were migrating to a newer server, far more up to the job, but it isn’t a job to be taken lightly. If you mess up the root domain, you’ve potentially got problems all the way down your domain hierarchy.

 

Let me explain; the primary domain controller in a domain (normally the first domain controller) hosts all the FSMO roles. It also is (by default) the only copy of the Global Catalog (GC). Potentially, even if you have other domain controllers in the forest, you could end up with a seriously crippled domain.

So, you want to transfer them safely off of your old domain controller (from now on DC1) to your new one (from now on DC2). You must ensure that the following are transfered:

  • Schema Master - The only server in the FOREST that can edit the Schema, all other DCs recieve a read-only copy
  • Domain Naming Master - The only server in the FOREST that can add/remove domains in the Directory.
  • Infrastructure Master - Updates an objects Security ID (SID) and Distinguished Name (DN). One per DOMAIN.
  • Relative ID (RID) Master - Processes RID pool requests to all DCs in the Domain. One per DOMAIN.
  • Primary Domain Controller (PDC) Emulator - Windows Time Server (amongst other things) for Kerboros, it’s authoritative for it’s domain. If it’s the root domain, it’s authoritative for the Enterprise.

This can potentially cause irreparable damage to your Active Directory, so I strongly advise you check that your domain is in good working order and has been fully backed up before you attempt to transfer any roles.

  1.  On any domain controller open a command prompt and run “ntdsutil” (Note: You need to be an ENTERPRISE admin to modify Schema, Domain Naming and Infrastructure masters and a DOMAIN admin for the rest)
  2. Type “roles” to enter FSMO Maintenance mode.
  3. Type “connections” to enter the server connections mode, and “server ” to select the server you are transferring roles to. E.G: “server DC2″.
  4. Type “q” to drop back into FSMO Maintenance mode.
  5. Type “transfer ” to transfer the role you want to transfer. You will get a pop up warning asking if you are sure, if you are, click “Yes”. can be:
    • domain naming master
    • infrastructure master
    • RID master
    • PDC
    • schema master
  6. I transferred the roles in that order, it shouldn’t make much difference which order that you do it. Once all the roles are transfered, type “q” again to drop out, and “q” again to quit NTDSUtil.

Active Directory, Windows Server 2003 , , , ,

I’m qualified!

18. October 2007
Comments (0)
It’s been a while since I’ve posted here, that’s for various reasons, one of which was that I have been preparing for, and taking, my MCSA exams. So here it is…
  • MCTS Windows Vista, Configuring (70-620) 
  • MCP Managing and Maintaining a Windows Server 2003 Environment (70-290)
  • MCP Implementing, Managing and Maintaining a Windows Server 2003 Network Infrastructure (70-291)
  • CompTIA Security+ (SYO-101)

Which all add up to an MCSA Windows Server 2003 Security+. I’ll add the links to my online certificates as MS sort them out.

Windows Server 2003, Windows Vista

Moving and resizing a VMWare System Disk

26. June 2007
Comments (0)

I’ve recently had to upgrade my VM Server due to an increase in load. I had 2 virtual servers running off of the same hard disk, with 768mb of RAM split between the lot. After jamming 2 new 1GB sticks of DDR in, and a new 120GB hard drive it was time to re-allocate some of these resources…here’s how:

WARNING! You should always perform a backup on a server you can’t afford to lose BEFORE any operation that could potentially destroy the disk (think what would happen if you had a power cut while resizing…)

Step 1 - Moving the Virtual Server.

This is laughably easy;

  • Stop the virtual server from your admin interface
  • copy the virtual server folder over:
    copy “C:\Vitual Machines\SRV-WEB-DEV-01″ ”D:\SRV-WEB-DEV-01″
  •  Next time you boot the Virual Machine, you’ll have to re-attach the .vmdk in it’s correct location.

Step 2 - Resizing the VMWare Disk

Not quite so easy, but still not going to bother most.

  • Using the built in command line VMWare tool (C:\Program Files\VMware\VMware Server\vmware-vdiskmanager.exe) or the handy graphical front end written by Robert Petruska. Help on using the command line utility is available by typing “vmware-vdiskmanager.exe /?”. The command I used was:
vmware-vdiskmanager.exe -x 40Gb D:\SRV-WEB-DEV-01\SRV-WEB-DEV-01.vmdk
  • Once you’ve resized the drive you’ll need to resize the C: partition, or create a new partition of the space. There are 3 ways to do this that I know of.
    • The method I used was to mount the vmdk file to another virtual server so that I could use diskpart.exe (technet article here) to resize the partition - I’m running Windows Server 2003 on my VMs.
    • You can use a gParted live CD if you don’t have another virtual server available. I’ve used this in the past and it has been very reliable - you can also mount the ISO as your VM’s CD drive.
    • PartitionMagic and many other comercial solutions are also available - I’m not going to list them - google it!

That’s it - when you boot to your new machine you should have a nice big space to play with. One of the benefits of now having a 3 disks is being able to run each VM on a separate physical disk, which gives a nice performance boost. If you’ve got a spare disk hanging around you could always create an extra virtual disk, attach it and use it as a swap disk for your VM giving another performance boost.

VMWare, Windows Server 2003 , , , ,

Visual Studio Project Location Not Trusted

8. June 2007
Comments (1)

Just a quick post today about trust levels for .NET assemblies that are hosted remotely. My current set up at work means that I am maintaining one version of our web site while working on developing a new one - not uncommon. I have 2 virtual servers running Server 2003, IIS and SQL Server, each an identical copy of our production server. Each solution and it’s projects are stored on each virtual server, with the project folders shared and mapped as drives on my laptop. (Before I get messages saying “why don’t you use source control, you can create branches etc, etc” - I am aware of that and the decision not to use source control is based on other factors that I’m not going to get into.)

 Anyhow, on to the problem and, the solution.

When opening a Visual Studio solution from a mapped or network location, you get a “project location not trusted” error. By default, your .NET configuration grants FULL trust to your local machine, so you won’t get that message working on a local project. Also by default, the Local Intranet is given a step below full trust - and here is the problem. You will need to be a local administrator on your computer to make these changes.

Open a command prompt, navigate to:

  1. cd %systemroot%\Microsoft.NET\Framework\\

Run the following command:

  1. CasPol.exe -pp off -m -ag 1.2 -url file://r:\folder\* FullTrust

or, for an unmapped folder

  1. CasPol.exe -pp off -m -ag 1.2 -url file://computername/folder/* FullTrust

This will set the share to full trust and allow you to work with the remote folder/mapped drive as if it’s on your local machine.

For more details about using CasPol.exe and a break down of the above commands, check out the .NET Security Blog

ASP.NET, Visual Studio, Windows Server 2003

Windows Server 2003 Admin tools under Vista

7. June 2007
Comments (0)

If, like me, you want to administrate your Windows 2003 servers from your Vista workstation, you may find that you recieve an “MMC could not create snap in” error when you open one of the admin tools, it also manifests as corrupted graphics within some MMC Add-ins.

It appears that the dlls are not registered correctly, there’s a KB article from Microsoft that contains a script to reregister the dlls. It’s a simple fix:

  • Copy and paste the following script into a text document, save it as RegisterAdminPack.cmd
  1. @echo off
  2. REM RegisterAdminPak.cmd
  3. REM (c) 2006 Microsoft Corporation. All rights reserved.
  4. set filelist=adprop.dll azroles.dll azroleui.dll ccfg95.dll
  5. set filelist=%filelist% certadm.dll certmmc.dll certpdef.dll certtmpl.dll
  6. set filelist=%filelist% certxds.dll cladmwiz.dll clcfgsrv.dll clnetrex.dll
  7. set filelist=%filelist% cluadmex.dll cluadmmc.dll cmproxy.dll cmroute.dll
  8. set filelist=%filelist% cmutoa.dll cnet16.dll debugex.dll dfscore.dll
  9. set filelist=%filelist% dfsgui.dll dhcpsnap.dll dnsmgr.dll domadmin.dll
  10. set filelist=%filelist% dsadmin.dll dsuiwiz.dll imadmui.dll lrwizdll.dll
  11. set filelist=%filelist% mprsnap.dll msclus.dll mstsmhst.dll mstsmmc.dll
  12. set filelist=%filelist% nntpadm.dll nntpapi.dll nntpsnap.dll ntdsbsrv.dll
  13. set filelist=%filelist% ntfrsapi.dll rasuser.dll rigpsnap.dll rsadmin.dll
  14. set filelist=%filelist% rscommon.dll rsconn.dll rsengps.dll rsjob.dll
  15. set filelist=%filelist% rsservps.dll rsshell.dll rssubps.dll rtrfiltr.dll
  16. set filelist=%filelist% schmmgmt.dll tapisnap.dll tsuserex.dll vsstskex.dll
  17. set filelist=%filelist% w95inf16.dll w95inf32.dll winsevnt.dll winsmon.dll
  18. set filelist=%filelist% winsrpc.dll winssnap.dll ws03res.dll
  19.  
  20. for %%i in (%filelist%) do (
  21.  echo Registering %%i …
  22.  regsvr32 /s %%i
  23. )
  24. echo.
  25. Echo Command Completed
  • Run a command prompt under admin privileges (Start menu > All Programs > Accessories > Right click Command Prompt and select “Run as administrator”)
  • Navigate to where you saved RegisterAdminPack.cmd, and run it.

Simple as that. Some people find that the admin tool shortcuts aren’t installed under administrative tools, that didn’t happen to me, but you can either reinstall the tools or manually create the shortcuts by opening a new MMC window (Start > Run > mmc) and then adding the relevant snap-in. You can then save your console and create a shortcut wherever you desire.

Windows Server 2003, Windows Vista, Admin Tools , , , ,