Archive for the ‘Microsoft Windows’ Category

« Older Entries

Resizing a Dynamic System Partition on Windows 2003 – for Free.

Tuesday, October 25th, 2011

Ok. I have a server running Windows Small Business Server 2003. Back in the day when it was set up I naively had only a 20gb System volume, on a dynamic disk, mirrored. Unfortunately that ran out of space, so I set about extending the partition.

Windows Disk Management and Diskpart in Windows 2003 don’t allow you to extend the volume with the O/S on it. This limitation meant that I went to a tried, tested and trusted friend in GParted. Unfortunately, GParted also cannot extend volumes on dynamic disks created with the Windows LVM.

After an hour of trying to find a way to do it, I nearly ended up paying for professional tools (which do exist if you want the support and backup). I then remembered that Windows 2008 does allow you to resize the system partition.

This means that the Windows 2008 version of DiskPart can perform this function, and is included in Windows PE 3.

So, grab a copy of the Windows Automated Installation Kit from here: http://www.microsoft.com/download/en/details.aspx?id=5753 create your Windows PE 3.0 CD and boot. Instructions for creating the CD or UFD are here: http://technet.microsoft.com/en-us/library/cc749311(WS.10).aspx

Full instructions for the Windows 2008 version of DiskPart can be found here: http://technet.microsoft.com/en-us/library/cc770877(WS.10).aspx

Remember to always create a backup though.

1 person found this post useful.
Unmark this post as useful.

Tags: ,
Posted in Server 2003 | No Comments »

Windows PE 3.0: IRQL_NOT_LESS_OR_EQUAL

Wednesday, July 27th, 2011

Have been working with Windows PE 3.0 to create an automated bootable USB and CD that boots a machine, partitions the disk, applies an image and copies some files to create a ThinStation thin client.

Whenever we booted our target machines, we got the following error:

IRQL_NOT_LESS_OR_EQUAL - 0x0000000A

Windows PE 3.0 has a minimum requirement of 256mb of  useable RAM. The machines that we were using had 256mb of RAM total, and were using Shared Memory for the Graphics card – reducing the actual available RAM to 224mb, causing the boot to fail.

The limitations of Windows PE are listed through the link below.  This link takes you to the details for Windows PE 2.0, but as far as I can find the limitations and the requirements are the same.

http://technet.microsoft.com/en-us/library/cc507857.aspx

1 person found this post useful.
Unmark this post as useful.

Tags:
Posted in Microsoft Windows | 3 Comments »

Windows Update Error 80244023

Thursday, March 10th, 2011

Just a quick one here. I am sure there are a number of other fixes around for this error, but a reminder here to check for the simple things.

Running Windows Update using WSUS on Windows Server 2008. Clicked the Check for Updates option and this error came up.

Check your proxy settings. If you use a proxy trhen ensure that you can access your configured WSUS server through the proxy, or disable the proxy. It seems that when you run the check manually it uses the system proxy settings (set in Internet Explorer) but when it is run automatically it does not. Seems strange behaviour – but that is how it appears to work.

If you are getting this error on a standalone PC not connected to an enterprise network, then it is highly likely that this will not apply to you.

7 people found this post useful.
Unmark this post as useful.

Tags: ,
Posted in Server 2008 | No Comments »

Can ping a website but cannot browse to it

Sunday, March 6th, 2011

Just finished repairing a PC which could ping websites, but could not browse to them using Internet Explorer or Mozilla Firefox.

Turns out that Norton is once again to blame.

A fix is given on the link below. In short, use the Norton Removal Tool to remove any offending applications, rebott, and the joy of the Intenernt shall return to your PC.

http://amiatypist.blogspot.com/2009/12/can-ping-can-not-browse.html

Maybe at somepoint manufacturers might start bundling decent security software with laptops and PCs.

Unmark this post as useful.

Tags: , ,
Posted in Networking, Windows 7 | No Comments »

Page File Location when System drive is Mirrored

Wednesday, March 2nd, 2011

I have been working on a server today which has 2 HDD, mirrored for redundancy. It is a software based mirror provided by Windows Server 2003. The server had been having a couple of performance issues, and whenlooking at the performance monitor, they tended to be caused by long write times to the Page File.

The page file was still in it’s default location on the C: drive – as this is SBS 2003 it had never been looked at. This meant that all page file write operations were being written to two HDD every time.

This is not neccessary. The solution that we have come up with to ealleviate this ‘dual-writing’ is to shrink the data partition (also mirrored) on the disk to give us back some unallocated space. I then created a simple volume on the first disk which could be used to host the page file. Assigned the next available drive letter and changed the page file drive assignments in the System Properties.

After a reboot and a couple of hours with loggin turned on I went back and found that the page file write time is significantly decreased.

This just goes to show how important it is to look where data is actually being stored on a system to make sure that you are getting the most from the hardware that you have.

Unmark this post as useful.

Tags: ,
Posted in Server 2003 | 1 Comment »

Redirected My Documents folders showing as ‘Documents’ rather than the users name

Monday, December 20th, 2010

Had a complaint from a member of staff recently that all students work folders showed up as My Documents when he was browsing through their work.

Many of you may have been directed to this Microsoft KB as a ‘solution’. http://support.microsoft.com/kb/947222

Not much of a solution if you ask me. Redirection to a subfolder would work, but do you really want to change something that significant on your network? Enable exclusive access would be fine if you didn’t need to give other people access to the documents folder. In a student-teacher situation, teachers need to be able to see the students work, so this doesn’t work for us. Option 3 – deny permission to the desktop.ini. We have 1400 students. That’s a lot of changes – yes I could use xcacls or subinacl to automate it, but what a headache.

The best ‘solution’ that we have come up with, is to simply delete the desktop.ini file at logoff. We created a VB Script, which looks for a desktop.ini file in the user’s My Documents folder, and if it exists then delete it. Attach this into a GPO that affects the user as a logoff script.

The code we used is:

On Error Resume Next
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
DocsPath = WSHShell.SpecialFolders("MyDocuments")
If FSO.FileExists (DocsPath & "\desktop.ini") Then
  FSO.DeleteFile (DocsPath & "\desktop.ini")
End If

Next time the user logs on and then off again, the desktop.ini file will be deleted, and the folder will show as the username of the user.

Shame there isn’t a GPO option which allows you to turn off this feature. On a home machine it is great, but in a corporate environment you need to be able to turn off the fancy features and see exactly what you have got.

2 people found this post useful.
Unmark this post as useful.

Tags: , , ,
Posted in Server 2008, VBScript, Vista | 3 Comments »

Specified Port is Unknown error when adding Network Printers

Thursday, July 1st, 2010

Just finished investigating and resolving an error whereby the message ‘Specified Port is Unknown’ appears when adding a network printer. This was first noticed when running a login script that add’s printers didn’t actually add any printers.

To fix this problem, you need to delete references to the printer drivers in the registry. I had already deleted any references to any network printers in an earlier attempt to fix the problem, so I wil;l include that as a step as it will not affect any functionality.

  1. Open Registry Editor, making sure that you have administrator rights.
  2. Expand HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Architecture\Drivers\Version-3
  3. Delete any subkeys for printer drivers that have been installed.
  4. Expand HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Print\Printers
  5. Delete any subkeys that reference any network printers.
  6. Close Registry Editor
  7. Restart the Print Spooler services

After this had been completed, all of the shared printers as part of the login script connected and functioned as they should.

All I can imagine is that one of the drivers was corrupt, or information had not been removed from the registry when a printer was removed.

4 people found this post useful.
Unmark this post as useful.

Tags: ,
Posted in Server 2008 | No Comments »

Windows 2008 R2 RDS: Print Spooler Stops

Wednesday, June 2nd, 2010

We have two servers running Windows Server 2008 R2 Remote Desktop Services. On both servers the Print Spooler service kept randomly stopping. In the Application event log, we noticed this error keep appearing:

Faulting application name: spoolsv.exe, version 6.1.7600.16385, timestamp: 0x4a5bd3d1
Faulting module name: ntdll.dll, version 6.1.7600.16385, timestamp: 0x4a5bd3d1
Exception code: 0xc0000374

After trying to replicate the problem, we found that it only occurred when certain groups of users, all with the same login script, logged in to the server. Part of this login script adds some network printers for the user.

Turns out, we had just updated one of the print drivers for the printers, and whenever the user logged in, it was unable to install the new print drivers, because of the user’s access rights. Instead of it popping up asking for an administrators credentials to add the driver, the print spooler service was just failing.

The fix in this case was to simply log in as an administrator, add the printer, so that the driver gets installed.

Other fixes that I found on the internet all relate to driver issues, so do check that the drivers you are using are suitable for Windows Server 2008 and are WHQL.

Unmark this post as useful.

Tags: ,
Posted in Server 2008, Thin Client | No Comments »

Login Script Not Running Windows 2008 Remote Desktop Services (Terminal Services)

Monday, May 24th, 2010

Call today: User has not got any network drives when logging on to the thin clients.

The setup for this is as follows:

  • 2 x Windows Server 2008 R2 servers running RDS, DNS round robin, load balanced.
  • 56 x ThinStation 2.2.2 clients

A VBS login script is applied using Group Policy. All student users have a Mandatory Roaming Profile.

Any user that was not the user that I used to create the template could not run the login script. Took quite a while to work out that the mandatory profile was the cause.

To solve the problem:

  1. Open Registry Editor
  2. Select HKEY_USERS, then click File –> Load Hive
  3. Select the mandatory profile file (NTUSER.MAN) and give it a name.
  4. Right click on the key that you typed in in step 3 and select Permissions.
  5. Remove the user that you used to create the Mandatory Profile
  6. Add in the Authenticated Users (or a different group if you want to restrict access further) and assign it Full Control.
  7. Propagate the permissions to all child objects.
  8. Select the hive that you added in step 3, click File –> Unload Hive
  9. Test.

I suggest creating a backup of the original hive before you make any changes. Just in case.

Now, whenever a user logs in the script should run, and create all of the necessary network drives that you have defined in your script.

Unmark this post as useful.

Tags: , ,
Posted in General Stuff, Server 2008, Thin Client | 1 Comment »

ISA 2006: Re-design

Wednesday, April 7th, 2010

Just been working on our ISA infrastructure. We have 2 ISA servers, 1 for staff, and 1 for students. Main reason for the separate servers is that each ‘group’ have to go through a different upstream proxy server. (Bit of a pain, but that’s what we have to do.)

Simple task this morning, block a couple of sites and add a new HTTP signature in for blocking. Open up the ISA Management console and off we go.

Upon opening, I was greeted with a dozen rules and a number of separate filters. I knew that ISA performance had been suffering recently, but not really had the time to do anything about it. It looks like over time, as requirements have changed and extra sites and services needed restricting or allowing, the design of the firewall rules, and web chaining rules had become one giant mess.

Taking the opportunity of a bit of time for once, took all of the rules, deleted them and started from scratch. Managed to get 14 rules down to 3. Took a look at the web chaining rules, and reorganised them into a more logical order. Traffic is all now told to attempt to go direct to the source instead of the upstream proxy. Previously, all traffic was directed to the upstream proxy, and then told to go direct if it didn’t match a rule. (I think that makes sense!).

Other than making the whole configuration simpler (always a good feature), the re-design has had two positive side effects that weren’t planned for. ISA performance has improved by around 50%. Request times are taking half a s long to process as they were before. Also, YouTube has started working!! Something in the configuration was stopping YouTube from loading and playing videos, but in the mess of rules, we could not determine what the problem was.

Today I have determined that every so often, you need to really challenge an existing design to ensure that it is as simple, and as functional as it needs to be.

Unmark this post as useful.

Tags:
Posted in Internet Security, Server 2008 | No Comments »

« Older Entries