Jump to content
MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. ×

adamt

Member
  • Content Count

    137
  • Joined

  • Last visited

  • Donations

    $0.00 

Everything posted by adamt

  1. Usually, with an expired password, you would still be able to login, but you'd be prompted to change it.
  2. Are you sure the password is still blank? Could somebody have changed it? Once you get back in again, check your security log for event ID 4738.
  3. On the HP ProLiant SmartArray devices I have used, the cache is disabled when the battery loses charge or registers a fault. This is done to prevent the loss of data in the event of a power outage. It's easier for HP to support a disk performance issue that they can just tell you to replace the battery for, than it is to recover a corrupt database. When the battery fails, or has no charge, event ID 1206 from Storage Agents will be logged to tell you about the battery failure. Event ID 1204 will also be logged to tell you that the cache accelerator module has been disabled.
  4. It's set to "Ignore", and the "Make this action the system default" is checked.
  5. Dear all, I am trying to run silent/unattended installations of NetBackup client 7.1 - which includes the driver wimfltr.sys. Unfortunately, that driver's certificate expired in 2008. According to that article, this can be ignored should not prevent installation - but unfortunately, it does. At least on some Windows 2003 SP2 x86 servers. They all have the group policy item "Devices: Unsigned driver installation behavior" set to "Silently succeed", and all have the "Driver Signing\Policy" registry key set to 00. But some are logging the following in the setupapi.log file: [2013/06/20 08:43:34 5
  6. Just wondering - in your DHCP scopes, are you instructing the clients to use the old Win2k3 server as their primary DNS or WINS server? Can you try to validate the IP configuration of one of the affected machines? Test NSLOOKUP against all DNS servers and compare times?
  7. There are many reasons why this might be. Firstly, as allen2 has told you, the space may be used up by pagefiles, shadow copies, hiberfil, etc - files which are usually hidden from the shell unless you configure it otherwise. Then, bear in mind you there's things like reparse points (junctions), compressed files, etc - see: Computing the size of a directory is more than just adding file sizes on Raymond Chen's blog, and the similar Windows Confidential article he wrote for an overview.
  8. Hi, I've recently had an issue in which a customer application had bloated the HKLM\Software bit of the registry to 2 GB. It was 32-bit COM application running under a 32-bit dllhost.exe process on x64 Windows Server 2003, and was filling up HKLM\Software\Wow6432Node\Microsoft\EventSystem. I was able to use dureg.exe from the Windows 2000 reskit to find which bit of the registry was taking up all the space. However - I noticed that dureg.exe is (being from the Win2000 days) an x86 application, and so although it reported that it was reading HKLM\Software\Microsoft\EventSystem, it was actually
  9. Do you have permissions to edit the \boot.ini file? And if you make changes to it using msconfig - does your boot.ini file get updated with them?
  10. Dear all, I have one server environment which seems to be generating quite a lot of these events, mostly from Win2k3 SP2 machines: Event Type: Warning Event Source: Srv Event Category: None Event ID: 2012 Date: 27/08/2011 Time: 07:05:25 User: N/A Computer: WIN2K3WEB Description: While transmitting or receiving data, the server encountered a network error. Occassional errors are expected, but large amounts of these indicate a possible error in your network configuration. The error status code is contained within the returned data (formatted as Words) and may point you towards the problem.
  11. You could download Process Monitor from Sysinternals, and run that, looking for what is accessing that key. Start process monitor with the /noconnect switch (c:\path\to\procmon.exe /noconnect) - which will stop it from instantly logging every single bit of activity from the second it loads. Add a filter: If path excludes "CodeASU1" then Exclude. Also, use the 'drop filtered events' option - to stop it from filling up your pagefile. Now tell it to start capturing events, and from there on, it's a waiting game to see which processes are touching that key.
  12. Obviously, it's a bit late now, but I would have suggested looking for the following registry key: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ NoDrives (DWORD) = 1. If it's there (and not set to 0), Explorer will hide some/all drives from you. Full explanation of the key is at: http://technet.microsoft.com/en-us/library/cc938267.aspx
  13. I sometimes find that I need to kill my rdpclip.exe process, then run it again to resolve RDP clipboard issues. There's one rdpclip per logged on user, so be sure you kill the right one. I have seen one case of a TS box which wasn't even trying to run rdpclip.exe. The problem was with the registry keys: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\ StartupPrograms = (String). HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\AddIns\Clip Redirector\ Name = (String). On _most_ Terminal Servers, these string values are equal to “rdpclip”. The problematic one had them set
  14. Only Windows (Win2000 or later) machines understand authorisation. Other OSes won't check for auth. before handing out IP addresses. If the DHCP server did not live on the same subnet as the clients, it would need to have had a relay or ip helper pointing traffic towards it - else it would only have been able to offer/renew IP addresses to machines on the same local subnet. I'm not sure how this could have corrupted your DHCP database, though. In any case - we have a script which runs weekly on all DHCP servers, saving their configuration and the details of all IP reservations. Should anyt
  15. Assuming this is a BHO (Browser Helper Object), the configuration should be stored at: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects If it's a Browser Extension rather than a Helper Object, it will be at: HKLM\Software\Microsoft\Internet Explorer\Extensions - both are per machine, rather than per user, although there may also be relevant data stored under the HKCU hive, which is specific to the user, not the computer (such as whether to display a toolbar, and what dimensions to make it). It is also possible to find extensions under HKCU\Software\Microsoft\Inte
  16. Interesting idea, and one I'd like to try. Would you need a serial/kernel debug session, or should I just be able to attach to dfsutil and see what I'm looking for? Thanks, Adam.
  17. Thanks for the suggestion. DComLaunch and RpcSs are actually already in their own svchost.exe processes. A quick straw poll around some Win2003 machines suggests this is the default for that OS (although I notice that on my XP laptop, DComLaunch shares a process with Terminal Services).
  18. Replying to my own post, in case anyone else is interested - I'm going to setup adplus to monitor the specific instances of svchost.exe which host DComLaunch and RPCss. If I find anything useful, I'll post the details back here.
  19. It can't be coming from winerror.h, because healthy cache entries appear with status 0x19, and "The drive cannot locate a specific area or track on the disk." does not make any sense in this context. Also, surely an error regarding tracks on disks would need to come from something like ntfs.sys, rather than mup.sys or rdr.sys?
  20. Well... if it is a status code, or an error code - it must be defined somewhere, else all error messages would just generate a random number. Since it isn't in winerror.h or ntstatus.h, I was wondering where it is defined.
  21. Interesting... where would that be defined if not in winerror.h or ntstatus.h?
  22. I didn't consider it to be a win32 error code because other healthy cache entries appear with status 0x19, and "The drive cannot locate a specific area or track on the disk." does not make any sense in this context. Once the DFS element had been discovered, we disabled the WideLinks setting and all was resolved. Curiously, LSI/OnStor did not seem to think that WideLinks could possibly be the cause of such an issue.
  23. Just to reply to my own thread... I found that running dfsutil.exe /pktflush would alleviate the issue temporarily (which is easier to do than reboot the machine). For this specific issue, running dfsutil.exe /pktinfo will show you an entry with "State:0x09" for each file you are unable to access: Entry: \uk6nas03\nas-l4\mb2c\stage\ZZ_915939_IN\ruby\config.xml ShortEntry: \uk6nas03\nas-l4\mb2c\stage\ZZ_915939_IN\ruby\config.xml Expires in 0 seconds UseCount: 0 Type:0x81 ( REFERRAL_SVC DFS ) 0:[\uk6nas03\nas-l4\mb2c\stage\ZZ_915939_IN\ruby\config.xml] State:0x09 ( ) The troublesome NAS devic
  24. Dear knowledgeable MSFN-dwellers, I have a Win2k3 R2 x64 server which has on various occasions, suffered a crash of the DCOMLaucnch or RPCss services, causing the machine to reboot. It leaves an entry in the system log like this: Event Type: Information Event Source: USER32 Event Category: None Event ID: 1074 Date: 21/11/2010 Time: 00:32:28 User: NT AUTHORITY\SYSTEM Computer: LON-SQL105a Description: The process winlogon.exe has initiated the restart of computer LON-SQL105a on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found Reason Code:
  25. According to: http://www.microsoft.com/silverlight/faq/#sys-req Silverlight 3 requires a minimum of XP SP2. Conversely, the page at http://www.microsoft.com/getsilverlight/get-started/install/default.aspx suggests that you can have Silverlight 4, provided you have installed Update Rollup 1 for Windows 2000 SP4 (kb891861). Suck it and see.
×
×
  • Create New...