Archive for the ‘Registry’ Category

Alert: This source server failed to generate the changes

Description: This directory service failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send change requests to the directory service at the following network address.

1479

Event ID: 1479

Active Directory Domain Services could not update the following object in the local Active Directory Domain Services database with changes received from the following source directory service. Active Directory Domain Services does not have enough database version store to apply the changes.

User Action

Restart this directory service. If this does not solve the problem, increase the size of the database version store. If you are populating the objects with a large number of values, or the size of the values is especially large, decrease the size of future changes.

 

Additional Data

Error value:

8573 The database is out of version store.

 

Resolution:

{MS has provided the resolution in this Link}

Note: Take Backup of Registry before changing

 

Registry Location:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

 

You need to add the Registry value “EDB max ver pages” with 32 Bit DWord Decimal value as you need with reference below:

9600 = 152 MB
12800 = 202 MB
16000 = 252 MB
19200 = 302 MB

Reboot the Server once the changes have been done.

Check the Event viewer after restart; you need to get event 1394 in ADS Logs

1394

Advertisements

Symptoms:

–          The Server service fails to start and the below events are recorded

Event ID: 7023

Source: Service Control manager

Type: Error

Description: The Server service terminated with the following error: More data is available.

–          Not Enough storage is available to process this command.

Event ID: 7001

Source: Service Control manager

Type: Error

Description: The Netlogon service depends on the server service which failed to start because of the following error: More data is available.

–          System Error 8 has occurred. Not enough storage is available to process this command.

–          If you try to start the Server Service manually, the following errors may occur: A System error has occurred: System Error 234 has occurred.

–          You will not be able to execute any command in the Server.

–          You get error message when you open the Network connections (ncpa.cpl)

Observations:

–          Other services may fail to start because these services are dependent on the Server Service.

–          The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

–          It looks like certain software’s can also cause for this error, those maybe the Norton Antivirus, Acronis trueImage, Seagate DiscWizard, IBM antivirus, Microsoft Bitdefender, Symantec Endpoint Protection or AVG, Try Disabling them or uninstalling and check if the problem persists.

–          You can instantly rectify this error if you restart the server, but the error re-occurs in 2 to 3 days.

Resolution:

PLEASE BACKUP YOUR REGISTRY FIRST BEFORE YOU MAKE ANY CHANGES

This issue may be cause of two reasons, one is the NullSessionPipes and the other is IRPStackSize.

  1. NullSessionPipes

The Cause of these errors is due to too much data stored in the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes

The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

The Solution is to remove any unnecessary entries from this value in the registry.

The Default information stored in this key is:

COMNAP

COMNODE

SQL\QUERY

SPOOLSS

LLSRPC

EPMAPPER

LOCATOR

  1. IRPStackSize

Go to the below Registry entry to edit the IRPStackSize

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

If you do not have the Registry entry then create one manually, but make sure the name should be correct as it is case sensitive.

To create the Registry entry follow the below steps:

–          Open REGEDIT

–          Proceed to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

–          Click Edit, and point to New and then click DWORD Value

–          Type IRPStackSize , Click Edit and then modify the Value

–          The Value should be 0x00000050 in Hexadecimal or 80 in Decimal. This should resolve your issue, normally values are provided to 1 to 15 in decimal notation. Better if you provide higher value so that the problem doesn’t come back.

–          Restart the Server after the changes are done.

Keys serve as containers in the registry. Keys can contain other keys (subkeys). Keys can also contain value entries, or simply, values. These are the ‘‘substance’’ of the registry. Values comprise three parts: name, data type, and value. The name identifies the setting. The data type describes the item’s data format. The value is the actual data. The following list summarizes data types currently defined and used by the system:

 

  • Binary Value: This data type stores the data in raw binary format, one value per entry. The Registry Editor displays this data type using hexadecimal format.
  • DWORD value: This data type stores data as a four-byte number (32-bit), one value per entry. The Registry Editor can display this data type in binary, hexadecimal, or decimal formats.
  • QWORD value: This data type stores data as a 64-bit number, one value per entry. The Registry Editor can display this data type in binary, hexadecimal, or decimal formats.
  • Expandable string value: This is a variable-length string that includes variables that are expanded when the data is read by a program, service, and so on. The variables are represented by % signs; an example is the use of the %systemroot% variable to identify the root location of the Windows Server 2008 folder, such as a path entry to a file stored in systemroot\System32. One value is allowed per entry.
  • Multi-String value: This data type stores multiple string values in a single entry. String values within an item are separated by spaces, commas, or other such delimiters.
  • String value: This data type stores a single, fixed-length string, and is the most common data type used in the registry.

A good security step to take to prevent hackers and others from making unauthorized changes to a system’s registry is to prevent remote access to a system’s registry. When a user attempts to connect to a registry remotely, Windows Server 2008 checks the ACL for the following registry key:

 

HKLM\System\ControlSet001\Control\SecurePipeServers\winreg

 

If this key is missing, all users can access the registry subject to the permissions assigned to individual keys. If the key exists, Windows Server 2008 checks the permissions on the key to determine whether or not the remote user can gain access to the registry (and levels of access). Individual keys then determine what these remote users can do with a given key. Therefore, winreg is the first line of defense, and individual key ACLs are the second line of defense. If you want to prevent all remote access to the registry, make sure you set the permissions on the winreg key accordingly.


If you are the primary user of your computer and you do not have any other users, or if everyone in your household uses the same username, you are the perfect candidate for enabling automatic logon. Automatic logon is a great technique that will save you time that is often wasted when your computer is waiting for you to type your password. Even if you do not have a password assigned to your account, you are still required by the logon welcome screen to click your name to sign in. Having to do these tasks yourself is unnecessary and a waste of time if you are a candidate for automatic logon.

Caution Automatic logon can be a great feature but it can also create a security problem for your computer. If you use your computer for business, if you have data you prefer to keep safe from others, or both, I strongly recommend that you do not enable this feature. If you happen to step out of your office or if your laptop is stolen, you have left the door to your computer wide open. By enabling automatic logon, you are trading convenience for physical access security. However, you are not changing your network security, so your data is still safe from network attackers. The risk of someone remotely connecting to your computer is the same as if you did not have automatic logon enabled.

Enabling automatic logon is a quick and easy Registry hack. Follow these steps to speed up your sign-on with automatic logon:

  1. Click the Start button, type regedit in the Search box, and then press Enter.
  2. After Registry Editor has started, navigate through HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. Locate the AutoAdminLogon entry. If the key does not exist, create it by right-clicking the Winlogon folder and selecting New and then Registry String.
  4. Right-click the AutoAdminLogon entry and select Modify. Set the Value to 1. Then press OK to save the new value.
  5. Locate the DefaultUserName entry or create it if it does not exist.
  6. Right-click DefaultUserName and select Modify. Set the value to the username that you primarily use to sign in to Windows. Press OK.
  7. Locate the DefaultPassword entry or create it if it does not exist.
  8. Right-click the DefaultPassword entry and set the Value to your password.
  9. Close Registry Editor and restart your computer.

After you reboot your computer, Windows Vista should automatically sign on to your account. You will notice that your computer will now get to the desktop much quicker than before. If you ever want to disable automatic logon, just go back into Registry Editor and set the AutoAdminLogon entry to 0.

In this section, we’ll discuss the registry keys that are used for power management. You may edit any of them using one of the registry editors.

Note Changing registry entries responsible for power management won’t have an immediate effect. Windows only reads settings from the registry when you log on, when you click OK in Control Panel, or when a Powerprof.dll function is called on to read the registry.

The registry keys used for power management are listed below.

  • HKCU\AppEvents\EventLabels\LowBatteryAlarm – descriptive name of a low battery-power-alarm event
  • HKCU\AppEvents\EventLabels\CriticalBatteryAlarm – descriptive name of a critical battery-power-alarm event
  • HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\LowBatteryAlarm\.Default, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Current, HKCU\AppEvents\Schemes\Apps\PowerCfg\CriticalBatteryAlarm\.Default – filenames of the WAV files that will play as a low and critical power-alarm events
  • HKCU\Control Panel\PowerCfg\CurrentPowerPolicy – index of current user and machine power policy
  • HKCU\Control Panel\PowerCfg\GlobalPowerPolicy\Policies – the user global power policy (binary encoded data)
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Name – name of power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Description – descriptive string for power scheme n, where n = 0, 1, 2, etc.
  • HKCU\Control Panel\PowerCfg\PowerPolicies\n\Policies – user power policy n, where n = 0, 1, 2, etc. (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\LastID – index of the last power policy in the lists of user and machine power policies (for example, if there are six user power policies and six machine power policies in the registry, the value of this key is 5)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMax – the maximum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\DiskSpinDownMin – the minimum disk spin-down time that Control Panel will allow the user to set
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\GlobalPowerPolicy\Policies – the machine global power policy (binary encoded data)
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg\PowerPolicies\n\Policies – machine power policy n, where n = 0, 1, 2, etc. (binary encoded data)


Power management configuration in Windows 2000, Windows XP, and Windows Server 2003 is based on the concept of power schemes. A power scheme is a group of preset power options that are passed to the Power Policy Manager component of the operating system to control the machine’s power-management behavior.

Each power scheme consists of a global power-policy structure and a power-policy structure.

  • Global power-policy structures contain preset power options that are global across all power schemes.
  • Non-global power-policy structures contain power options that are unique to a particular power scheme.

These power-policy structures are further divided into machine structures and user structures.

  • Values in machine structures are stored in the HKEY_LOCAL_MACHINE registry key, and none of these values are exposed in the user interface. For example, you can’t set any of these values using the Power Options applet in the Control Panel.
  • Values in user structures are stored in the HKEY_CURRENT_USER registry key and some of these values are displayed in the user interface. Some of these parameters can be set using the Power Options applet in Control Panel.

The data structures defining power management policy are listed below:

  • GLOBAL_POWER_POLICY – used to manage global power policies. This structure contains the data common to all power schemes. This structure is a container for a GLOBAL_USER_POWER_POLICY structure and a GLOBAL_MACHINE_POWER_POLICY structure, which contains elements that are read from and written to the registry.
  • GLOBAL_MACHINE_POWER_POLICY – this structure is a part of the GLOBAL_POWER_POLICY structure. It contains the data common to all power schemes and users. The elements in this structure are read from and written to the HKLM key in the registry.
  • GLOBAL_USER_POWER_POLICY – this structure is a part of the GLOBAL_POWER_POLICY structure. It contains the data common to all power schemes for the user. The elements in this structure are read from and written to the HKCU key in the registry.
  • POWER_POLICY – used to manage non-global power policies. This structure contains the data unique for all power schemes. This structure is a container for the USER_POWER_POLICY and MACHINE_POWER_POLICY structures that contain the elements to be read from and written to the registry. There is one POWER_POLICY structure for each power scheme on a machine.
  • MACHINE_POWER_POLICY – this structure is a part of the POWER_POLICY structure. It contains the data unique to each power scheme, but common to all users. The elements in this structure are read from and written to the HKLM key in the registry.
  • USER_POWER_POLICY – this structure is a part of the POWER_POLICY structure. It contains the data unique to each user and power scheme. The elements in this structure are read from and written to the HKCU key in the registry.

On a local system, you can manage shutdown and restart using the following commands:

Shutdown local system:

shutdown /s /t ShutdownDelay /l /f

Restart local system:

shutdown /r /t ShutdownDelay /l /f

Cancel delayed shutdown of local computer:

shutdown /a

where /T ShutdownDelay is used to set the optional number of seconds to wait before shutdown or restart, /L optionally logs off the current user immediately, and /F optionally forces running applications to close without warning users in advance. In this example, the local system is restarted after a 60-second delay:

shutdown /r /t 60

As an administrator, you’ll often have to start, stop, or pause Windows services. The related SC commands and their syntaxes are

Start a service:

sc start ServiceName

Pause a service:

sc pause ServiceName

Resume a paused service:

sc continue ServiceName

Stop a service:

sc stop ServiceName

where ServiceName in each case is the abbreviated name of the service you want to work with, such as

sc start w3svc

As with all SC commands, you can also specify the name of the remote computer whose services you want to work with. For example, to start the w3svc on MAILER1, you would use the following command:

sc \\Mailer1 start w3svc

The state listed in the results should show START_PENDING. With stop, pause, and continue you’ll see STOP_PENDING, PAUSE_PENDING, and CONTINUE_PENDING respectively as well. If an error results, the output states FAILED and error text is provided to describe the reason for the failure in more detail. If you are trying to start a service that is already started, you’ll see the error

An instance of the service is already running.

If you are trying to stop a service that is already stopped, you’ll see the error

The service has not been started.

To delete subkeys and values from the Windows registry, use REG delete. REG delete has several different syntaxes. If you want to delete a subkey and all subkeys and entries under the subkey, use the following syntax:

reg delete KeyName

where KeyName is the name of the subkey you want to delete. Although the subkey path can include the UNC name or IP address of a remote computer, a remote source subkey can use only the HKLM or HKU root keys. Consider the following example:

reg delete \\Mailer1\HKLM\SYSTEM\CurrentControlSet\Services\DNS2

Here you delete the DNS2 subkey and all subkeys and entries under the subkey on MAILER1.

If you want to limit the scope of the deletion, specify that only a specific entry under the subkey should be deleted using the following syntax:

reg delete KeyName /v ValueName

where KeyName is the name of the subkey you want to work with and ValueName is the name of the specific entry to delete. As before, the subkey path can include the UNC name or IP address of a remote computer. However, a remote source subkey can use only the HKLM or HKU root keys. In this example, you delete the Description entry for the DNS2 subkey on MAILER2:

reg delete \\Mailer2\HKLM\SYSTEM\CurrentControlSet\Services\DNS2 /v 
Description