Archive for the ‘System Information’ Category

How to verify if the WMI is working fine on the Server?

ANS: Open Command prompt in Administrator mode and run the below command:

winmgmt /verifyrepository

If the WMI is working fine, then you get message as WMI is consistent, or else you get the error code.

Below is the link for the Error code reference for WMI

MS Article Link

Depended on the scope of error you need to troubleshoot further.

Advertisements

Robust File and Folder Copy.

By default Robocopy will only copy a file if the source and destination have different time stamps or different file sizes.

 

Syntax

ROBOCOPY Source_folder Destination_folder [files_to_copy] [options]

 

Key

file(s)_to_copy : A list of files or a wildcard.

(defaults to copying *.*)

 

  Source options

/S : Copy Subfolders.

/E : Copy Subfolders, including Empty Subfolders.

/COPY:copyflag[s] : What to COPY (default is /COPY:DAT)

(copyflags : D=Data, A=Attributes, T=Timestamps

S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

/SEC : Copy files with SECurity (equivalent to /COPY:DATS).

/DCOPY:T : Copy Directory Timestamps. ##

/COPYALL : Copy ALL file info (equivalent to /COPY:DATSOU).

/NOCOPY : Copy NO file info (useful with /PURGE).

 

/A : Copy only files with the Archive attribute set.

/M : like /A, but remove Archive attribute from source files.

/LEV:n : Only copy the top n LEVels of the source tree.

 

/MAXAGE:n : MAXimum file AGE – exclude files older than n days/date.

/MINAGE:n : MINimum file AGE – exclude files newer than n days/date.

(If n < 1900 then n = no of days, else n = YYYYMMDD date).

 

/FFT : Assume FAT File Times (2-second date/time granularity).

/256 : Turn off very long path (> 256 characters) support.

 

Copy options

/L : List only – don’t copy, timestamp or delete any files.

/MOV : MOVe files (delete from source after copying).

/MOVE : Move files and dirs (delete from source after copying).

 

/Z : Copy files in restartable mode (survive network glitch).

/B : Copy files in Backup mode.

/ZB : Use restartable mode; if access denied use Backup mode.

/IPG:n : Inter-Packet Gap (ms), to free bandwidth on slow lines.

 

/R:n : Number of Retries on failed copies – default is 1 million.

/W:n : Wait time between retries – default is 30 seconds.

/REG : Save /R:n and /W:n in the Registry as default settings.

/TBD : Wait for sharenames To Be Defined (retry error 67).

 

Destination options

 

/A+:[RASHCNET] : Set file Attribute(s) on destination files + add.

/A-:[RASHCNET] : UnSet file Attribute(s) on destination files – remove.

/FAT: Create destination files using 8.3 FAT file names only.

 

/CREATE: CREATE directory tree structure + zero-length files only.

/DST: Compensate for one-hour DST time differences ##

/PURGE: Delete dest files/folders that no longer exist in source.

/MIR: MIRror a directory tree – equivalent to /PURGE plus all subfolders (/E)

 

Logging options

/L: List only – don’t copy, timestamp or delete any files.

/NP: No Progress – don’t display % copied.

/LOG:file : Output status to LOG file (overwrite existing log).

/UNILOG:file : Output status to Unicode Log file (overwrite) ##

/LOG+:file : Output status to LOG file (append to existing log).

/UNILOG+:file : Output status to Unicode Log file (append) ##

/TS : Include Source file Time Stamps in the output.

/FP : Include Full Pathname of files in the output.

/NS : No Size – don’t log file sizes.

/NC : No Class – don’t log file classes.

/NFL : No File List – don’t log file names.

/NDL : No Directory List – don’t log directory names.

/TEE : Output to console window, as well as the log file.

/NJH : No Job Header.

/NJS : No Job Summary.

 

 Repeated Copy Options

/MON:n : MONitor source; run again when more than n changes seen.

/MOT:m : MOnitor source; run again in m minutes Time, if changed.

 

/RH:hhmm-hhmm : Run Hours – times when new copies may be started.

/PF : Check run hours on a Per File (not per pass) basis.

 

 Job Options

/JOB:jobname : Take parameters from the named JOB file.

/SAVE:jobname : SAVE parameters to the named job file

/QUIT : QUIT after processing command line (to view parameters).

/NOSD : NO Source Directory is specified.

/NODD : NO Destination Directory is specified.

/IF : Include the following Files.

 

Advanced options you’ll probably never use

/EFSRAW : Copy any encrypted files using EFS RAW mode. ##

/MT[:n] : Multithreaded copying, n = no. of threads to use (1-128) ###

default = 8 threads, not compatible with /IPG and /EFSRAW

The use of /LOG is recommended for better performance.

 

/SECFIX : FIX file SECurity on all files, even skipped files.

/TIMFIX : FIX file TIMes on all files, even skipped files.

 

/XO : eXclude Older – if destination file exists and is the same date or newer than the source – don’t bother to overwrite it.

/XC | /XN : eXclude Changed | Newer files

/XL : eXclude “Lonely” files and dirs (present in source but not destination)

This will prevent any new files being added to the destination.

/XX : eXclude “eXtra” files and dirs (present in destination but not source)

This will prevent any deletions from the destination. (this is the default)

 

/XF file [file]… : eXclude Files matching given names/paths/wildcards.

/XD dirs [dirs]… : eXclude Directories matching given names/paths.

XF and XD can be used in combination  e.g.

ROBOCOPY c:\source d:\dest /XF *.doc *.xls /XD c:\unwanted /S

 

/IA:[RASHCNETO] : Include files with any of the given Attributes

/XA:[RASHCNETO] : eXclude files with any of the given Attributes

/IS : Include Same, overwrite files even if they are already the same.

/IT : Include Tweaked files.

/XJ : eXclude Junction points. (normally included by default).

 

/MAX:n : MAXimum file size – exclude files bigger than n bytes.

/MIN:n : MINimum file size – exclude files smaller than n bytes.

/MAXLAD:n : MAXimum Last Access Date – exclude files unused since n.

/MINLAD:n : MINimum Last Access Date – exclude files used since n.

(If n < 1900 then n = n days, else n = YYYYMMDD date).

 

/BYTES : Print sizes as bytes.

/X : Report all eXtra files, not just those selected & copied.

/V : Produce Verbose output log, showing skipped files.

/ETA : Show Estimated Time of Arrival of copied files.

## = New Option in Vista (XP027) all other options are valid for the XP version of Robocopy (XP010)

### = New Option in Windows 7 and Windows 2008 R2

 

Robocopy EXIT CODES

 

File Attributes [RASHCNETO]

 

R – Read only

A – Archive

S – System

H – Hidden

C – Compressed

N – Not content indexed

E – Encrypted

T – Temporary

O – Offline

If either the source or desination are a “quoted long foldername” do not include a trailing backslash as this will be treated as an escape character, i.e. “C:\some path\” will fail but “C:\some path\\” or “C:\some path\.” or “C:\some path” will work.

 

By copying only the files that have changed, robocopy can be used to backup very large volumes.

 

ROBOCOPY will accept UNC pathnames including UNC pathnames over 256 characters long.

 

/REG Writes to the registry at HKCU\Software\Microsoft\ResKit\Robocopy

 

/XX (exclude extra) If used in conjunction with /Purge or /Mir, this switch will take precedence and prevent any files being deleted from the destination.

 

To limit the network bandwidth used by robocopy, specify the Inter-Packet Gap parameter /IPG:n

This will send packets of 64 KB each followed by a delay of n Milliseconds.

 

Open Files

 

Robocopy will fail to copy files that are locked by other users or applications, so limiting the number of retries with /R:0 will speed up copying by skipping any in-use files. The Windows Volume Shadow Copy service is the only Windows subsystem that can copy open files. Robocopy does not use the Volume Shadow Copy service, but it can backup a volume shadow that has already been created with VSHADOW or DISKSHADOW.

 

Permissions

 

All versions of Robocopy will copy security information (ACLs) for directories, version XP010 will not copy file security changes unless the file itself has also changed, this greatly improves performance.

 

/B (backup mode) will allow Robocopy to override file and folder permission settings (ACLs).

 

ERROR 5 (0x00000005) Changing File Attributes … Access is denied

This error usually means that File/Folder permissions or Share permissions on either the source or the destination are preventing the copy, either change the permissions or run the command in backup mode with /B.

 

To run ROBOCOPY under a non-administrator account will require backup files privilege, to copy security information auditing privilege is also required, plus of course you need at least read access to the files and folders.

 

Availability

 

Robocopy is a standard command in Windows 7 and above. The Windows Server 2003 Resource Kit Tools include Robocopy XP010, which can be run on NT 4/ Windows 2000. Robocopy does not run on Windows 95, or NT 3.5. (RoboCopy is a Unicode application).

 

Robocopy ‘Jobs’ and the ‘MOnitor source’ option provide an alternative to setting up a Scheduled Task to run a batchfile with a RoboCopy command.

 

Examples:

 

Copy files from one server to another including subfolders (/S)

If this command is run repeatedly it will skip any files already in the destination, however it is not a true mirror as any files deleted from the source will remain in the destination.

 

ROBOCOPY \\Server1\reports \\Server2\backup *.doc /S

List files over 32 MBytes in size:

 

ROBOCOPY C:\work /MAX:33554432 /L

Move files over 14 days old: (note the MOVE option will fail if any files are open and locked.)

 

ROBOCOPY C:\work C:\destination /move /minage:14

Backup a Server:

The script below copies data from FileServ1 to FileServ2, the destination holds a full mirror along with file security info. When run regularly to synchronize the source and destination, robocopy will only copy those files that have changed (change in time stamp or size.)

 

@ECHO OFF

SETLOCAL

 

SET _source=\\FileServ1\e$\users

 

SET _dest=\\FileServ2\e$\BackupUsers

 

SET _what=/COPYALL /B /SEC /MIR

:: /COPYALL :: COPY ALL file info

:: /B :: copy files in Backup mode.

:: /SEC :: copy files with SECurity

:: /MIR :: MIRror a directory tree

 

SET _options=/R:0 /W:0 /LOG:MyLogfile.txt /NFL /NDL

:: /R:n :: number of Retries

:: /W:n :: Wait time between retries

:: /LOG :: Output log file

:: /NFL :: No file logging

:: /NDL :: No dir logging

 

ROBOCOPY %_source% %_dest% %_what% %_options%

 

Run two robocopy jobs at the same time with START /Min

 

Start /Min “Job one” Robocopy \\FileServA\C$\Database1 \\FileServeBackupA\c$\Backups

Start /Min “Job two” Robocopy \\FileServB\C$\Database2 \\FileServeBackupB\c$\Backups

 

 

Related Posts:

Robocopy Error 5

AGDLP briefly summarizes Microsoft’s recommendations for implementing role based access controls (RBAC) using nested groups in a native-mode Active Directory (AD) domain: User and computer accounts are members of global groups that represent business roles, which are members of domain local groups that describe resource permissions or user rights assignments. 

AGDLP, which stands for Accounts, Global groups, Domain Local groups and Permissions, refers to the practice you use to properly assign permissions to your network resources and utilize groups in such a way that managing those permissions and group memberships is simplified and configured to allow for multiple domain resource access.

AGDLP is applied when planning and implementing the construction of users and groups as well as the setting of NTFS permissions on the resources concerned.”

Using AGDLP allows admins to set up their Windows environments so they can greatly reduce problems related to user account management and permissions management headaches. Yet even those who have gone through MCSE training still fail to use this simple strategy when setting up their strategy for groups and permission assignments.

There have been many times I’ve had to correct my customers’ groups/permissions-related issues because they chose to only use individual accounts, or just Domain Local groups or just Global Groups, when assigning permissions to their resources. Then they add a new domain, create a new resource, add a new user or when someone leaves an organization and is replaced, it becomes a serious nightmare when trying to get the permissions setup properly after those changes have been made.

Using AGDLP gives you the following benefits:

  • You can assign local resource access to users in other domains
  • A user’s access to a resource can be removed, simply by removing their account from the appropriate group.
  • If you set up your permissions properly, when a new user is created, you only need to add them to the appropriate group and their permissions will setup little to no additional work.

Following an AGDLP strategy:

  1. A: Create a user Account(s)
  2. G: Create a global group and add the user account(s) you created in step as members
  3. DL: Create a Domain Local group in the domain that contains the resource you wish to give access to and then add the global group from step 2 as a member of this Domain Local group
  4. P: Assign permissions on the resource using the domain local group created in a step.

Note: Make sure to backup the information of the tasks scheduled.

Symptoms:

–          Error while trying to open the Configured Tasks.

–          Error while trying to access the properties of the tasks.

–          Status message of tasks as: “Could not Start”

–          This normally happens in Microsoft Windows 2003 / 2003 R2

Error

Could_not_start

 

Resolution:

–          Stop the “Task Scheduler “Service.

–          Delete all the files in this path: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S- 1 – 5 – 18

–          Restart the Service and check if it works.

–          If not then restart the server.

–          The issue will be resolved.

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

19,000 people fit into the new Barclays Center to see Jay-Z perform. This blog was viewed about 92,000 times in 2012. If it were a concert at the Barclays Center, it would take about 5 sold-out performances for that many people to see it.

Click here to see the complete report.

System Volume Information (SVI) is the folder holding the restore points. If you turn System Restore off, that folder will be emptied. If you turn it on again, a new restore point will be created.

If this isn’t the system drive, it really doesn’t matter at all, except for the space it takes.

The SVI folder is where System Restores holds its restore points and other information. There will be a SVI folder on every partition Windows sees. If the Indexing Service has been turned on it will store files in the SVI folders. Encrypting File System also uses the SVI folder on each partition to store the log file that is generated during the encryption and decryption process.

The data drive will contain its own SVI folder. There’s no reason to keep a backup on the data drive.

To Access the System Information Folder follow the below steps:

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

You may observe the SVI Folder may consume more space often, you can limit the amount of space it consumes, you can run the below command so that you can limit the space used by the Restore Points

vssadmin resize shadowstorage /on=D: /For=D: /Maxsize=3GB

  • In the above command I am limiting the D Drive to allocate 3 GB for the SVI.
  • You can change the drive name as per your requirement.
  • You can observe immediate free of space once the command is run.

 

If a DNS Server does not have an entry in its database for the remote host specified in a client request, it can respond to the client with the address of a DNS Server more likely to have that information, or it can query the other DNS server itself. This process can take place recursively until either the client computer receives the IP address or the DNS server establishes that the queried name cannot be resolved. DNS Servers to which other DNS Servers forward requests are known as Forwarders.

The Windows 2008 DNS Server service extends the standard forwarder configuration by using conditional forwarders. A Conditional Forwarder is a DNS Server that forwards DNS Query according to the DNS domain name in the query. For example, you can configure a DNS server to forward all the queries that it receives for names ending with Ignitedsoul.com to the IP address of one or more specified DNS Servers. This feature is particularly useful on extranets, where several organizations and domains access the same private internetwork.

Other Posts Related to DNS:

https://ignitedsoul.com/2012/01/25/dns-record-keeping/

 

Here is a quick reference you can use to determine which tools to use to help locate and resolve problems with your AD network.

Q: User unable to access network resources?

Is the network functioning at all? Can you view a list of networked systems or even access resources on other computers? If not, you have network connectivity problems. The troubleshooting tools you should start with include: Event Viewer, Ping, IPCONFIG, NLTEST, NetDiag and Network Monitor.

Q: User unable to locate resources by name?

Is name resolution functioning? Can you resolve NetBIOS or domain names into IP addresses using Windows Explorer or PING? If not, you have name resolution service problems. The troubleshooting tools you should start with include: Event Viewer, NSLOOKUP, NBTSTAT and DNSCMD.

Q: User unable to log in and obtain its roaming profile?

If not, your DC is having problems. The troubleshooting tools you should start with include: Event Viewer, DCDiag, DSASTAT and NTDSUTIL.

Q: User is unable to authenticate?

Can any client log on locally or remotely? If not, your DC is not authenticating properly. The troubleshooting tools you should start with include: Event Viewer and NetSetup.

Q: User unable to access resources as expected?

Can you access objects that you should be granted access to, and are you restricted from objects that you should not have access to? If not, then either the ACLs or DC is not functioning properly. The troubleshooting tools you should start with include: Event Viewer, DSACLS, NETDOM and SDCHECK.

Other Posts related to Active Directory:

https://ignitedsoul.com/2012/07/03/troubleshooting-tools-for-common-active-directory-problems/

https://ignitedsoul.com/2012/06/22/how-the-active-directory-communication-does-happens/

https://ignitedsoul.com/2012/01/23/what-is-the-sysvol-folder/

https://ignitedsoul.com/2012/01/23/replmon/

https://ignitedsoul.com/2011/10/12/how-to-restore-the-system-state-on-a-domain-controller-2/

https://ignitedsoul.com/2011/10/12/how-many-fsmo-roles/

https://ignitedsoul.com/2011/08/10/active-directory-roles/

https://ignitedsoul.com/2011/08/01/intrasite-and-intersite-replication/

https://ignitedsoul.com/2011/07/05/active-directory-intersite-replication/

https://ignitedsoul.com/2011/07/05/support-files-of-active-directory/

https://ignitedsoul.com/2011/03/04/active-directory-naming-and-ldap/

https://ignitedsoul.com/2011/01/05/review-of-active-directory-in-server-2008/

Active Directory (AD) relies on several communications services to communicate with client computers and between domain controllers. The variety of communications protocols used reflects the complex nature both of AD and of the industry-standard protocols that AD implements, such as Kerberos and the Lightweight Directory Access Protocol (LDAP).

Understanding how AD communicates can be critical when you’re working with domain controllers or clients that are separated from domain controllers by firewalls or other port filtering devices (such as routers).

Basic Communications

AD needs only a few basic services to be available for normal operations:

User Datagram Protocol (UDP) port 88 is used for Kerberos authentication. Transmission Control Protocol (TCP) port 88 can also be used, although it’s less common.

  • TCP and UDP ports 135 are needed for remote procedure call (RPC) endpoint mapping. RPCs are used for a number of domain controller-to-domain controller and client-to domain controller operations. Unfortunately, not all communications take place over port 135, as I’ll discuss later.
  • TCP port 139 and UDP port 138 are needed for file replication between domain controllers. This port combination is the standard NetBIOS session service port set.
  • UDP port 389 handles LDAP queries and is used for normal domain controller operations.
  • TCP and UDP ports 445 are used for file replication and are the standard Windows files sharing ports.
  • TCP and UDP ports 464 are the Kerberos password change protocol ports.
  • TCP port 593 is used by the RPC over HTTP transport. Although you don’t technically need this port for normal operations, I’ll discuss later how this feature can make working with domain controllers through firewalls a bit easier.
  • TCP port 636 is for LDAP over Secure Sockets Layer (SSL), which is the default LDAP methodology for Windows Server 2003 and later.
  • TCP port 3268 and 3269 handle Global Catalog (GC) queries. Port 3269 handles secure queries. Any domain controller that needs access to a GC or that is acting as a GC server will use these ports.
  • TCP and UDP ports 53 are used to communicate with Domain Name System (DNS), which is a vital part of AD communications.

Generally, opening these ports between clients and domain controllers, or between domain controllers, will enable AD to function normally. One exception is RPC traffic.