Posts Tagged ‘Server 2003’

Alert: This source server failed to generate the changes

Description: This directory service failed to retrieve the changes requested for the following directory partition. As a result, it was unable to send change requests to the directory service at the following network address.


Event ID: 1479

Active Directory Domain Services could not update the following object in the local Active Directory Domain Services database with changes received from the following source directory service. Active Directory Domain Services does not have enough database version store to apply the changes.

User Action

Restart this directory service. If this does not solve the problem, increase the size of the database version store. If you are populating the objects with a large number of values, or the size of the values is especially large, decrease the size of future changes.


Additional Data

Error value:

8573 The database is out of version store.



{MS has provided the resolution in this Link}

Note: Take Backup of Registry before changing


Registry Location:



You need to add the Registry value “EDB max ver pages” with 32 Bit DWord Decimal value as you need with reference below:

9600 = 152 MB
12800 = 202 MB
16000 = 252 MB
19200 = 302 MB

Reboot the Server once the changes have been done.

Check the Event viewer after restart; you need to get event 1394 in ADS Logs



Robust File and Folder Copy.

By default Robocopy will only copy a file if the source and destination have different time stamps or different file sizes.



ROBOCOPY Source_folder Destination_folder [files_to_copy] [options]



file(s)_to_copy : A list of files or a wildcard.

(defaults to copying *.*)


  Source options

/S : Copy Subfolders.

/E : Copy Subfolders, including Empty Subfolders.

/COPY:copyflag[s] : What to COPY (default is /COPY:DAT)

(copyflags : D=Data, A=Attributes, T=Timestamps

S=Security=NTFS ACLs, O=Owner info, U=aUditing info).

/SEC : Copy files with SECurity (equivalent to /COPY:DATS).

/DCOPY:T : Copy Directory Timestamps. ##

/COPYALL : Copy ALL file info (equivalent to /COPY:DATSOU).

/NOCOPY : Copy NO file info (useful with /PURGE).


/A : Copy only files with the Archive attribute set.

/M : like /A, but remove Archive attribute from source files.

/LEV:n : Only copy the top n LEVels of the source tree.


/MAXAGE:n : MAXimum file AGE – exclude files older than n days/date.

/MINAGE:n : MINimum file AGE – exclude files newer than n days/date.

(If n < 1900 then n = no of days, else n = YYYYMMDD date).


/FFT : Assume FAT File Times (2-second date/time granularity).

/256 : Turn off very long path (> 256 characters) support.


Copy options

/L : List only – don’t copy, timestamp or delete any files.

/MOV : MOVe files (delete from source after copying).

/MOVE : Move files and dirs (delete from source after copying).


/Z : Copy files in restartable mode (survive network glitch).

/B : Copy files in Backup mode.

/ZB : Use restartable mode; if access denied use Backup mode.

/IPG:n : Inter-Packet Gap (ms), to free bandwidth on slow lines.


/R:n : Number of Retries on failed copies – default is 1 million.

/W:n : Wait time between retries – default is 30 seconds.

/REG : Save /R:n and /W:n in the Registry as default settings.

/TBD : Wait for sharenames To Be Defined (retry error 67).


Destination options


/A+:[RASHCNET] : Set file Attribute(s) on destination files + add.

/A-:[RASHCNET] : UnSet file Attribute(s) on destination files – remove.

/FAT: Create destination files using 8.3 FAT file names only.


/CREATE: CREATE directory tree structure + zero-length files only.

/DST: Compensate for one-hour DST time differences ##

/PURGE: Delete dest files/folders that no longer exist in source.

/MIR: MIRror a directory tree – equivalent to /PURGE plus all subfolders (/E)


Logging options

/L: List only – don’t copy, timestamp or delete any files.

/NP: No Progress – don’t display % copied.

/LOG:file : Output status to LOG file (overwrite existing log).

/UNILOG:file : Output status to Unicode Log file (overwrite) ##

/LOG+:file : Output status to LOG file (append to existing log).

/UNILOG+:file : Output status to Unicode Log file (append) ##

/TS : Include Source file Time Stamps in the output.

/FP : Include Full Pathname of files in the output.

/NS : No Size – don’t log file sizes.

/NC : No Class – don’t log file classes.

/NFL : No File List – don’t log file names.

/NDL : No Directory List – don’t log directory names.

/TEE : Output to console window, as well as the log file.

/NJH : No Job Header.

/NJS : No Job Summary.


 Repeated Copy Options

/MON:n : MONitor source; run again when more than n changes seen.

/MOT:m : MOnitor source; run again in m minutes Time, if changed.


/RH:hhmm-hhmm : Run Hours – times when new copies may be started.

/PF : Check run hours on a Per File (not per pass) basis.


 Job Options

/JOB:jobname : Take parameters from the named JOB file.

/SAVE:jobname : SAVE parameters to the named job file

/QUIT : QUIT after processing command line (to view parameters).

/NOSD : NO Source Directory is specified.

/NODD : NO Destination Directory is specified.

/IF : Include the following Files.


Advanced options you’ll probably never use

/EFSRAW : Copy any encrypted files using EFS RAW mode. ##

/MT[:n] : Multithreaded copying, n = no. of threads to use (1-128) ###

default = 8 threads, not compatible with /IPG and /EFSRAW

The use of /LOG is recommended for better performance.


/SECFIX : FIX file SECurity on all files, even skipped files.

/TIMFIX : FIX file TIMes on all files, even skipped files.


/XO : eXclude Older – if destination file exists and is the same date or newer than the source – don’t bother to overwrite it.

/XC | /XN : eXclude Changed | Newer files

/XL : eXclude “Lonely” files and dirs (present in source but not destination)

This will prevent any new files being added to the destination.

/XX : eXclude “eXtra” files and dirs (present in destination but not source)

This will prevent any deletions from the destination. (this is the default)


/XF file [file]… : eXclude Files matching given names/paths/wildcards.

/XD dirs [dirs]… : eXclude Directories matching given names/paths.

XF and XD can be used in combination  e.g.

ROBOCOPY c:\source d:\dest /XF *.doc *.xls /XD c:\unwanted /S


/IA:[RASHCNETO] : Include files with any of the given Attributes

/XA:[RASHCNETO] : eXclude files with any of the given Attributes

/IS : Include Same, overwrite files even if they are already the same.

/IT : Include Tweaked files.

/XJ : eXclude Junction points. (normally included by default).


/MAX:n : MAXimum file size – exclude files bigger than n bytes.

/MIN:n : MINimum file size – exclude files smaller than n bytes.

/MAXLAD:n : MAXimum Last Access Date – exclude files unused since n.

/MINLAD:n : MINimum Last Access Date – exclude files used since n.

(If n < 1900 then n = n days, else n = YYYYMMDD date).


/BYTES : Print sizes as bytes.

/X : Report all eXtra files, not just those selected & copied.

/V : Produce Verbose output log, showing skipped files.

/ETA : Show Estimated Time of Arrival of copied files.

## = New Option in Vista (XP027) all other options are valid for the XP version of Robocopy (XP010)

### = New Option in Windows 7 and Windows 2008 R2




File Attributes [RASHCNETO]


R – Read only

A – Archive

S – System

H – Hidden

C – Compressed

N – Not content indexed

E – Encrypted

T – Temporary

O – Offline

If either the source or desination are a “quoted long foldername” do not include a trailing backslash as this will be treated as an escape character, i.e. “C:\some path\” will fail but “C:\some path\\” or “C:\some path\.” or “C:\some path” will work.


By copying only the files that have changed, robocopy can be used to backup very large volumes.


ROBOCOPY will accept UNC pathnames including UNC pathnames over 256 characters long.


/REG Writes to the registry at HKCU\Software\Microsoft\ResKit\Robocopy


/XX (exclude extra) If used in conjunction with /Purge or /Mir, this switch will take precedence and prevent any files being deleted from the destination.


To limit the network bandwidth used by robocopy, specify the Inter-Packet Gap parameter /IPG:n

This will send packets of 64 KB each followed by a delay of n Milliseconds.


Open Files


Robocopy will fail to copy files that are locked by other users or applications, so limiting the number of retries with /R:0 will speed up copying by skipping any in-use files. The Windows Volume Shadow Copy service is the only Windows subsystem that can copy open files. Robocopy does not use the Volume Shadow Copy service, but it can backup a volume shadow that has already been created with VSHADOW or DISKSHADOW.




All versions of Robocopy will copy security information (ACLs) for directories, version XP010 will not copy file security changes unless the file itself has also changed, this greatly improves performance.


/B (backup mode) will allow Robocopy to override file and folder permission settings (ACLs).


ERROR 5 (0x00000005) Changing File Attributes … Access is denied

This error usually means that File/Folder permissions or Share permissions on either the source or the destination are preventing the copy, either change the permissions or run the command in backup mode with /B.


To run ROBOCOPY under a non-administrator account will require backup files privilege, to copy security information auditing privilege is also required, plus of course you need at least read access to the files and folders.




Robocopy is a standard command in Windows 7 and above. The Windows Server 2003 Resource Kit Tools include Robocopy XP010, which can be run on NT 4/ Windows 2000. Robocopy does not run on Windows 95, or NT 3.5. (RoboCopy is a Unicode application).


Robocopy ‘Jobs’ and the ‘MOnitor source’ option provide an alternative to setting up a Scheduled Task to run a batchfile with a RoboCopy command.




Copy files from one server to another including subfolders (/S)

If this command is run repeatedly it will skip any files already in the destination, however it is not a true mirror as any files deleted from the source will remain in the destination.


ROBOCOPY \\Server1\reports \\Server2\backup *.doc /S

List files over 32 MBytes in size:


ROBOCOPY C:\work /MAX:33554432 /L

Move files over 14 days old: (note the MOVE option will fail if any files are open and locked.)


ROBOCOPY C:\work C:\destination /move /minage:14

Backup a Server:

The script below copies data from FileServ1 to FileServ2, the destination holds a full mirror along with file security info. When run regularly to synchronize the source and destination, robocopy will only copy those files that have changed (change in time stamp or size.)





SET _source=\\FileServ1\e$\users


SET _dest=\\FileServ2\e$\BackupUsers



:: /COPYALL :: COPY ALL file info

:: /B :: copy files in Backup mode.

:: /SEC :: copy files with SECurity

:: /MIR :: MIRror a directory tree


SET _options=/R:0 /W:0 /LOG:MyLogfile.txt /NFL /NDL

:: /R:n :: number of Retries

:: /W:n :: Wait time between retries

:: /LOG :: Output log file

:: /NFL :: No file logging

:: /NDL :: No dir logging


ROBOCOPY %_source% %_dest% %_what% %_options%


Run two robocopy jobs at the same time with START /Min


Start /Min “Job one” Robocopy \\FileServA\C$\Database1 \\FileServeBackupA\c$\Backups

Start /Min “Job two” Robocopy \\FileServB\C$\Database2 \\FileServeBackupB\c$\Backups



Related Posts:

Robocopy Error 5

Summary:  Group Policy application seems straightforward enough: Group Policy Objects (GPOs) are linked to organizational units (OUs); users and computers are in OUs. All the GPOs from a user’s OU hierarchy filter down to the user.

Things get more complicated, though, when you remember that GPOs can be linked to a domain and to sites—meaning you’ll have to open a whole new console to see what’s going on. You also have to consider local security policies, which exist solely on the client computer and are applied before any domain-based policies arrive. Throw in options such as Block Policy Inheritance, No Override, and loopback processing, and it’s no wonder why there’s such a robust market for third-party GPO tools. However, with some patience and a methodology, you can do quite a bit of quality troubleshooting on your own.

Start from the Scratch

Too many administrators try to start at the top, working their way down the hierarchy of GPOs and figuring out which ones apply. That method is time-consuming, error-prone, and just plain boring. It’s a lot easier to start at the bottom—the client—and work your way up the tree. Windows XP’s Gpresult tool, for example, is a great troubleshooting tool. Run from the command line, it will tell you which groups the current user is a member of (which can affect GPO application), and give you a list of every GPO that is currently affecting the user. You’ll also see the last time that GPOs were applied to the computer. What Gpresult is displaying is called resultant set of policy (RSOP). It sorts through all the blocked inheritance, no overrides, and conflicting policies to sort out exactly which policies are being applied.

By default, Gpresult doesn’t show you which individual policies are applied or what they are set to; because GPOs successively overwrite one another as they are applied, you can still be left with a troubleshooting task to figure out which of the GPOs listed is responsible for the settings you’re seeing. Fortunately, Gpresult has a “superverbose” mode, enabled by running

Gpresult /z

This mode not only displays which GPOs have been applied, but lists every single policy that’s enabled in each GPO, allowing you to see which GPO modified which setting, and which GPO finally won out in the end. Figure 36.1 shows a portion of Gpresult’s superverbose output. In this example, the GPO being applied is Local Group Policy, and you can see exactly which registry keys each setting is modifying.

Superverbose mode also breaks down the user and computer policies, allowing you to see every setting that is affecting the current users or their machines.


  1. Active Directory contains information about all objects and their attributes. The attributes hold data that describes the resource that the directory object identifies. Because information about all network resources is stored in Active Directory, a single administrator can centrally manage and administer network resources.
  2. Active Directory can be queried by using protocols such as LDAP. Administrators can easily locate information about objects by searching for selected attributes of the object, using tools that support LDAP.
  3. Active Directory allows you to group objects with similar administrative and security requirements into organizational units. Organizational units provide multiple levels of administrative authority for both applying Group Policy settings and delegating administrative control. This delegation of administrative authority simplifies the task of managing these objects and allows administrators to structure Active Directory to fit their needs.
  4. Active Directory uses Group Policy to provide administrators with the ability to specify Group Policy settings for a site, domain, or organizational unit. Active Directory then enforces these Group Policy settings for all of the users and computers within the container.



–          The Remote connection gets established but gets disconnected moments before you get the Desktop.


–          You are able to Ping the Server

–          The Server seems to be fine when checked in Console.

–          All the RDP Services seems to be fine.

–          When trying to take Remote connection, the connection gets established, but closes automatically with an error.

–          It asks to check the Network connections or the Remote desktop Services.


–          The Main Culprit here is : rdpcorekmts.dll file in C:\Windows\System32 location

–          All you need to do it replace this .dll file with same file in any working server.

–          You need to rename the file to : rdpcorekmts.old

–          You cannot rename the file directly as the Administrator too has only read permission on this file.

–          First you need to take ownership of this file.

–          Then you need to edit the security permissions and give full control for the Administrator or your account.

–          Only then you can rename the file.

–          Now copy the rdpcorekmts.dll file from any working server and paste in the System32 folder of the server with issue.

–          This replacement resolves the issue, and you can take RDP of the Server normally.

Active Directory enables a single sign-on, which makes the complex processes of authentication and authorization transparent to the user. A single sign-on is made up of authentication, which verifies the credentials of the connection attempt, and authorization, which verifies that the connection attempt is allowed. With a single sign-on, users do not have to manage multiple sets of credentials and can access the resources for which they are authorized without thinking about the processes that occur behind the scenes. However, as a systems engineer, we must understand how these processes work in order to troubleshoot the Active Directory structure.


The single sign-on process occurs as follows:


  1. The user enters credentials at a workstation to perform an interactive logon.
  2. The credentials are encrypted by the client and sent to a domain controller for the client’s domain.
  3. The encrypted credentials that are sent from the client are matched against the encrypted credentials on the domain controller. A Kerberos service, the Key Distribution Center (KDC), resides on each domain controller and stores the encrypted user credentials. If the credentials sent by the client match the credentials stored by the KDC, the process continues.
  4. The domain controller creates a list of the domain-based groups to which the user belongs.
  5. The domain controller queries the global catalog to identify the universal groups to which the user belongs. If the domain controller has Universal group membership caching enabled, the global catalog is not queried and the Universal group memberships are obtained from the cache on the domain controller.
  6. The KDC issues the client a ticket-granting ticket (TGT). The TGT contains the encrypted security identifiers (SIDs) for the groups of which the user is a member.
  7. The client requests access to a resource that resides on a specific server.
  8. The client uses the TGT to gain access to the ticket-granting service (TGS), on the domain controller.
  9. The TGS issues a service ticket, which is also called a session ticket, for the server where the resource resides to the client. The session ticket contains the SIDs for the user’s group memberships.
  10. The client presents the session ticket to the server where the resource resides. The Local Security Authority (LSA) on the server uses the information in the session ticket to create an access token.
  11. The LSA compares the SIDs in the access token with the groups that are assigned permissions in the resources discretionary access control list (DACL). If they match, the user is granted access to the resource.


Record type



A Address Record Maps a hostname to an IP address
PTR Pointer Record Maps an IP address to a hostname
CNAME Alias Record Maps an alias to a hostname
MX Mail Exchanger Record Specifies a mail route for a domain
NS Name Server Record Specifies name servers for a given domain
SOA Start of Authority Record Contains administrative data about a zone, including the primary name server
SRV Service Record Maps a particular service (e.g., LDAP) to one or more hostnames

One important resource record to note is the SRV record type. SRV records are used extensively by domain controllers and Active Directory clients to locate servers that have a particular service.


Note: Make sure to backup the information of the tasks scheduled.


–          Error while trying to open the Configured Tasks.

–          Error while trying to access the properties of the tasks.

–          Status message of tasks as: “Could not Start”

–          This normally happens in Microsoft Windows 2003 / 2003 R2





–          Stop the “Task Scheduler “Service.

–          Delete all the files in this path: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\S- 1 – 5 – 18

–          Restart the Service and check if it works.

–          If not then restart the server.

–          The issue will be resolved.


–          The Server service fails to start and the below events are recorded

Event ID: 7023

Source: Service Control manager

Type: Error

Description: The Server service terminated with the following error: More data is available.

–          Not Enough storage is available to process this command.

Event ID: 7001

Source: Service Control manager

Type: Error

Description: The Netlogon service depends on the server service which failed to start because of the following error: More data is available.

–          System Error 8 has occurred. Not enough storage is available to process this command.

–          If you try to start the Server Service manually, the following errors may occur: A System error has occurred: System Error 234 has occurred.

–          You will not be able to execute any command in the Server.

–          You get error message when you open the Network connections (ncpa.cpl)


–          Other services may fail to start because these services are dependent on the Server Service.

–          The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

–          It looks like certain software’s can also cause for this error, those maybe the Norton Antivirus, Acronis trueImage, Seagate DiscWizard, IBM antivirus, Microsoft Bitdefender, Symantec Endpoint Protection or AVG, Try Disabling them or uninstalling and check if the problem persists.

–          You can instantly rectify this error if you restart the server, but the error re-occurs in 2 to 3 days.



This issue may be cause of two reasons, one is the NullSessionPipes and the other is IRPStackSize.

  1. NullSessionPipes

The Cause of these errors is due to too much data stored in the following registry key:


The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

The Solution is to remove any unnecessary entries from this value in the registry.

The Default information stored in this key is:








  1. IRPStackSize

Go to the below Registry entry to edit the IRPStackSize


If you do not have the Registry entry then create one manually, but make sure the name should be correct as it is case sensitive.

To create the Registry entry follow the below steps:

–          Open REGEDIT

–          Proceed to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

–          Click Edit, and point to New and then click DWORD Value

–          Type IRPStackSize , Click Edit and then modify the Value

–          The Value should be 0x00000050 in Hexadecimal or 80 in Decimal. This should resolve your issue, normally values are provided to 1 to 15 in decimal notation. Better if you provide higher value so that the problem doesn’t come back.

–          Restart the Server after the changes are done.