Posts Tagged ‘Server 2008’

Resource Record types in DNS

Posted: February 20, 2013 in Active Directory, DNS, Server, Server 2003, Server 2008
Tags: , , , , , , , , , , ,
0

Record type

Name

Description
A Address Record Maps a hostname to an IP address
PTR Pointer Record Maps an IP address to a hostname
CNAME Alias Record Maps an alias to a hostname
MX Mail Exchanger Record Specifies a mail route for a domain
NS Name Server Record Specifies name servers for a given domain
SOA Start of Authority Record Contains administrative data about a zone, including the primary name server
SRV Service Record Maps a particular service (e.g., LDAP) to one or more hostnames

One important resource record to note is the SRV record type. SRV records are used extensively by domain controllers and Active Directory clients to locate servers that have a particular service.

 

Advertisement

System Error 8: Not Enough storage is available to process this command

Posted: October 9, 2012 in Active Directory, Registry, Server, Server 2003, Server 2008
Tags: , , , , , , ,
1

Symptoms:

–          The Server service fails to start and the below events are recorded

Event ID: 7023

Source: Service Control manager

Type: Error

Description: The Server service terminated with the following error: More data is available.

–          Not Enough storage is available to process this command.

Event ID: 7001

Source: Service Control manager

Type: Error

Description: The Netlogon service depends on the server service which failed to start because of the following error: More data is available.

–          System Error 8 has occurred. Not enough storage is available to process this command.

–          If you try to start the Server Service manually, the following errors may occur: A System error has occurred: System Error 234 has occurred.

–          You will not be able to execute any command in the Server.

–          You get error message when you open the Network connections (ncpa.cpl)

Observations:

–          Other services may fail to start because these services are dependent on the Server Service.

–          The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

–          It looks like certain software’s can also cause for this error, those maybe the Norton Antivirus, Acronis trueImage, Seagate DiscWizard, IBM antivirus, Microsoft Bitdefender, Symantec Endpoint Protection or AVG, Try Disabling them or uninstalling and check if the problem persists.

–          You can instantly rectify this error if you restart the server, but the error re-occurs in 2 to 3 days.

Resolution:

PLEASE BACKUP YOUR REGISTRY FIRST BEFORE YOU MAKE ANY CHANGES

This issue may be cause of two reasons, one is the NullSessionPipes and the other is IRPStackSize.

  1. NullSessionPipes

The Cause of these errors is due to too much data stored in the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\NullSessionPipes

The Server service queries the registry value above for its entries. The buffer for the amount of information that the Server service can accept when it queries is approximately 32 KB. If there are more than 32 KB in that entry, the Server service will fail to start and return the error “More data is available,” or “Not enough storage is available.”

The Solution is to remove any unnecessary entries from this value in the registry.

The Default information stored in this key is:

COMNAP

COMNODE

SQL\QUERY

SPOOLSS

LLSRPC

EPMAPPER

LOCATOR

  1. IRPStackSize

Go to the below Registry entry to edit the IRPStackSize

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

If you do not have the Registry entry then create one manually, but make sure the name should be correct as it is case sensitive.

To create the Registry entry follow the below steps:

–          Open REGEDIT

–          Proceed to the following location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

–          Click Edit, and point to New and then click DWORD Value

–          Type IRPStackSize , Click Edit and then modify the Value

–          The Value should be 0x00000050 in Hexadecimal or 80 in Decimal. This should resolve your issue, normally values are provided to 1 to 15 in decimal notation. Better if you provide higher value so that the problem doesn’t come back.

–          Restart the Server after the changes are done.

Cannot login to Domain Controllers / Issue to login into Domain Controllers

Posted: September 17, 2012 in Active Directory, Domain Controller, Server, Server 2003, Server 2008
Tags: , , , , , , ,
1

You may get the error message as below:

Symptoms:

–          Not able to login to Domain Controllers due to low disk space in the systems drive.

–          You get the above error message and the server reboots every time.

–          Users not able to login in the particular network.

–          Users not able to access the shared resources from the Domain Controller.

 

Resolution:

–          Reboot the server and login using Windows directory restore mode.

–          Go To Start > Run and type ‘Cleanmgr’ and clean up the drive space of C

–          If you have lost the Restore Mode password then follow the below steps to reset the DSRM Password:

Go to Command Prompt from the nearest Domain Controller and type the below command:

ntdsutil

set dsrm password

reset password on server ServerName

–          Once you have cleared the Space in the Systems drive, reboot the Server.

–          After Reboot login normally to the Domain Controller and everything should be back to normal.

–         Everyone should be able to access the Shared Resources from the Server.

Metadata Cleanup of Domain Controllers

Posted: September 13, 2012 in Active Directory, Domain Controller, Server, Server 2003, Server 2008
Tags: , , , , , , ,
0

Metadata Cleanup of Domain Controllers

 

Note: You must try the below steps only when the Graceful demoting of the server fails from “DCPROMO”

Note: You may get a error while demoting if you have a forest with 2003 and 2008 mixed Domain Controllers.

          : Some of the errors will be like: LDAP Error 0x32<50<Insufficient rights> or: Win32 error returned is 0x5<Access is Denied>

          : There is a easy steps to demote if you have the error. (Will be posting it soon)

Scenario:

–          Server1 should be demoted from XYZ Domain.

–          ABC.XYZ.com is the primary Domain Controller in the Domain.

–          We have total of 3 sites in the whole network, Site1, Site2 & Site3

–          The plan is to Demote Server1 hosted in Site3

–          Login to any of the Domain Controllers and follow the below steps

Note: Words marked in BLUE are the entries which should be input by you.

Open the Command Prompt from the server and run the below commands:

C:\>ntdsutil

ntdsutil: metadata cleanup

metadata cleanup: connections

server connections: connect to server ABC

Binding to ABC …

Connected to ABC using credentials of locally logged on user.

server connections: quit

metadata cleanup: select operation target

select operation target: list domain

Found 1 domain(s)

0 – DC=XYZ,DC=com

select operation target: select domain 0

No current site

Domain – DC=XYZ,DC=com

No current server

No current Naming Context

select operation target: list sites

Found 3 site(s)

0 – CN=Site1,CN=Sites,CN=Configuration,DC=XYZ,DC=com

1 – CN=Site2,CN=Sites,CN=Configuration,DC=XYZ,DC=com

2 – CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

select operation target: select site 3

Site – CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

Domain – DC=XYZ,DC=com

No current server

No current Naming Context

select operation target: list servers in site

Found 2 server(s)

0 – CN=Server1,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

1 – CN=Server2,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

select operation target: select server 0

Site – CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

Domain – DC=XYZ,DC=com

Server – CN=Server1,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

DSA object – CN=NTDS Settings,CN=Server1,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com

DNS host name – Server1.XYZ.com

Computer object – CN=Server1, OU=Domain Controllers,DC=XYZ,DC=com

No current Naming Context

select operation target: quit

metadata cleanup: remove selected server

Transferring / Seizing FSMO roles off the selected server.

Removing FRS metadata for the selected server.

Searching for FRS members under “CN=Server1, OU=Domain Controllers,DC=XYZ,DC=com”.

Removing FRS member “CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=XYZ,DC=com”.

Deleting subtree under “CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File

Replication Service,CN=System,DC=XYZ,DC=com”.

Deleting subtree under “CN=Server1, OU=Domain Controllers,DC=XYZ,DC=com”.

The attempt to remove the FRS settings on CN=Server1,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com failed because “Element not found.”;

metadata cleanup is continuing.

“CN=Server1,CN=Servers,CN=Site3,CN=Sites,CN=Configuration,DC=XYZ,DC=com” removed from server “ABC”

metadata cleanup: quit

ntdsutil: quit

Disconnecting from ABC…

Now you should be able to see “ntdsutil” missing from the Active Directory Sites and Services from the particular Site.

Procedure to Configure System State Backup

Posted: September 13, 2012 in Active Directory, Backup, Server, Server 2008
Tags: , , , , , ,
0

Procedure to Configure System State Backup:

Note: The Account must be a Domain Admin Account to perform the System State Backup.

To Back Up the System State:

To back up the system state (including the registry hives system, software, security, the Security Accounts Manager (SAM), and the default user (but not HKEY_CURRENT_USER)), follow these steps:

  1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup. The Backup or Restore Wizard starts.
  2. Click Advanced Mode.
  3. Click the Backup tab.
  4. On the Job menu, click New.
  5. Click to select the System State check box.
  6. In the Backup destination box, specify the destination for the new job.
  7. In the Backup media or file namebox, do the following:
    • If you are backing up to a file, specify a path and file name for the backup (.bkf) file. Or, click Browse, specify a file name and location where you want to save the file, and then click Save.
    • If the NAS is available save it to \\NASName\Backup location
    • If NAS is not available, save it to some Local Machine and make note of this local machine. Make sure that the destination location or drive has enough free space.
  8. Click Start Backup.
  9. If you want to set advanced backup options, such as data verification or hardware compressions, click Advanced. Specify the options that you want, and then click OK.
  10. Review the settings on the Backup Job Information page. Specify whether you want this backup to replace the information that is already present on the destination media, or add this backup to the existing information.
  11. Click Start Backup.

 

For Restore Procedure click here

Role of Global Catalog Server in a Domain

Posted: September 10, 2012 in Active Directory, DNS, Domain Controller, Server, Server 2003, Server 2008
Tags: , , , , ,
0

By Default a Global Catalog is created automatically on the initial Domain Controller in the forest. It stores a full replica of all the objects in the directory for its host domain and a partial replica of all objects contained in the directory of every other domain in the forest. The replica is partial because it stores some, but not all, of the property values for every object in the forest.

The Global Catalog performs two key directory roles:

–  It enables network logon by providing universal group membership information to a domain controller when a logon process is initiated.

–  It enables finding directory information in the entire forest regardless of which domain in the forest actually contains the data.

When a user logs in to the network, the global catalog provides universal group membership information for the account sending the logon request to the domain controller. If there is only one domain controller in the Domain, the domain controller and the global catalog are the same server. If there are multiple domain controllers in the network, the global catalog is hosted on the domain controller configured as such. If a Global Catalog is not available when a user initiates a network logon process, the user is only able to log on to the local computer.

Note: If a user is a member of the Domain Admins group, then they will be able to log on to the network even when the Global Catalog is not available.

The Global Catalog is designed to respond to queries about objects anywhere in the forest with maximum speed and minimum network traffic, because a single Global Catalog contains information about objects in all domain in the forest, a query about an object can be resolved by a global catalog in the domain in which the query is initiated. Thus finding the information in the directory does not produce unnecessary query traffic across domain boundaries.

You can optionally configure any domain controller to host a global catalog, based on your Company’s requirements for servicing logon requests and search queries.

After Additional domain controllers are installed in the domain, you can change the default location of the global catalog to another domain controller using the Active Directory Sites and Services.

 

How do you view replication properties for AD partitions and DCs?

Posted: September 6, 2012 in Active Directory, Replication, Server, Server 2003, Server 2008
Tags: , , ,
0

 

By using replication monitor 

Go to start > run > type repadmin

Go to start > run > type replmon

The Replmon graphical user interface (GUI) tool is included when you install Windows Server 2003 Support Tools from the product CD or from the Microsoft Download Center

Replmon.exe: Active Directory Replication Monitor

This GUI tool enables administrators to view the low-level status of Active Directory replication, force synchronization between domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller replication.

The Replmon graphical user interface tool was removed from Windows Server 2008 and later. Repadmin is still available for troubleshooting replication.

Repadmin.exe: Replication Diagnostics Tool

This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers.

Administrators can use Repadmin to view the replication topology as seen from the perspective of each domain controller. In addition, Repadmin can be used to manually create the replication topology, to force replication events between domain controllers, and to view both the replication metadata and up-to-date vectors.

Repadmin.exe can also be used for monitoring the relative health of an Active Directory forest. The operations replsummaryshowreplshowrepl /csv, and showvector /latency can be used to check for replication problems.

 

“System Volume Information” consuming more Disk Space

Posted: September 4, 2012 in Server 2003, Server 2008, System Information, System Modifications
Tags: , , , , , , ,
0

System Volume Information (SVI) is the folder holding the restore points. If you turn System Restore off, that folder will be emptied. If you turn it on again, a new restore point will be created.

If this isn’t the system drive, it really doesn’t matter at all, except for the space it takes.

The SVI folder is where System Restores holds its restore points and other information. There will be a SVI folder on every partition Windows sees. If the Indexing Service has been turned on it will store files in the SVI folders. Encrypting File System also uses the SVI folder on each partition to store the log file that is generated during the encryption and decryption process.

The data drive will contain its own SVI folder. There’s no reason to keep a backup on the data drive.

To Access the System Information Folder follow the below steps:

In Windows Explorer click [Tools] [Folder Options]
Click the [View] tab, click [Show Hidden Files and Folders]
Clear [Hide protected operating system files (Recommended)] check box.
Click [Yes] on the change confirmation box and click [OK] to exit.
Right-click the System Volume Information folder in the root folder.
Click [Properties] and select the [Security] tab. Click [Add]
Enter the name of the user you are allowing access to the folder.
Click [OK], and then click [OK].
Double-click the System Volume Information folder to open.

You may observe the SVI Folder may consume more space often, you can limit the amount of space it consumes, you can run the below command so that you can limit the space used by the Restore Points

vssadmin resize shadowstorage /on=D: /For=D: /Maxsize=3GB

  • In the above command I am limiting the D Drive to allocate 3 GB for the SVI.
  • You can change the drive name as per your requirement.
  • You can observe immediate free of space once the command is run.

 

What Are Site Links?

Posted: August 28, 2012 in Active Directory, DNS, Replication, Server 2003, Server 2008
Tags: , , , , ,
0

Introduction

In order for two sites to exchange replication data, they must be connected by a site link. A site link is a connection that enables replication traffic to travel between sites. Site links represent the physical connections available between sites.

 

Why to create Site Link?

When you create additional sites, you must select at least one site link for each site. Unless a site link is in place, connections cannot be made between computers at different sites, and replication between sites cannot take place. Additional site links are not created automatically; you must use Active Directory Sites and Services to create them.

 

Default Site Link

When you create the first domain in a forest, a default site link named DEFAULTIPSITELINK is also created. It includes the first site, and is located in the IP container in Active Directory. The site link can be renamed.

 

Site link attributes

When you create a site link, you must select the transport protocol it will use, give it a name, and add two or more sites to it. The sites are then connected. The characteristics of this connection are determined by the site link attributes, which can be configured. The connection characteristics are configured on the link, so all sites connected by a single site link will use the same replication path and transport. Configuring site link attributes is one part of configuring replication between sites. Site link attributes determine the characteristics of the connection in terms of the cost, frequency of replication traffic, and the protocols used.

 

Site link cost

Site link cost is a dimensionless number that represents the relative speed, reliability and preference of the underlying network. The lower the site link cost, the higher the priority for that link. For example, your organization has a site in Denver and a site in Paris with two connections between them: a high-speed connection and a dial-up connection in case the high-speed connection fails. You would configure two site links, one for each connection. Because the high-speed connection is preferable to a dial-up connection, you would configure the site link representing it with a lower cost than the site link for the dial-up line. Because the site link representing the high-speed connection has a lower cost, it has a higher priority, and that site link will always be used if possible. Setting site link cost enables you to determine the relative priority for each site link. The default cost value is 100, with possible values from one to 99999.

 

Site link replication Schedule

Replication schedule is another site link attribute that can be configured. When you configure the link’s schedule, you specify the times when the link is available for replication. Often, replication availability is configured for times when there is little other network traffic, for example from 1:00 A.M. to 4:00 A.M. The fewer hours a link is available for replication, the greater the latency between sites that are connected by that link. The need to have replication occur at off-peak hours should be balanced against the need for up-to-date information at each site connected by the link.

 

Site link replication frequency

When you configure the frequency of replication, you specify how many minutes Active Directory should wait before using the link to check for updates. The default value for replication frequency is 180 minutes, and the value you choose must fall between 15 minutes and one week. Replication frequency only applies to the times when the link is scheduled to be available. Longer intervals between replication cycles reduce network traffic and increase the latency between sites. Shorter intervals increase network traffic and decrease latency. The need to reduce network traffic should be balanced against the need for up-to-date information at each of the sites connected by the link.

 

Site link transport protocols

A transport protocol is a common language shared by computers to communicate during replication. Within a single site, there is only one protocol used for replication. When you create a site link, you must choose to use one of the following transport protocols:

1. Remote procedure call (RPC) over IP. RPC is an industry standard protocol for client/server communications, and provides reliable, high speed connectivity within sites. Between sites, RPC over IP enables replication of all Active Directory partitions. RPC over IP is the best transport protocol for replication between sites.

2. Simple mail transfer protocol (SMTP). SMTP supports intersite and interdomain replication of the schema, configuration, and global catalog. This protocol cannot be used for replication of the domain partition. This is because some domain operations, for example Group Policy, require the support of the File Replication service (FRS), which does not support an asynchronous transport for replication. If you use SMTP, you must install and configure a certificate authority to sign the SMTP messages and ensure the authenticity of directory updates. Additionally, SMTP does not provide the same level of data compression that RPC over IP enables.

 

SITES in Active Directory

Posted: August 28, 2012 in Active Directory, Domain Controller, Server, Server 2003, Server 2008
Tags: , , , , , , , ,
2

Introduction

Replication ensures that all information in Active Directory is current on all domain controllers and client computers across your entire network. Many networks consist of a number of smaller networks, and the network links between these networks may operate at varying speeds. Sites in Active Directory enable you to control replication traffic and other types of traffic related to Active Directory across these various network links. You can use subnet objects, site links, and site link bridges to help control the replication topology when configuring replication between sites. An efficient, reliable replication topology depends on the configuration of site links and site link bridges.

 

What Are Sites and Subnet Objects?

 

Introduction

You use sites to control replication traffic, logon traffic, and requests to the Global Catalog server.

 

Sites

In Active Directory, sites help define the physical structure of a network. A site is defined by a set of Transmission Control Protocol/Internet Protocol (TCP/IP) subnet address ranges. Sites are used to define a group of domain controllers that are well-connected in terms of speed and cost. Sites consist of server objects, which contain connection objects that enable replication.

 

Subnet Objects

The TCP/IP subnet address ranges are represented by subnet objects that group computers. For example, a subnet object might represent all the computers on a floor in a building, or on a campus. Subnet objects are associated with sites and, because the subnet objects map to the physical network, so do the sites. For example, if you have three subnets that represent three campuses in a city, and these campuses are connected by high-speed, highly available connections, you could associate each of those subnets with the same site. A site can consist of one or more subnets. For example, on a network with three subnets in London and two in Boston, the administrator can create a site in London, a site in Boston, and then add the subnets to the respective sites.

 

Default Site

A default site is set up automatically when you install Windows Server on the first domain controller in a forest. This site is called Default-First-Site- Name. This site can be renamed. When you create your first domain in a forest it is automatically placed in the default site.

Older Entries
Newer Entries