Ashish's Note

Over the past few years, I learnt a lot and get fond of Microsoft Technlogy. From The basics of Active Directory to the high end troubleshooting and disaster recovery, to the VPN configuration, Its being a good time for me as I got lots of opportunities to learn and grow.

In 2004, I got hired by "Microsoft" as a full time employee in its GTSC located in Bangalore. I experienced hardcore troubleshooting on real time issues as a big challange and very very intersting, which gave me vibrant knowledge of Operating System Troubleshooting, Active Directory, Clustering, Performance, Disks, Terminal Server, Printing, STOP Codes and BSOD screens.

My Fantastic past experience on HP/MSCS cluster, Server Hardware and System Administration, boosted my skills to take charge of customer's problem and make me to deal with the issues till the resolution.


Today working with Perot Systems, I am using this Blog to contribute my knowledge to the society and to make every individual who need directives to grow in IT field.

Lets post your views and questions you have, hit my brain to let it mentor the best possible IT solutions and career options.

Yours,

Ashish Sharma.

Wednesday, September 24, 2008

Definition: Disaster Recovery

Today I had a debate with my team mate on what Disaster recovery is! This made me to think again on what I know about Disaster Recovery. By going through various sites; I conclude that I am in right direction and reached to define what Disaster recovery is in the context of IT Infrastructures:

In my words, Disaster recovery is a planed way to recovery from a catastrophic event like Fire, earthquake, terrorist attack etc. It is also related Business Continuity Plan and called as a plan to maintain & run a Business or operation continually with a capacity to recover from any kind of known/unknown disasters.

This specifically requires a Geo separated site to have off-line backups, data and documentation necessary to run a Business / Operation and is intended to plan protection on large losses.

In Wikipedia (http://en.wikipedia.org/wiki/Disaster_recovery) words:

Disaster recovery is the process, policies and procedures of restoring operations critical to the resumption of business, including regaining access to data (records, hardware, software, etc.), communications (incoming, outgoing, toll-free, fax, etc.), workspace, and other business processes after a natural or human-induced disaster.

Wednesday, September 3, 2008

CD/DVD ROM is not showing up under My Computers

If you are not getting your CD/DVD rom undermy computer even if Windows is dectecting it, try this:

Access Registry and delete LowerFilters and UpperFilters here:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}]

Tuesday, July 8, 2008

Windows 2008 RDC / RDP: "Because of an error in data encryption, the session will end"

Yesterday I had an issue with a newly built Windows 2008 server. I was not able to RDP this server through my home internet connection. The server was on port redirection and it tries to bring the console but gave the following error:

"Because of an error in data encryption, the session will end"

After some research and google search I tried the following workaround and it worked!!!!!:

I Went to:

Show all Network Connections
Local Area Connection -> Properties
Pressed the Configure button (for the Chip)
Advanced;

and set the following disabled: Offload TCP LargeSend

This was unexpected issue...

Thursday, July 3, 2008

My team's new achievement: Introduced new freshers team!!


For the first time Intel Team India - Perot Systems was challenged to design, develop and deliver Wintel Technologies to the newly created fresher team. My team have been asked to mentor this team and level-up them to each technical aspect of service we deliver to the client. This is truly fantastic experience to the Team Intel as we were successfully able to share our experience and knowledge to the team.

We hope that we are able to encourage this young team not to be afraid of going after their goals, technical and professional challenges and to form a valuable relationship that will make it possible for them to emerge as great learner and performer. This team is now ready to jet, set, go and will be hitting the floor very soon.

Cheers to them!!!

- Ashish Sharma

Wednesday, June 11, 2008

Killing a Windows Service that seems to hang on "Stopping"


It sometimes happens (and it's not a good sign most of the time): you'd like to stop a Windows Service, and when you issue the stop command through the SCM (Service Control Manager) or by using the ServiceProcess classes in the .NET Framework or by other means (net stop, Win32 API), the service remains in the state of "stopping" and never reaches the stopped phase. It's pretty simple to simulate this behavior by creating a Windows Service in C# (or any .NET language whatsoever) and adding an infinite loop in the Stop method. The only way to stop the service is by killing the process then. However, sometimes it's not clear what the process name or ID is (e.g. when you're running a service hosting application that can cope with multiple instances such as SQL Server Notification Services).

The way to do it is as follows:


Go to the command-prompt and query the service (e.g. the SMTP service) by using sc:

sc \\Servername queryex SMTPSvc
This will give you the following information:

SERVICE_NAME: SMTPSvc

TYPE : 20

WIN32_SHARE_PROCESS

STATE : 4 RUNNING (STOPPABLE, PAUSABLE, ACCEPTS_SHUTDOWN)

WIN32_EXIT_CODE : 0 (0x0)

SERVICE_EXIT_CODE : 0 (0x0)

CHECKPOINT : 0x0

WAIT_HINT : 0x0

PID : 388

FLAGS :or something like this (the "state" will mention stopping).


Over here you can find the process identifier (PID), so it's pretty easy to kill the associated process either by using the task manager or by using taskkill:

taskkill /PID 388 /F

where the /F flag is needed to force the process kill (first try without the flag).

Wednesday, June 4, 2008

A Nice Lesson

You Can't Send a Duck to Eagle School by Mac Anderson

A few years ago I had lunch with a top executive from a company known for their legendary retail service. My wife and I are both big fans, and over lunch I shared with him some of the great service stories his people had provided the Anderson family.

I said, "With the service your people give...you must have training manual 2 inches thick."

He looked up and said, "Mac, we don't have a training manual. What we do is find the best people we can find and we empower them to do whatever it takes to satisfy the customer."

Then he said something I'll never forget.
He said, "We learned a long time ago that you can't send a duck to eagle school."

"Excuse me," I said. He repeated... "You can't send a duck to eagle school." He said, "You can't teach someone to smile, you can't teach someone to want to serve, you can't teach personality. What we can do, however, is hire people who have those qualities and we can then teach them about our products and teach them our culture."
As long as I live I will never forget this simple analogy about hiring people. It is branded on my brain forever. And since that day, with every hiring decision I've made, I find myself asking the question: "Am I hiring a duck thinking they will become an eagle?" I can also honestly say that asking this simple question has saved me from making some important hiring mistakes.

I just wish I'd heard it 20 years sooner.

The "Duck to Eagle School" lesson is one of many simple truths of leadership.

Sunday, May 18, 2008

Solved Account lockout issue

Today I was working on an issue where an local user account getting locked out with the following event ID:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 5/17/2008
Time: 6:45:00 PM
User: NT AUTHORITY\SYSTEM
Computer: XXXXXXXXXXXXXXX
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: XXXXXXX
Domain: XXXXXXXXXXXX
Logon Type: 4
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: XxXXXXXXXXXXXX

Event IDs 528 and 540 signify a successful logon, event ID 538 a logoff and all the other events in this category identify different reasons for a logon failure. However, just knowing about a successful or failed logon attempt doesn’t fill in the whole picture. Because of all the services Windows offers, there are many different ways you can logon to a computer such as interactively at the computer’s local keyboard and screen, over the network through a drive mapping or through terminal services (aka remote desktop) or through IIS. Thankfully, logon/logoff events specify the Logon Type code which reveals the type of logon that prompted the event.

Logon Type 2 – Interactive
This is what occurs to you first when you think of logons, that is, a logon at the console of a computer. You’ll see type 2 logons when a user attempts to log on at the local keyboard and screen whether with a domain account or a local account from the computer’s local SAM. To tell the difference between an attempt to logon with a local or domain account look for the domain or computer name preceding the user name in the event’s description. Don’t forget that logon’s through an KVM over IP component or a server’s proprietary “lights-out” remote KVM feature are still interactive logons from the standpoint of Windows and will be logged as such.
Logon Type 3 – Network
Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS. (The exception is basic authentication which is explained in Logon Type 8 below.)
Logon Type 4 – Batch
When Windows executes a scheduled task, the Scheduled Task service first creates a new logon session for the task so that it can run under the authority of the user account specified when the task was created. When this logon attempt occurs, Windows logs it as logon type 4. Other job scheduling systems, depending on their design, may also generate logon events with logon type 4 when starting jobs. Logon type 4 events are usually just innocent scheduled tasks startups but a malicious user could try to subvert security by trying to guess the password of an account through scheduled tasks. Such attempts would generate a logon failure event where logon type is 4. But logon failures associated with scheduled tasks can also result from an administrator entering the wrong password for the account at the time of task creation or from the password of an account being changed without modifying the scheduled task to use the new password.
Logon Type 5 – Service
Similar to Scheduled Tasks, each service is configured to run as a specified user account. When a service starts, Windows first creates a logon session for the specified user account which results in a Logon/Logoff event with logon type 5. Failed logon events with logon type 5 usually indicate the password of an account has been changed without updating the service but there’s always the possibility of malicious users at work too. However this is less likely because creating a new service or editing an existing service by default requires membership in Administrators or Server Operators and such a user, if malicious, will likely already have enough authority to perpetrate his desired goal.
Logon Type 7 – Unlock
Hopefully the workstations on your network automatically start a password protected screen saver when a user leaves their computer so that unattended workstations are protected from malicious use. When a user returns to their workstation and unlocks the console, Windows treats this as a logon and logs the appropriate Logon/Logoff event but in this case the logon type will be 7 – identifying the event as a workstation unlock attempt. Failed logons with logon type 7 indicate either a user entering the wrong password or a malicious user trying to unlock the computer by guessing the password.
Logon Type 8 – NetworkCleartext
This logon type indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source code and thereby gain the password.
Logon Type 9 – NewCredentials
If you use the RunAs command to start a program under a different user account and specify the /netonly switch, Windows records a logon/logoff event with logon type 9. When you start a program with RunAs using /netonly, the program executes on your local computer as the user you are currently logged on as but for any connections to other computers on the network, Windows connects you to those computers using the account specified on the RunAs command. Without /netonly Windows runs the program on the local computer and on the network as the specified user and records the logon event with logon type 2.
Logon Type 10 – RemoteInteractive
When you access a computer through Terminal Services, Remote Desktop or Remote Assistance windows logs the logon attempt with logon type 10 which makes it easy to distinguish true console logons from a remote desktop session. Note however that prior to XP, Windows 2000 doesn’t use logon type 10 and terminal services logons are reported as logon type 2.
Logon Type 11 – CachedInteractive
Windows supports a feature called Cached Logons which facilitate mobile users. When you are not connected to the your organization’s network and attempt to logon to your laptop with a domain account there’s no domain controller available to the laptop with which to verify your identity. To solve this problem, Windows caches a hash of the credentials of the last 10 interactive domain logons. Later when no domain controller is available, Windows uses these hashes to verify your identity when you attempt to logon with a domain account.

In my case the logon type in the error message was 4. So simply I went to the scheduled tasks and found that a task was scheduled to run with the same account and used for wrong password. I deleted ad recreated the task with the right ID and password and then my issue got resolved!!!!

Wednesday, May 14, 2008

XP installation doesn't recognise Toshiba L40 SATA drive.

Last week my cousin came to me and said that he has problem installing Windows XP on his brand new Toshiba L40 notebook. I noticed that XP doesn't recognises its SATA drive.
And then the project started:

A USB floppy drive will not work in this case as setup doesn't recognise it.

Finally I went for help to my loved one (Internet) and found really nice tool (I got fond of it); NLite which allow you to integrate any external or 3rd party driver to the inbox XP installation suite.

Here are the steps I used:

run nLite, Welcome Screen appear, click Next.

Locating the Windows installation .. insert you original Windows XP Installation CD (which I use OEM version of Windows XP Home with Service Pack 2) to you optical drive, and click Browse.

Pick a location on your harddrive (or make a new folder) to store your Windows XP Installation files befoe making ISO file. Click Next.

Preset. delete all preset (if exist).. click Next

Task Selection, Only select to options, Driver and Bootable ISO, then press Next

Drivers. click Insert, Single Driver, then Choose any INF file... appear, choose iastor.inf from folder where you extract the Intel SATA driver. click Open...

Storage Device Textmode Driver, click on Textmode Driver and, while pressing CTRL button, click all the driver from the list with the word 'mobile' There is 5 of it. Click OK
then click Next

Apply Changes? click Yes. nLite now preparing files to make the bootable ISO image file. When this process is done, press Next.

Bootable ISO, in General, Mode section, choose appopriate format that suite you, either make a CD or ISO image. I suggest you make ISO image.

Create a CD from the ISO, using your favorite ISO software.


download Serial ATA di sini (Intel Matrik Storage Driver)

Enjoy!!!

Wednesday, May 7, 2008

Why to get expensive S/W for writing a CD/DVD

Last time when I had a hard time writing an ISO to a CD, I found two good resource kit utility (CLU); CDBURM.exe and DVDburn.exe. These are again two great tool (freely available) to burn ISO images to CD directly.

Here is the command line syntax to use the tools:


The cdburn.exe and dvdburn.exe Resource Kit utilities. (07-Apr-06)The cdburn.exe and dvdburn.exe Windows XP and Windows Server Resource Kit utilities will burn an ISO image to writeable media.

When you type cdburn /?, you receive:Usage:

cdburn -erase [image [options]]
cdburn image [options]

Options:

-erase Erases the disk before burning (valid for R/W only)
-sao Writes the image out in "session at once", or cue
sheet, mode (default is "track at once")
-speed Speed of burn, or 'max' for maximum speed
-imagehaspostgap Use if your image already contains a 150 sector postgap
The [image] must be provided unless the -erase flag is set.
If both an image and -erase are provided, the media will be
erased prior to burning the image to the disc.

When you type dvdburn /?, you receive:

Usage: dvdburn [/Erase]

Monday, April 28, 2008

Achieved MCITP: Enterprise Administrator Windows 2008



Woohoo!!! Today I passed the 70-647 exam, Windows Server 2008, Enterprise Administrator. Now I get to add some more alphabet soup to my signature (MCITP 2008 Enterprise Administrator). My unbroken streak of passed exams continues! This MCITP certification is equivilent to the MCSE credential for Windows 2003.If you're interested in the certification path, see this link: http://www.microsoft.com/learning/mcp/windowsserver/2008/default.mspx.

Great Question about FailOver Clustering in Windows Server 2008?

Q. What is really new about Failover Clustering in Windows Server 2008?

No service account - now uses a local system account
No support for Parallel Attached SCSI (PAS), this allows for better hardware control and failover
16 nodes if you use a 64-bit edition of Windows Server 2008
Support for GPT disks, yes larger than 2TB disks are now supported natively
Validate - ensure your systems are cluster ready and help you follow best practices
4 Quorum models, no more single point of failure for the quorum
Majority quorum model
Majority of Nodes
Witness disk
File Share Witness
Improved IPSec, no more 7 minute timeout when failed over!
Stretched clusters can have nodes in different network segments with various speeds
Cluster Migration Tool - to help you migrate
MMC 3.0 snap-in, no longer a seperate application
Setup/install 2003 was 23 steps, now 3 steps. Yes I said 3 steps

Sunday, April 27, 2008

How we Understand a Cluster

This is the good one I found on one of the MVP blog:

Clustering terms made easy
Clusters are Highly Available and should never be considered Fault Tolerant.

Highly Available = is when I come anytime my wife calls me.

Fault Tolerant = Marriage.

You don't want to be married to you SQL/Exchange Cluster :)

You do want it around whenever you need it though.
Active/Active = when your cluster is too busy for its own good.

Active/Passive = one worker, one manager, you decide which is which.

Node = Clustered computer, could also be the worker who sits in a cube, not to be confused with Dude.

Virtual Server = this is kind of like be on a telecom at work, only you are calling in from Hawaii and nobody knows.

Quorum = Cluster=Quorum, Quorum=Clustering.

Failover = the only time at work that you can fail and still be a hero.

Failback = great way to get fired, let your server failover without you controlling it (Don't confuse with the above term).

Cluster = when it fails, also known as a Cluster Fork, only fork is spelled funny - u c what I mean?

Script for Windows System Information

Last week for a small project to pull system info from 500 server, I used the following vbs script (found on google search as I not good in writing scripts) to pull WMI info for OS version, SP, Processor, Memory:

On Error Resume Next
Const ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("c:\computers.txt", ForReading) 'Check the location of the file.
strComputers = objTextFile.ReadAll
objTextFile.Close
arrComputers = Split(strComputers, vbCrLf)
Set objShell = CreateObject("WScript.Shell")
For Each strComputer In arrComputers
strComputer = arrComputers
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colSettings = objWMIService.ExecQuery _
("SELECT * FROM Win32_OperatingSystem")
For Each objOperatingSystem in colSettings
Wscript.Echo "OS Name: " & objOperatingSystem.Name
Wscript.Echo "Version: " & objOperatingSystem.Version
Wscript.Echo "Service Pack: " & _
objOperatingSystem.ServicePackMajorVersion _
& "." & objOperatingSystem.ServicePackMinorVersion
Wscript.Echo "OS Manufacturer: " & objOperatingSystem.Manufacturer
Wscript.Echo "Windows Directory: " & _
objOperatingSystem.WindowsDirectory
Wscript.Echo "Locale: " & objOperatingSystem.Locale
Wscript.Echo "Available Physical Memory: " & _
objOperatingSystem.FreePhysicalMemory
Wscript.Echo "Total Virtual Memory: " & _
objOperatingSystem.TotalVirtualMemorySize
Wscript.Echo "Available Virtual Memory: " & _
objOperatingSystem.FreeVirtualMemory
Wscript.Echo "OS Name: " & objOperatingSystem.SizeStoredInPagingFiles
Next
Set colSettings = objWMIService.ExecQuery _
("SELECT * FROM Win32_ComputerSystem")
For Each objComputer in colSettings
Wscript.Echo "System Name: " & objComputer.Name
Wscript.Echo "System Manufacturer: " & objComputer.Manufacturer
Wscript.Echo "System Model: " & objComputer.Model
Wscript.Echo "Time Zone: " & objComputer.CurrentTimeZone
Wscript.Echo "Total Physical Memory: " & _
objComputer.TotalPhysicalMemory
Next
Set colSettings = objWMIService.ExecQuery _
("SELECT * FROM Win32_Processor")
For Each objProcessor in colSettings
Wscript.Echo "System Type: " & objProcessor.Architecture
Wscript.Echo "Processor: " & objProcessor.Description
Next
Set colSettings = objWMIService.ExecQuery _
("SELECT * FROM Win32_BIOS")
For Each objBIOS in colSettings
Wscript.Echo "BIOS Version: " & objBIOS.Version
Next
Next

Its a nice one to solve my purpose!!

Installed Exchange 2007 today

Yesterday I install Exchange 2007 for a single domain and got an experience to a truly new messaging and colloboration solution. The administration and configuration doesn't match with Exchange 2003. I shall say its really different.
There are lot of features which are new or enahanced to give a better messaging solution.

This enable Mobile, desktop, remote, web, intranet and Internet users to colloborate and share message and emails in a well secure (Forefront securety come with Exchange 2007) manner.

This was a long project initiated by one of my friend where he was not able to configure Exchange 2007. He called me for the help and I pulled out some time to reach him. I found few mistakes which he was doing in configuring SMTP traffic on his router and then creating send and receive rules in Exchange hub transport configuration.

Overall I found it easy and installed and configured the product in less them 2 hrs of time.

Nice experience again with a well built product by Microsoft!!!
THat why I love MS!!!!