All posts by BoonTee

Missing SYSVOL and NETLOGON during migration

I have had a crazy week so far. One of the issues that has bugged me this week was missing SYSVOL and NETLOGON shares and missing domain data after a new domain controller was added to the domain during migrations.

I first ran into this problem 3 years ago, when I was performing one of my first Swing migrations. I had shut down a server too soon, and as a result, the replica sets were incorrecty synchronized. In that case, I didn’t know what hit me. After I swung the DC back to the target new server, the entire AD crashed. There was no recovery, and I had to restore the server to it’s original state. When I reworked the Swing Migration weeks later, this error did not occur. I made a note on my Swing Migration worksheet, and did not come across this issue again . . . until Monday.

In the first case, I was trying to salvage the AD for a SBS2000 server which had lost the RAID and was barely functional. Just enough to get started. I quickly fixed up a Win2003 server and joined it to domain with the purpose of giving some backup to the AD in preparation for a Swing Migration.

Everything went according to plan, and the AD appeared to have transfered across. I did one last check according to my notes, which I have compiled over the past 4 years, and hit a snag which I had not seen for about 3 years. The SYSVOL and NETLOGON shares were not present on the new DC. Looking further, C:\WINDOWS\SYSVOL\sysvol\domain.name was empty. It should have 2 very important folders – Policies and Scripts. Without this, the AD would crash if the main DC were no longer operational.

In this instance, time was short, and I had to let this one go. We had to rebuild a new domain and reset all the workstations and data.

Today, as I was preparing a new SBS2008 server for migration, I found the same situation. The SBS2008 installation had completed and this new server was fully operational. Being paranoid, I checked, and there was the problem again!

After some searching, I finally found an old Microsoft Knowledge Base article KB290762 (http://support.microsoft.com/kb/290762/) – Using the BurFlags registry key to reinitialize File Replication Service replica sets.

I ran the Authoritative FRS restore procedure using the D4 flag on the old server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double click BurFlags.
  8. In the Edit DWORD Value dialog box, type D4 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Then I ran the nonauthoritative restore process using the D2 flag on the SBS2008 server.

  1. Click Start, and then click Run.
  2. In the Open box, type cmd and then press ENTER.
  3. In the Command box, type net stop ntfrs.
  4. Click Start, and then click Run.
  5. In the Open box, type regedit and then press ENTER.
  6. Locate the following subkey in the registry:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup
  7. In the right pane, double-click BurFlags.
  8. In the Edit DWORD Value dialog box, type D2 and then click OK.
  9. Quit Registry Editor, and then switch to the Command box.
  10. In the Command box, type net start ntfrs.
  11. Quit the Command box.

Bingo, the folders were recreated, and the shares appeared! An answer to a 3 year old question.

Disable DEP to install some pesky applications/drivers

I decided to wipe out my ACER laptop and rebuild it with Vista Business 64bit SP1. All went well and all the applications and back and running.

I suddenly realised that an integral part of my set up was to be able to use my Vodafone 3G mobile card. I downloaded the latest software off the Vodafone site. Then I plugged in the modem. Got a BSOD immediately. After the reboot, the modem appeared to be installed, but I could not get connected to the Vodafone network. I kept getting a RAS Error Code 633. Vodafone support was unable to help (Get your support guys up to date PLEASE! “It should work with Vista” is not a helpful response).

Anyway, after some searching, I discovered some discussion on Data Execution Prevention (DEP) in relation to installing the device. After uninstalling the Vodafone software and drivers, I disabled DEP with the following command.

bcdedit.exe /set {current} nx AlwaysOff

Then I installed the Vodafone software, rebooted, and plugged the modem in. No BSOD. Got the pleasant “Your device installed successfully” message.
Then I tested and was able to connect to the Vodafone network.

Rebooted once more, and then I re-enabled DEP.

bcdedit.exe /set {current} nx AlwaysOn

Tested the connection again. All OK 🙂

Word of WARNING: Do not disable DEP to install drivers unless you are sure the drivers are safe. Also, make sure you have a backup, unless you are prepared to lose data.

Remote Desktop Client 6.1 for XP SP2

The Remote Web Workplace component of SBS2008 requires Remote Desktop Client v6.1. This is installed with XP SP3 or Vista SP1. Until recently, users had to upgrade to XP SP3 to be able to use this. Microsoft have now released RDC v6.1 for XP SP2. You can download this here – http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en

Migrating from Windows 2003 with Exchange 2003 to Small Business Server 2008

Finally, after some work, I have completed a document which maps out some issues regarding a migration from Windows Server 2003 with Exchange 2003 to Small BUsiness Server 2008. The document is to be read in conjuction with the following document on Migrating from SBS 2003 to SBS 2008 – http://go.microsoft.com/fwlink/?LinkId=117499

This document can be downloaded here – http://www.powerbiz.net.au/Migrating%20from%20Windows%202003%20and%20Exchange%202003%20to%20Small%20Business%20Server%202008.pdf

SBS 2008 Content Filter Updates

For the past month, I have received less than 10 emails in total. How did this happen? I used a combination of IMF Tune v4.1 for Exchange 2007 and TrendMicro Worry Free Business Security Advanced v5.1 beta with Anti Spam setting to medium.

This worked great until yesterday…. Then I started getting few spam messages continuing until today. I had a look to see if the Content Filtering Updates were happening and discovered a whole new world of working with what used to be called IMF in SBS 2003.

This is an excellent article which highlights the differences and how to make the necessary changes to update. http://www.exchangeinbox.com/article.aspx?i=123&t=5
However, I found that some of the steps had already been performed, probably by the tweaked version of Exchange 2007 that ships with SBS 2008.

The general steps are as follows:
1. Enable updates (should already be enabled in SBS2008). Go to Exchange Management Console – Server Configuration – Hub Transport. The action pane on the left shows either Enable Anti-spam updates or Disable Anti-spam updates. You can click and re click to toggle this. When enabling, set everything to Automatic.
2. Check to see that you have the latest update using the Exchange Management Shell. Use the command get-AntiSpamUpdates to check the installed version.
3. Go to Microsoft Updates to see if there is a newer version. You can also subscribe to the Exchange Server 2007 anti-spam RSS feed here – http://catalog.update.microsoft.com/v7/site/Search.aspx?q=exchange%20server%202007%20anti-spam

Remote Web Workplace (RWW) is not working after XP SP3 is installed

After Windows XP SP3 is installed, users have been unable to access RWW from their PCs. This is caused by the SP3 installation which disables the Terminal Services Client Control ActiveX applet.

To fix the issue, start Internet Explorer. Version 7 is assumed.
Go to Tools, then Internet Options.
Click on the Programs tab.
Click on the Manage AddOns button.
In the list, look for Microsoft Terminal Services Client Control. It will be disabled.
Select the control, then click on Enable.
Close, and restart Internet Explorer.

If this doesn’t work, have a look at the following site for more information – http://www.sbslinks.com/fixmyrww.htm

Server on, no connections

In the past few months, I have had random situations where a server would restart, and following the restart, no one could connect in or the server would not connect out. Normally, a second reboot would fix the problem.

I have discovered that this is caused by the application of the MS08-037 patch. If the randomly assigned ports conflicted with the IPSEC service, this service would fail, causing the server to start in block mode where all network connectivity to the server is blocked. The proactive solution as documented by Microsoft in http://blogs.technet.com/sbs/archive/2008/07/17/some-services-may-fail-to-start-or-may-not-work-properly-after-installing-ms08-037-951746-and-951748.aspx is to modify a registry entry as follows.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ReservedPorts
Add the following port ranges and reboot.
3343-3343
1433-1434
1745-1745
1080-1080
1720-1720
1645-1646
1701-1701
1812-1813
2883-2883
4500-4500

There is more information on this problem along with other scenarios which I have not yet encountered.

Screen Upside down (or sideways)

Here’s another oldie, but I still get calls on this regularly.
I happens predominantly with computers using windows XP and Intel or NVidia graphics adaptors.

To fix the problem, press CTRL-ALT-UP.
To turn it upside down again, press CTRL-ALT-DOWN. To turn things to the left, CTRL-ALT-LEFT, and to turn it right, CTRL-ALT-RIGHT.

One gotcha. If you had rebooted to PC to try and fix the problem, you might need to log in first, before the keys will work.

FYI. There are 5.3 million hits on this google seach – http://www.google.com/search?hl=en&safe=off&rls=com.microsoft%3Aen-us&q=screen+upside+down&btnG=Search

Windows 2008 Easy Print

Turns out that Windows 2008 Terminal Server Easy Print technology is not as easy after all. It is a great technology, but there are some things to watch out for.

Pre-requisites.
Requires Windows 2008 with TS Role (Duh!)
Also requires RDP v6.1 (which comes with Vista and XP Service Pack 3).
Also Requires .NET Framework v3.0 SP1 or later.

The technology states that it will automatically redirect print jobs via RDP to the local printers. Most of the time, it works great. However, I found out that it definitely does not work across Remote Web Workplace on SBS2003. It requires a direct connection via RDP. Normally, this is done through port 3389.

For more information – http://technet.microsoft.com/en-us/library/cc753853.aspx

*** UPDATE ***
Just found out that RDC v6.1 is available for Windows XP SP2.
http://www.microsoft.com/downloads/details.aspx?FamilyId=6E1EC93D-BDBD-4983-92F7-479E088570AD&displaylang=en