Category Archives: Server 2003

Hotfix: Resolve Issues in mixed Windows Server 2003 and 2012R2 Domain Controller environments

The issues were documented here – http://blogs.technet.com/b/askds/archive/2014/07/23/it-turns-out-that-weird-things-can-happen-when-you-mix-windows-server-2003-and-windows-server-2012-r2-domain-controllers.aspx

The main issue is that users could not log on to the domain and Kerberos errors (EventID 4) were logged. This could lead to issues, and frustration, especially in migration situations.

The hotfix can be obtained here – http://support.microsoft.com/kb/2989971

Goodbye SBS!

Microsoft announced today the next release of their Windows Server operating systems, and thus ended the branding and name Small Business Server. Read the announcement here – http://blogs.technet.com/b/sbs/archive/2012/07/05/windows-small-business-server-essentials-becomes-windows-server-2012-essentials.aspx. Also check out the new line up for Windows Server 2012 here – http://www.microsoft.com/en-us/server-cloud/windows-server/2012-editions.aspx.

Here is a brief history of SBS. Google “Small Business Server” for more information on this.

  • 22 Oct 1997. BackOffice Small Business Server 4.0 is introduced, based on Windows NT Server 4.0 SP3. Allowed 25 client licenses.
  • 24 May 1999. BackOffice Small Business Server 4.5 is released, based on Windows NT Server 4.0 SP4. Allowed 50 client licenses.
  • 21 Feb 2001. Microsoft Small Business Server 2000 is released, based on Windows 2000 Server. Allowed 50 client licenses.
  • 9 Oct 2003. Windows Small Business Server 2003 is released, based on Windows Server 2003. Allowed 75 client licenses.
  • 29 July 2006. Windows Small Business Server 2003 R2 is released, based on Windows Server 2003. The main updates here included the introduction of Windows Server Update Services and expansion of the 18GB Exchange database limit to 75GB.
  • 21 Aug 2008. Windows Small Business Server 2008 is released, based on Windows Server 2008. Allowed 75 client licenses, and introduced a new Console for administration and management.
  • 13 Dec 2010. Windows Small Business Server 2011 is released, based on Windows Server 2008 R2. The product was split into a Standard and Essentials version, where the standard version carried forward the 75 client license limit as seen in past releases. The new Essentials version was introduced from the Windows Home Server codebase and included 25 client licenses built in.
  • late 2012/early 2013 (estimate). Windows Server 2012 Essentials will be released, based on Windows Server 2012. Includes 25 client licenses.

With the introduction of Windows Server 2012 Essentials, the Small Business Server brand name will be lost. Here are some screenshots of the administration console as it developed in SBS2000, SBS2003, SBS2008, SBS2011 Standard and Essentials.

For more information on Small Business Server features, go to www.microsoft.com/sbs. SBS2011 is available right now. This is your last chance to get a fully integrated server for small business which integrates on premise Email, collaboration, update services, remote web access gateway, and much more.

 

WSUS dies after installing KB2720211

Recently, there have been quite a number of cases where WSUS stopped working after a recent patch KB2720211 was deployed.

There is now a blog listing the common issues that arise, and how to fix them  – http://blogs.technet.com/b/sus/archive/2012/06/20/wsus-kb272011-common-issues-encountered-and-how-to-fix-them.aspx

 

PowerShell Not Your Father’s Command Line

There is a great 31 part blog post on PowerShell that is in developement (part 23 of 31 at this moment). Everything you wanted to know about PowerShell and some great scripts that can be used.

The main landing page for the blog is here – http://blogs.technet.com/b/matthewms/p/powershell.aspx

Here are the titles.

Part 1 of 31: Why PowerShell?
Part 2 of 31: The Basics on How to Read PowerShell
Part 3 of 31: Where Did All the Good Cmdlets Go?
Part 4 of 31: Who Ya Gonna Call For Help?
Part 5 of 31: What’s in it for Devs?
Part 6 of 31: A Cmdlet By Any Other Name Would Be An Alias
Part 7 of 31: Conjunction Function PowerShell What Are Functions?
Part 8 of 31: Won’t You Take Me To Functiontown?
Part 9 of 31: Another Side of PowerShell Profiles
Part 10 of 31: PowerShell Protecting You From Yourself
Part 11 of 31: PowerShell Providers and You!
Part 12 of 31: PowerShell and The Registry
Part 13 of 31: The Provider Active Directory Style
Part 14 of 31: Sorry I’m Not Home Right Now, Walking into IIS Webs…
Part 15 of 31: ISE, ISE Baby…
Part 16 of 31: PowerShell Take Me Out To The Grid
Part 17 of 31: Who Wants to Manage Active Directory?
Part 18 of 31: So You Deleted A User…On Purpose
Part 19 of 31: Small Business Server, PowerShell, and Me
Part 20 of 31: Hanging with Hyper-V
Part 21 of 31: Knock Knock PowerShell Calling!
Part 22 of 31: Good PowerShell Things Come in Nifty Packages
Part 23 of 31: HUGE Announcements, Disagreements, Best Practices and A Party…Oh My!
Part 24 of 31: PowerShell Did What!?!? How to Mitigate Risk!
Part 25 of 31: Did You Know PowerShell Can Talk VMware?
Part 26 of 31: Start Spreading the News…
Part 27 of 31: It Takes a Community to Raise a Language
Part 28 of 31: What is the .NET Framework?
Part 29 of 31: Demystifying MSDN and PowerShell static syntax
Part 30 of 31: PowerShell Likes the Pretty Blue Eyes of Azure Too
Part 31 of 31: That’s a Wrap and We are Not Done Yet!

Daylight Savings Time Zone Editor for older versions of Windows

There are still occasions where old Line of Business applications are still in use that cannot/will not/absolutely will never work on newer operating systems. On these PCs, time zone updates for daylight savings are also not updated, and can cause some grief.

To manually create new timezones on these older operating systems, you can use Microsoft’s Time Zone Editor. The Windows NT, 2000, XP, 2003 can be downloaded here – http://download.microsoft.com/download/5/8/a/58a208b7-7dc7-4bc7-8357-28e29cdac52f/TZEDIT.exe

If you are living in a time warp called Windows 95, 98, or ME, you can download the program from the old Microsoft FTP server – ftp://ftp.microsoft.com/services/technet/samples/ps/Win98/Reskit/CONFIG/

Once downloaded, run tzedit.exe and it will install itself to C:\Program Files\TZEdit. Browse to that location and run the tzedit.exe program.

Creating a new timezone is as simple as clicking on the New button and putting in the details.

Logon Type Codes in the Security Logs

With the prevalance of brute force security attempts, it is not uncommon to see EventID 529 appear often in the security logs. When a failed logon attempt is made on the network, the security logs note down the Logon Type among other information. I use this resource quite often – http://www.windowsecurity.com/articles/Logon-Types.html to work out what the codes actually mean.

 The above resource lists the various logon codes with explanations of what they are.

The most common codesI have seen are:

  • Logon Type 2 – Interactive – when someone attempts to logon to the server console.
  • Logon Type 3 – Network – when failed attempts are made inside the network to shared resources on the server. These errors coupled with IIS attempts could also mean attempts are being made on the SMTP service or HTTPS service. Unfortunately, no IP data is logged on these types of attempts. This has to be manually found from the SMTP or Web logs.
  • Logon Type 10 – RemoteInteractive – Attempted logins to Remote Desktop or Terminal Services. This is often accompanied by useful IP information, which can be used to isolate the offending attacker.

The other codes are described in the article.

IT Security revisited

I was just reminded of the 10 Immutable Laws of Security (http://technet.microsoft.com/en-us/library/cc722487.aspx)

Law #1: If a bad guy can persuade you to run his program on your computer, it’s not your computer anymore Continue reading IT Security revisited

Auto Login to PC after restart

Sometimes, there are background processes and application that need the user to be logged on to the PC before they will run. On a domain PC, this is normally not possible. However, you can modify the registry to enable this. NOTE: the password will be clearly seen.
 
 
In regedit, navigate to HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
 
Add or modify the key, AutoAdminLogon (String) to 0
Enter in the user credentials in the three keys – DefaultDomainName, DefaultUserName, DefaultPassword.
 

Daylight Savings for Western Australia 2009

… is not happening.
 
Therefore, a hotfix has been released to deal with this issue. This is an out of band update, and should be applied to all systems used by WA users.
 
The Daylight Savings Planning Guide (September 2009) can be found here – http://technet.microsoft.com/en-au/bb821275.aspx
 
The hotfix (KB974176) can be obtained here – http://support.microsoft.com/kb/974176
 

Error 0x8007007f: A problem is preventing Windows from accurately checking the license for this computer

I got this error, when I tried to log in to one of my Domain Controllers this morning. It is a Windows 2003 x64 server. I had remotely applied SP2 and some other patches.
 
Looking up this error, I found references to the fact that SP2 may have been installed, but the computer had not been rebooted. Duh!
 
Rebooted the server, and all was well.