Sysadminsblog.com Anything for sysadmins!

22Feb/130

Windows Update encountered an unknown error – 80243004

This error just showed itself on my Windows 2008 R2 SP1 server and it stopped me from installing any updates. The fix for this error is undoubtedly the strangest I ever came across. Pete Long described this fix on his website.

Strangely enough this error seems to be caused by the taskbar that is not showing all icons. Here are the steps:

  1. Right-click the taskbar and select properties
  2. In the Taskbar tab click Customize…
  3. Check "Always show all icons and notifications on the taskbar"
  4. Confirm all screens with OK

Now try installing the updates again and see that it'll work.

22Jun/120

PXE boot stopped working for WDS

After updating the Windows Deployment Service (WDS) server, it didn't seem to work anymore. The clients would try a PXE boot but couldn't find a TFTP server to get the boot image from. A colleague of mine found a great article about this problem.

It seems that when you have a single server that is running WDS and DNS, the DNS server binds to all ports in the WDS port range leaving the WDS server unable to respond to the clients.

Symptoms

  • TFTP downloads fail
  • Multicast downloads fail with a possible error code 2
  • When WDS tracing is enabled you will find one or more errors that resemble the following
    [2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\udpportrange.cpp:755] Expression: , Win32 Error=0x2<br/>[2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\src\regudpendpoint.cpp:192] Expression: , Win32 Error=0x2<br/>[2416] 16:01:36: [d:\w7rtm\base\ntsetup\opktools\wds\wdssrv\server\inc\RegEndpoint.h:354] Expression: , Win32 Error=0x2<br/>[2416] 16:01:36: [WDSTFTP][UDP][Ep=0] Registration Failed (rc=2)
  • When you run
    netstat –abn

    you'll find that 64001 to 65000 is displayed as being used

  • You've applied security update MS08-037: Vulnerabilities in DNS could allow spoofing

Solution

If you do not require WDS to use a static port range, you can configure WDS to dynamically query WinSock for available ports instead of using a port range. To do this you'll have to modify a registry key on the affected server.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WDSServer\Parameters

Modify the key

UdpPortPolicy

and set it to 0. Then restart the Windows Deployment Services.

More information can be found here: http://support.microsoft.com/kb/977512/en-us

28Nov/112

Cannot enable Network Discovery on Windows Server 2008 R2

I've been working on getting a Symantec Enterprise Vault up for Exchange 2010 archiving. Unfortunately Enterprise Vault isn't the best documented solution out there. While trying to get PST migration working I ran into a problem setting the PST Holding Folder in the site properties.

When you click the Change button no servers are displayed and you're unable to otherwise fill the PST Holding Folder. The culprit is that by default Network Discovery is disabled. When you enable the setting it just switches back to off without a warning. This is because Network Discovery is dependent on several Windows services that are disabled and can't be started.

To solve the issue use the following steps:

  1. Start services.msc
  2. Make sure that the services below are set to startup type manual:
    1. Function Discovery Resource Publication
    2. SSDP Discovery
    3. UPnP Device Host
  3. Go to Network and Sharing Center
  4. Click Change advanced sharing settings
  5. Select Turn on network discovery
  6. Click Save changes

You should now be able to select the server and share that you want for holding the PSTs in the Enterprise Vault Administration Console.

13Sep/116

Event 58 – The disk signature of disk n is equal to the disk signature of disk n

Log Name: System
Source: partmgr
Event ID: 58
Task Category: None
Level: Warning
Description:
The disk signature of disk 2 is equal to the disk signature of disk 0.

This error occurred on one of the virtual machines on the ESX environment. It probably also caused another error a bit further up in the event viewer.

Log Name: System
Source: VDS Basic Provider
Event ID: 1
Task Category: None
Level: Error
Description:
Unexpected failure. Error code: D@01010004

Disk 0 is the system disk, which contains the Windows 2008 R2 installation. Disk 2 on the other hand is non-existent, or better said, hidden. This error can easily cause errors with your backup software like Backup Exec.

You can also run into this error when you're using Hyper-V and you're making a backup using Backup Exec by means of the Hyper-V agent. It will then mount the virtual machine disk on the host server. If the host server disk and the virtual machine disk have the same disk ID they will clash causing event id 58.

If you do the following, you can get the current disk ID:

  1. Start a cmd as administrator
  2. Type:
    diskpart
  3. Type:
    list disk
  4. Type:
    select disk 0

    (replace the 0 with the disk indicated in Event ID 58)

  5. Type:
    detail disk

As you can see, my disk ID is 3B9ED7B7. This seems to clash with another hidden disk that has the same disk ID. To change the disk ID you'll have to download the Windows 2000 resource kit or if you can find it with Google dumpcfg.exe or dumpcfgx64.exe if you're on 64-bit.

Once you've downloaded the utility you'll have to start a cmd as administrator, and run the utility with the parameters -S followed directly with the new disk ID, a space and the number of the disk that you used in the select disk command above.

  1. Start a cmd as administrator
  2. Type:
    dumpcfgx64.exe -S3B9ED7B8 0
  3. Or use diskpart and select disk (ID) then type:
    uniqueid disk id=3B9ED7B8

When you follow the procedure to get your disk ID again you'll notice that it's been changed to the new value.

20May/110

DNS doesn’t resolve on Windows 2008

Someone asked me why the domain viewtrip.com wasn't working on our network. IE was returning that it couldn't find the server. This soon pointed in the direction of DNS. The nslookup of the domain also failed. The Global Logs in the DNS Manager returned some 5504 events.

The DNS server encountered an invalid domain name in a packet from 216.113.128.62. The packet will be rejected. The event data contains the DNS packet.

After hitting Google with this event it soon gave me a couple of options to solve it. A big thank you goes to Shilpesh Desai! Source

  1. Check following registry key and value set for it:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS\Parameters\DisableAutoReverseZones

    According to KB 198410 it should have a non-zero value

  2. Packet was forwarded to non-recursive DNS server. I will recommend to switch to forwarders for few days to check if that helps.
  3. Server is quering for DNAME record, which is not supported. Reponses containing DNAME (rrtype - 0x0027) record.
  4. Extended DNS (EDNS) packets are received but the server that is attempting to resolve the EDNS traffic doesn't support EDNS or have it enabled. An easy workaround is to disable EDNS.
    dnscmd /Config /EnableEDnsProbes 0

One disadvantage of this solution is that DNSSEC is not possible anymore as this relies on the EDNS principle.

More info on EDNS

More info on DNSSEC

24Mar/113

Event 1004, 1001, 1015 – Microsoft.ResourceManagement.Service.exe

While setting up the User Profile Synchronization services on SharePoint 2010 I had a couple of warnings and errors that I had to address. This one seemed worth mentioning.

Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{1C12B6E6-898C-4D58-9774-AAAFBDFE273C}' failed.  The resource 'C:\Program Files\Microsoft Office Servers\14.0\Service\Microsoft.ResourceManagement.Service.exe' does not exist.

Followed by event 1001:

Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{9AE4D8E0-D3F6-47A8-8FAE-38496FE32FF5}'

And event 1015:

Failed to connect to server. Error: 0x80070005

These were repeated for another component GUID.

The reason is that the WMI calls are made under the credentials of Network Service account and that this account doesn't have permissions on the folder indicated in the event.

After I gave the Network Service account read and execute permissions on the folder the events didn't reappear.

Update:

After a couple of hours I noticed new events in the event viewer related to the previously mentioned.

Event 1004:

Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM', component '{CF90B971-D78A-4794-8F90-EB5FB5028DDA}' failed.  The resource 'C:\Program Files\Microsoft Office Servers\14.0\SQL\DatabaseSettings.sql' does not exist.

Event 1001:

Detection of product '{90140000-104C-0000-1000-0000000FF1CE}', feature 'PeopleILM' failed during request for component '{9AE4D8E0-D3F6-47A8-8FAE-38496FE32FF5}'

22Mar/110

Event 8193 – Volume Shadow Copy Service error

SharePoint Search has its issues sometimes. This one seems to happen to a lot of people, but the solutions that I've found weren't too clear about what to do to solve this. Here's the event that is triggered.

 Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...).  hr = 0x80070005, Access is denied.
</p><p>Operation:
</p><p>   Initializing Writer
</p><p>Context:
</p><p>   Writer Class Id: {0ff1ce14-0201-0000-0000-000000000000}
</p><p>   Writer Name: OSearch14 VSS Writer
</p><p>   Writer Instance ID: {07c936a8-347c-4e39-8014-2a057f611382}
</p><p>

If you go to the Details tab, you'll see some additional information about the event.

The part after User and Name is the most important here, which I've blurred for security reasons. This is the account name that needs full control on the registry key HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag.

  1. Start regedit.exe
  2. Navigate to the key HKLM\SYSTEM\CurrentControlSet\Services\VSS\Diag
  3. Right-click the key Diag and select Permissions
  4. Add the account that was indicated in the event and provide it with Full control permission
22Mar/116

Unable to edit the DCOM settings

Recently I had a couple of DCOM errors in my event log for APPID {61738644-F196-11D0-9953-00C04FD919C1} (IIS WAMREG admin Service. It was again a classic case of Local Activation permissions that were missing. Normally one would fix that by going to DCOMcnfg.exe and editing the settings as indicated in this article. However this time it was a bit different as the settings were disabled.

Obviously this is a permission problem. The solution is to do the following:

  1. Run Regedit.exe and browse to "HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}" key
  2. Right-click the key and select Permissions
  3. Click the Advanced button in the permissions window and select the Owner tab. Under Change owner select the local Administrators group and click on OK.
  4. Then on the permissions window, select the local Administrators group and assign it Full Control. Don't change the permissions for the TrustedInstaller account.
  5. Click on Apply (keep this window open as you'll have to restore the permissions when you're done)
  6. Rerun the DCOMCNFG.exe. You should now be able to change the DCOM settings for the IIS WAMREG admin service.
  7. Go back to the permissions window of the registry key and remove the check in Full Control of the local Administrators group (this results in only Read permissions)
  8. Go to the Owner tab and make "NT Service\TrustedInstaller" of the local computer owner of the key again.

Quite a hassle, but it works!

15Dec/100

Reset the domain (controller) policy GPOs

Somehow the default domain policy got borked during an import of GPOs. I had to restore the domain policy and luckily Microsoft created a tool for that. The tool is included in Windows 2003 and Windows 2008 and is specially made for restoring the Default Domain Policy and Default Domain Controller Policy group policy objects.

C:\>dcgpofix /?

Microsoft(R) Windows(R) Operating System Default Group Policy Restore Utility v5.1

Copyright (C) Microsoft Corporation. 1981-2003

Description: Recreates the Default Group Policy Objects (GPOs) for a domain

Syntax: DcGPOFix [/ignoreschema] [/Target: Domain | DC | BOTH]

/target: {Domain | DC | BOTH}Optional. Specifies the GPO to be restored -- the Default Domain Policy GPO, the Default Domain Controllers Policy GPO, or both.

/ignoreschema:

Optional. Use this switch to have this tool ignore the schema version of the Active Directory. Otherwise this tool will only work on the same schema version as the Windows version in which the tool was shipped.

As easy as that!

24Nov/100

You must use the Role Management Tool to install or configure Microsoft .NET Framework 3.5

While trying to install software for our security cameras I needed to install Microsoft .NET Framework 3.5. When trying to install the .NET Framework it presented me with an error stating that I should install it through the Role Management Tool.

As Windows Server 2008 R2 has .NET Framework 3.5.1 you're not able to install version 3.5. However, the description is a bit misleading because it's talking about roles, while in fact it's a feature that needs to be installed.

You can install the feature by clicking on the Add Features link in the Server Manager and selecting