Recently in Windows 2003 Category

If you can't wait 12 days for it to be released on Windows update, and lets face it, if you are running Windows 2008 you are likely to be an early adopter and keen to get your hands on the final product - you can download it from the Microsoft's Hyper-v download page. I'd also recommend reading the description of Hyper-V release version- kb950050

When I installed it I shut down all my virtual machines and then ran the install program. You will need to reboot your host windows2008 server. Upon reboot your saved states will have been removed (this is in the readme). When the virtual machines are fired up they will be running the RTM version. Windows will detect new hardware, and as before you just cancel this routine and then go to Action, Insert Integration Services Setup Disk, let the installation proceed and then reboot the virtual machine (again). After this reboot the screen gets reset to 640*480 so this needs to be reset again.

One of the nice things for me is the support of XPsp2 as a guest OS. Previously this worked but there wasn't an integration service disk available which meant that the keyboard/mouse integration wasn't as good and I had to keep pressing ctrl alt and the left arrow to release the mouse which gets a pain as it didn't work on my synergy kvm (I had to use the real keyboard).

The xp upgrade was a bit harder for me. I'd recommend copying the Integration disk to the desktop and then capturing your xpcd - I didn't and had several disk swaps required - I had to unblock add/remove programs (I'm not sure why it was blocked - but delete HKLM \Software \Microsoft \Windows \CurrentVersion \Policies \Uninstall \NoAddRemovePrograms fixed that. I was then able to remove the virtual machine additions and reboot.Then I had to upgrade the HAL which meant putting the xp disk in the drive and rebooting, then inserting the Integration Services disk (switching back to xp disk mid way for hidusb.sys for the mouse) and then a final reboot. 

Phew - after all that I'm up and running with Hyper-V RTM, 1 client XPsp2, 1 W2k3 DC and 1 w2k3 SSE server.  My next project is probably going to be Windows Deployment Services

As I found out that the 2nd chance exam offer runs out at the end of this month (for the initial exam - you have until the end of June to take the retake) I've decided to try and get my MCSE by the end of the month so I'm swotting really hard. I've finished the first half of the Microsoft Press book for 70-293 tonight - I started it on Sunday night and last night we were out for a couple of hours so it's not bad going. I've scheduled the exam for Friday afternoon and after that I'll only have 2 more to go.
I've also pushed the guys at the office to take advantage of the offer, so far I know at least 2 of them have booked exams and if the others are reading this - then just do it! With this offer I really don't think there is any excuse for someone not to be an MCP at a minimum, especially when the exam fee is reimbursed on passing and the 2nd chance removes a lot of the pressure.

5 if you include the couple of Dell partitions! The Dell pc comes with two hidden partitions - one is the diagnostics partition and the other is the system restore partition so you can get back to factory image if you ever need to. After I had installed Vista on the machine I then attempted to install Windows2008 but the installation process wouldn't let me proceed as it couldn't make a new partition due to the limit of 4 primary partitions on a hard disk. I therefore booted back into XP, blew away the Vista partition, created a new extended partition and within that created two drives - one for Vista and one for 2008. A quick reboot off the dvd and Vista was soon installed, then a repeat of the process, this time with Windows2008 and that was installed quickly too - I think Windows 2008 took about 20 minutes.

This evening I was preparing for an adminstrator password change that I need to do tomorrow on a Windows 2000 box so to check everything worked ok I created a new virtual machine in 2008, loaded the Windows 2000 cd and 26 minutes later I had installed Windows 2000 in a vm, rebooted, changed the password using the Offline NT Password cd and rebooted back into Windows 2000 and was able to log back in again. I suspect on old hardware it will take that long just to boot the machine up and change the password and log back in again!

I also really wanted the ability to select the Operating System that the machine would boot into after it was rebooted. The default installation of any OS is going to prompt you for the installation but that isn't much use when the reboot is happening remotely.  I remember some software I used back in the NT4/2000 days that would do this but couldn't remember what it was called. That wouldn't actually help though as the boot structure in Vista and Windows2008 is radically different requiring the use of BCDEdit......  Alternatively EasyBCD could be used to edit the boot configuration. This is well worth downloading as it makes editing the boot configuration much nicer. I was able to use this utility to remove the extra Vista configuration as a result of the dual installations of Vista. What is even better is their iReboot software. Install this on all the OS's and then you can select which OS to boot with from a Task Notifier icon and restart the machine - just what I needed. (Note this does require .net framework so I had to install this on the new xp installation as it didn't have it already! Also note that the first result for .net framework 2 comes up with a page can't be found on Microsoft's site and the second hit is for the beta version! Use this link instead and don't forget to check Windows Updates afterwards)

Thanks to a tip off from Ed Bott, I have ordered a nice Dell Dimension 2.4 GHz quad-core CPU (Intel Q6600), 3GB of RAM, and a 500GB drive, for $499 although I paid an extra $20 to get Windows XP Pro. I wanted to get the 64 bit version but Dell won't sell it to me so I'd have buy the media which is going to be expensive or put my Vista or Windows2008 server software on to host my vm's. Hopefully this machine will have enough processor and memory to allow me to run at least a couple of vm's at the same time so I can get more experience in W2k8. At this price it was very tempting to buy a few of these machines but I restrained myself to just one. This is going to be used purely for work and training purposes so I should be able to deduct it in my taxes next year too which is an added bonus.

The migration from NT4 and Exchange 5.5 to Exchange2007 and Windows 2003 is almost done. This weekend was the installation of Exchange 2007 and the move of mailboxes. Unfortunately it did not go to plan. Upromote worked great on the first server that needed the software and after two or three reboots it was acting as a member server. The second server however did not go well. Instead the server bluescreened in the middle of the process and I was left with a server that was neither in a domain or in a workgroup.  The logon box did not include the domain option but the local SAM was corrupted and wouldn't let me login. As the machine was out of the domain I couldn't connect to it remotely apart from ping activity. After struggling for a long time with a multitude of recovery tools we ended up with a parallel installation of NT4 on the machine so that we could access the data on the drives. This was not without hassles - the RAID controller drivers would not recognise the disk in NT4 - you would have thought that downloading the drivers for the raid controller that appears in the BIOS boot would work but nope - we had to use different drivers!  I tried to access the machine using Microsoft's Dart Tool - the rebranded ERD commander, but this tool doesn't support NT - in the end I had to go back to ERD Commander 2002 to get a version that worked with NT4 (although it didn't actually help). The parallel installation of NT also needed SQL 7 reinstalling but this needed ie4 installed (and where do you get *that* from?)  Fortunately it would also accept IE6 too.

Installing the Exchange2007 sp1 was not a fun experience either - the process stopped half way through with an error saying that a file was in use and that I needed to reboot the server to continue. When I did so, the installation would not continue as all of the Exchange services and several other essential windows services had been set to disabled by the previous installation and the upgrade needs the Information Store to be running. As the other services were stopped the machine acted like it was behind a firewall - you were not able to ping out or into it. Setting all the services to automatic and then starting them got through this problem - I had to boot up my Virtual Exchange 2007 server to see which disabled services should normally be running though. I actually had to try the upgrade about 3 times before I got through with no errors but the whole experience made SQL2005 look stable.

Now I am having major trouble getting the remote outlook clients to connect through to the exchange 2007 server using RPC over HTTPS - it worked great with the Exchange 2003 server but just will not work with Exchange 2007 - if you have any bright ideas then let me know - tomorrow I'll be logging a call with Microsoft for some assistance.

At the end of the weekend I felt like I had installed every piece of Microsoft software just to get Exchange migrated onto new servers. I have got some great ideas for future migrations and I know that I don't want to repeat the process sometime soon!

Then to top it all off, the advert shown in this blog post arrived stuck to the front cover of my Technet magazine today - talk about bad timing.  Having said that, I have received the white paper and I don't think we'd use their services as it sounds expensive. The advice was pretty basic but did include the steps of removing old mailboxes and cleaning up the database. One REALLY annoying thing to see when you are moving mailboxes on a weekend without pay is a lot of "moving 1 of 3654 spam messages" and "moving 3 of 12876 deleted items".  I had told the users to delete these items before the upgrade but this hadn't been done.  I think next time I will include a step of telling the users to delete their spam, junk and deleted items BEFORE the upgrade as it will be done as part of the upgrade "automatically" (and if anyone has a tool that will walk through a message store deleting items in the spam, junk and deleted items then let me know)

My passing score was 928 (pass was 700) so I passed comfortably - which is a very nice feeling and something I've maintained in all the exams I've taken with Microsoft so far. I now have 1 more to go and then I get my MCSA exam. This exam was quite different to the ones I've done before - there were 45 questions and about 10 (or more) were simulation exams. Personally I like these questions as it's a lot easier to recognise the process needed to go through as opposed to the previous "drag and drop to put in order" box questions where you have to remember the exact wording on the dialog boxes that in real life you pay little attention to as you use them every day.
After 20 questions the screen froze, for ever, and ever and ever. Eventually I went out to see the receptionist but when I came back the machine was waiting for the next question - it takes a long time to load some of the simulation questions. I was really nervous at this point as the first 20 questions were easy and I was confident I had about 19 of them correct. I really didn't want to start again.
After this scare the questions seemed to get harder but a lot of them were similar to the questions in the official MS press books and there were some questions I had seen that were identical to various test prep software solutions although I didn't use the MeasureUp software for this exam which I have used in the past. Now it's onto 70-291....

Finally found a solution/explanation to the Event ID 5050, Source IAS that reads "The description for Event ID ( 5050 ) in source ( IAS ) cannot be found. Apparently this is A LDAP connection with domain controller <domain controller name> for domain <domain name> is established. and therefore nothing to worry about. It's taken ages to track this down - I wasn't able to find it on eventid for quite a while, but this morning it was there.

Finally managed to solve an issue that has been bugging me for months. A user was logging onto the Terminal server but two of their network drives would not connect as part of the login script. However doing a net use and providing username and password in the prompts would connect (which is how they've been connecting for a while). Logging into a local pc worked fine, but logging in via terminal services always had this problem - so it had to be something to do with the roaming terminal service profile.
Eventvwr was showing events Userenv 1030 - Windows cannot query for the list of Group Policy objects, Userenv 1006 - Windows cannot bind to domain.com domain (Invalid Credentials), MsGina 1010 Failed to set the user's home directory,
I tried debugging using KB221833 which gave me 43 pages of logs to read through.
Eventually I logged into the Terminal server as the user, went into control panel, stored passwords and lo and behold - there was someone elses username (and password). Deleted this stored account, logged off and back on again and got all their network drives connected.
control keymgr.dll is a shortcut to this screen that users might be able to use to clear this themselves.

I had the need to quickly list the users who had DialIn access to the domain. This can be achieved using the netsh command. More details can be found in the Help and Support Center for "netsh commands for remote access" but the command line you need is netsh ras show user mode=report >ras.txt (assuming you want the file exported to ras.txt

I needed to migrate some data from an old server onto a new server and after moving the data (thanks robocopy) I needed to ensure that the clients would be able to find the new location. Creating the shares with the same name and then changing the login scripts should make everything work ok, but just in case something has the unc path encoded I did the following (see the extended entry). Read the extended entry for the surprise ending that I had to do!

If you are decomissioning an old server and moving the data to a new server, an easy way to let all the hosts still connect to the old server is to create a cname alias in dns such that oldserver points to newserver.domain This way, any software coded to use unc names will still find the share but on the new server.
Unfortunately, by default the new server does not expect to get requests for the oldname so it ignores them and the client receives an error message. This is apparently fixed by following the instructions in KB281308.

This is really weird - the news on this Windows 2003 service pack 2 has been really quiet - there has been very little coverage of the beta for this and then boom - it's available on Windows Updates the day that Microsoft say they are not releasing any security patches! Hopefully your servers are not set to auto update and WSUS is not set to automatically approve (and download) service packs. However, if you have ie7 on the server then you won't be able to install service pack 2 which is a really stupid requirement. I know there is the argument that you shouldn't be surfing on a server, but you need a web browser for a lot of server based monitoring apps like Dell System monitor, Hp monitor, WSUS, Symantec antivirus etc so it would make sense to have the latest version on the server (especially as you can use tabs)
From the What's new, it is interesting to see that there is a replacement tool for cacls, now icacls and also RIS has been replaced by Windows Deployment Services

It was interesting to see that details about the packaging for Windows Vista was released today - JCXP links to MS Tech today which has a picture of the neat dvd box. Contrast this to the cd's that I received from Dell for the SBS 2003r2 server I opened. Not only was the media on CD (which means a painful 4 cd install after Dell's install creates a small 25gb boot partition) despite the server having a dvd drive, but the cd's were in the paper sleeve envelopes that you normally get with an OS installation from Dell. What was worse that disks 1 and 2 were in the same envelope with a piece of paper slid between them, the same for disk 3 and 4. This is really cheap, likely to lead to scratches and not a good first start impression of a brand new server!
(Note that I don't know if SBS was requested on cd instead of dvd or whether that is how it comes but even if it was ordered on cd, it could at least come in a reliable case.

Group Policy processing does not work and events 1030 and 1058 are logged in the Application log of a domain controller - the short answer was to run
dfsutil /purgemupcache

Microsoft have released a Windows Mobile 5 emulator that you can run on your pc, normally for developing software for the windows mobile. However, you can also use this to test and debug the setup of Direct Push with Microsoft Exchange 2003 service pack2. This is great to try before you blow up a users phone as you test stuff out. Seeing as though Direct Push has only just started being available on the phones, it is unrealistic to know how to get it working out of the box.

We've had two occurances of Terminal Services and Sql server not responding after the servers had been rebooted after the patches had been applied.
Terminal Services had the service running and using mstsc to the server would result in a message saying the server was not accepting connections. Telnetting to port 3389 would come back with a connection but nothing in the telnet prompt. A reboot of the server cured this problem.

As far as SQL server was concerned, the SQL service had not restarted after the reboot - not sure why as I didn't have time to troubleshoot - I just needed to get the service running, which happened as soon as I launched Enterprise manager and attempted to connect to the server.

Anyone else had similar experiences?

and a batch file to do it automatically too (not tested by me though) is available at Bloggus Doekmanni

I'm not sure why, but on a server, in the d:\data directory I ran this command...
  cacls . /t /g:usergroup:c
This didn't have the expected behaviour of granting change to usergroup on the d:\data directory and all files and subdirectories -that would have been too simple.
Instead it replaced the permissions (I should have had the /e) which is fair enough, but WHY OH WHY did it proceed to do it not only on d:\data but also all the files (and subdirectories) in c:\windows (including system32 and other fairly important files). Needless to say I had a very worrying moment - in fact several of them when I discovered i had no access to run cacls anymore (permissions removed) and the only people who could access the windows directory (but with no access to logon locally) were members of the usergroup.
In the end I had to change the permissions, cascading down from windows and then run the Security Analyzer wizard to check that everything was ok.
I have no idea why it suddenly started doing c:\windows. I know I was in the d:\data directory as I checked before hitting return, I could see the present directory after the command finished AND the permissions were also correct on d:\data

Aha - I fell into the gotcha when I searched for the adminpak for windows2003 and it wouldn't install. Thats because I'm running service pack 1 and instead I needed to download the adminpak for sp1. Would have been nice if the original page pointed this out as opposed to having to look under the "people also downloaded" section of the webpage.

Microsoft released 2 more patches yesterday - the day after I manage to schedule a lot of reboots for my customers for the wmf patch. Thankfully it looks like the machines may not need rebooting judging on my xp desktop experience. Hopefully the same will hold true for the server.
I had one customer box not reboot overnight because the boot.ini had been mysteriously changed to boot to a (non-existent) windows 2000 installation. Fortunately the customer mentioned (when I rang them early this morning) that the problem of not finding ntkernel.exe is solved by selecting the other option in the boot sequence....I'm glad they told me this but it would have been better if they had mentioned the problem before so I wouldn't have had to get up early this morning in case I needed to make an emergency stop at their site.....so instead I'm catching up on some blogging.

I must be the only person in the world who wasn't pleased that Microsoft released the wmf patch early on Thursday last week. Everyone else seems to be so grateful that this happened but it was a nightmare for me. Thursday night I was doing a software audit on a lan and I left it scanning the machines overnight. I came in the next morning expecting to sit down and start analyzing only to find that the machine had downloaded the new patch and automatically rebooted - loosing all the scanning results so I had to start again - not so happy. Before you tell me that you can set automatic updates to not do the reboot - I know - this was on a machine outside of my control AND Microsoft had also previously announced that the patch would not be ready until Tuesday.

It was a long day in the office today with an upgrade of a windows 2000 server running exchange2000 to a windows2003 running exchange2003. We also upgraded a w2k server running sqlserver to w2k3 too. The sql server was the easiest upgrade with no hitches whatsoever - shame we couldn't say the same thing about the exchange server.

kb article 909444 has how to fix the issues that may arise when you install Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400). Although I've not had any of these issues - yet - this will be good reference for me.

I finally finished the install of Small Business server 2003 on the virtual server on the laptop this morning. It's taken forever to do and this morning I had to go through the activation of the software. As the server doesn't have internet connectivity (yet) I had to do it over the phone. The whole process was simple and straightforward with voice recognition guiding me through the process. After I had read out the 42 (i think) digit number it was time for it to read out the 42 digits. They were split into 7 groups of 6 digits and the funny thing was that it would ask you to say "Go On" at the end of each group if you were ready. I was starting to sound like Mrs Doyle - that annoying woman from the self assessment adverts on tv a couple of years ago - go on, go on, go on!

Although its not a good idea to do this, we have a requirement to set the passwords for users on a telnet application so that they never expire. This is because the telnet interface is the only interface they have with the server and therefore they don't have any way of changing their passwords. Security is controlled by another layer of usernames and passwords within the app so its not that much of an issue.
Anyway, I have a script that creates all the users for me - saves me having to enter all the fields correctly and also ensures that all the fields are entered in a uniform manner.
Until this morning, I'd not been able to set the password never expires option. However using netuser.exe, available from JSI Tip 570 you can do this with netuser username /pwdnexp:y

If you install exchange 2003 on a windows2003 server, under the protocols tab of the server is IMAP4 (among others). This will have a little red x next to it, but right clicking on it gives you the option to start it. Pressing start means the mmc console will pause for about 1 minute and you then get "the service did not respond to the start or control request in a timely fashion. Check the Windows Event Viewer for details".
Checking the event viewer shows NO entries in the event log!
However, running services.msc and changing the Microsoft Exchange IMAP4 service from disabled to automatic and then starting it in the Exchange console results in a working IMAP4

Whilst we're on the subject of naming and network, we were also getting event id 7062. This was fixed by removing the dns server from the list of zone transfers. You can't have your dns server included in your own dns zone transfer list (which makes sense really). THanks event id

Changing a w2k3 server to get the time from the internet can be done by following the useful instructions from a microsoft techie at http://www.mcse.ms/message1107338.html

The Windows 2003 and Small Business Server 2003 cd's arrived in the post today. I'll probably not get a chance to use them until back from holiday though.

5 months ago yesterday I requested a Windows 2003 Eval Kit and its still not arrived. I've requested another one.

Following on from my handsonlab day on Windows 2003 where I didn't even get a demonstration copy of Windows2003, I've signed up for a free evaluation kit from Microsoft themselves