Thursday, December 30, 2010

44 major happenings in Information Technology in 2010

Oh, what a year! There's been no shortage of news stories in the Information Technology field in 2010, from the introduction of Microsoft's Kinect to VMware release of vSphere 4.0. There have also been many high-impact acquisitions, such as EMC's purchase of Isilon for $2.25 billion, or the Oracle-Sun deal for $7.4 billion. Here's the list of the 44 major events that happened this year in chronological order and that is important to remember in my opinion. Please feel free to suggest more if I missed some!

January 2010
  • January 12, 2010: VMware acquires Zimbra, an open-source collaboration software tool, from Yahoo. More here.
  • January 27, 2010: Oracle acquires Sun Microsystems for US$7.4 billion, based on an agreement signed on April 20, 2009. Sun Microsystems, Inc. is renamed Oracle America, Inc. More here.
February 2010
  • February 4, 2010: Nokia makes Symbian OS completely open source. More here. 
  • February 4, 2010: KDE version 4.4. More here. 
  • February 15, 2010: Intel and Nokia merge Maemo and Moblin in MeeGo. More here. 
  • February 24, 2010: Linux kernel 2.6.33. More here. 
March 2010
  • March 16, 2010: During the MIX 10 conference, Microsoft unveils first Platform Preview version of the browser Internet Explorer 9. More here. 
  • March 17, 2010: Google releases Chrome 4.1. More here. 
  • March 17, 2010: Oracle launches Enterprise Manager Ops Center, a platform for managing physical and virtual Sun environments. More here. 
April 2010
  • April 3, 2010: First IPAD with Wi-Fi released in the U.S. by Apple. Read more. 
  • April 12, 2010: HP buys 3Com for US$2.7 billion. Read more. 
  • April 28, 2010: HP buys Palm for US$1.2 billion. Read more. 
  • April 30, 2010: Apple releases first IPAD with Wi-Fi and 3G in the U.S. Read more. 
May 2010
  • May 6, 2010: VMware acquires GemStone, to be operated under VMware's SpringSource division for building Cloud Computing applications. Read more. 
  • May 12, 2010: SAP buys Sybase for US$ 5.8 billion. Read more. 
  • May 16, 2010: Linux kernel 2.6.34. More here. 
  • May 20, 2010: Release of Android 2.2 (Froyo) based on Linux Kernel 2.6.32. Read more. 
  • May 25, 2010: Fedora version 13 released. Read more. 
June 2010
  • June 1, 2010: HP to fire 9000 in the next three years. Read more.
  • June 10, 2010: VMware ESX 4.0 Update 2 Build 261974. Read more.
  • June 10, 2010: VMware ESXi 4.0 Update 2 Build 261974. Read more.
  • June 15, 2010: Microsoft releases Office 2010. Read more.
  • June 22, 2010: IEEE-SA approves IEEE 802.3ba (Ethernet at 40 and 100 Gb/s). Read more. 
July 2010
  • July 13, 2010: VMware ESX 4.1 Build 260247. Read more.
  • July 13, 2010: VMware ESXi 4.1 Build 260247. Read more. 
  • July 16, 2010: is online!
August 2010
  • August 1, 2010: Linux kernel 2.6.35. Read more. 
  • August 10, 2010: KDE version 4.5. More here. 
  • August 19, 2010: Intel buys McAfee for US$7.68. More here. 
September 2010
  • September 3, 2010: HP acquires 3PAR for $2.35 billion. More here.
  • September 9, 2010: NetApp and Oracle Corporation (the new owner of Sun Microsystems) dismiss ZFS lawsuits. More here. 
  • September 15, 2010: PlayStation Move is launched in North America, Europe and various Asian countries. More here.
  • September 29, 2010: Microsoft releases Microsoft iSCSI Software Target 3.3. More here. 
October 2010
  • October 10, 2010: Ubuntu version 10.10. More here. 
  • October 20, 2010: Linux kernel 2.6.36. More here.
  • October 21, 2010: Windows Phone 7 released in Europe. More here.
  • October 26, 2010: Sony retires the cassette Walkman after 30 years. Ok, this is not a real IT news but I think that it can be considered as a sign of our digital age. So read more here.
November 2010
  • November 4, 2010: Microsoft's joystick free gaming console Kinect launched worldwide, starting in North America. More here.
  • November 9, 2010: NetApp unveils three new high-end storage systems dubbed FAS/V6280, FAS/V6240 and FAS/V6210 as well as three midrange systems: FAS/V3270, FAS/V3240 and FAS/V3210. More here.
  • November 11, 2010: China Grabs Supercomputing Leadership Spot in Latest Ranking of World’s Top 500 Supercomputers: the top spot is for the Chinese Tianhe-1A system at the National Supercomputer Center in Tianjin which achieved a performance level of 2.57 petaflop/s. More here.
  • November 16, 2010: Ballmer and Gates confirm that they will not break up Microsoft because they think it could “creates economic dis-synergies to split our server and enterprise business from our client business". More here. 
  • November 23, 2010: Oracle wins $1.3 billion law suit against SAP - the largest software piracy judgment in history. More here. 
December 2010
  • December 6, 2010: Release of Android 2.3 (Gingerbread) based on Linux Kernel Read more.
  • December 14, 2010: Yahoo fires 5% of its staff. Read more.
  • December 20, 2010: Intel Sandy Bridge is on release in Malaysia. More here. 

Two thousand ten is going to leave. Two thousand eleven is coming. Let's wait and see what the future brings!

Thursday, December 23, 2010

FREE: Xinorbis – Disk analyzer

I have just discovered Xinorbis Disk Analyzer. I haven't tested it yet but I am interested in comparing it with TreeSize which is at the moment my preferred tool. I will mainly compare the speed of the scan for very big storage drives. Speed of scan is the key factor for me. Here's some default screenshots from this application which look very nice to me.

Free Disk Analyzer - Xinorbis

Tuesday, December 14, 2010

Powershell to get folder size with Get-ChildItem

Here's my script of the day. I wanted to write a Powershell script which could retrieve the files and folders size for a specified list of volumes. It was important for me to include also empty directories and zero size files, which is not so easy to get with the standard 'Get-ChildItem' method.

The script will return for each volume:
  • the name of the subfolder
  • the total size of the subfolder
  • the number of files in the subfolder (including zero size files)
  • the average file size

Here's the code.

Sunday, December 12, 2010

Source IP address and skipassource hotfix for Windows 2008 R2

I ran into an interesting issue this weekend. I have one Windows 2008 R2 web server that has multiple IP address bound to the same network card and the problem with is that this server is having communication problems (read: server is not communicating anymore).

I have found out that, starting form Windows 2008, all the server's IP addresses get automatically registered on the DNS servers. And this is by design.

In fact Microsoft has changed how the way the TCP/IP stack behaves in the sense that there is no more a ‘Primary’ IP address. So, when multiple IP addresses are assigned to a single network interface, they are all treated evenly and they are are all registered into DNS.

Wednesday, December 8, 2010

Changing the target of a CNAME RR in DNS with Powershell

In your everyday sysadmin life there are situations where you could need a cheap solution for your infrastructure.

Typically if you host a service that doesn't tolerate availability disruption... it doesn't mean that you have the budget to install two pricey Windows 2008 Enterprise or Datacenter editions to build a cluster. This is exactly what happened to me. My company told me to put in place an HA solution for our file sharing solution but not to use a Cluster for the hostname resource, but just to stick to the Windows 2008 Standard Edition.

I have then decided to just implement the fileshare on two replicated servers and define an alias in the DNS which can be quickly moved from one backend server to another. So, if I lose a fileserver I would just have to check replication status and then update the CNAME's target fully qualified domain name (FQDN) field.

Friday, December 3, 2010


In Windows 2008 R2, I have had problems with Server Manager or OOBE reporting Roles and Features as in error state after performing Windows Update. The unfortunate exception code shown is 0x800706BE.

Error as seen under Windows OOBE

Error as seen in Server Manager
To solve this problem the first step is...

Monday, November 29, 2010

Of event id 7023 and Microsoft patch strategy.

Have you ever had an issue with Internet Authentication Service (IAS) failing with event id 7023? This event is somewhat a very good occasion to understand how things work at Redmond. The problem with Microsoft is that quite often installing a patch means that you are soon going to have some unforeseen issues just like when replacing the corner stone of an old pyramid. At least this is what I learnt today when I applied security updates to one of my  good old Windows Domain Controllers. 

Let's start from...

Monday, November 22, 2010

Windows for 99 bucks...

Guys, this is history, just like the man on the moon:

How to downgrade ESX virtual hardware

I have found a cool blog post about Downgrading ESX virtual hardware 7 to 4 via the command-line: "When you upgrade your vSphere environment you normally also upgrade the VM’s virtual hardware to version 7, to take advantage of the new features. This is pretty normal procedure for all VMware admins. But in some very very rare cases you might need to move a VM upgraded to hardware version 7, to a host that doesn’t support VM’s running hardware version 7..."

Sunday, November 21, 2010

NetApp videos

Like most of the big companies nowaday, we are also implementing NetApp solutions side by side with other SAN technologies, due to its advantages, such as Volume Deduplication, Snapshots and thin provisioning. I am not a storage guru, so I have been wandering in the meanders of the net to find good resources about NetApp, and I luckily came into some quality videos by Alterkom that I would like to share with you here, just in case:

NetApp-1-N90X Deleting (Destroying) Volumes and Aggregates
NetApp-2-N90X Creating Aggregates
NetApp-3-N90X Creating Volumes
NetApp-4-N90X Configuring CIFS on NetApp
NetApp-5-N90X Configuring NetApp Virtual DIsk Storage in Xen Server
NetApp-6-N90X Configuring iSCSI on NetApp and Windows Servers

I suggest you watch them in this order and you'll learn a lot about NetApp configuration and behavior.

Thin provisioning

Under vSphere, I have came across situations where I needed to quickly change the disk type from thick to thin or to check whether my virtual disks were preallocated on disk or not. Thin provisioning is something new to VMware vSphere which enables you to thin-provision your disks in order to optimize the utilization of available storage.

Changing disk format for a VMDK virtual disk can be done via the command line interface called vmkfstools; which let you manage your VMDK files (these are the actual virtual hard drives for the virtual guest OS). There are plenty of switches under vmkfstools, and some are exactly what we need to change the VMDK format. Let's have a look at...

Friday, November 19, 2010

Forcing Windows 2008 to a KMS server

If you have many KMS servers in your infrastructure (as in my case), it can be useful to know how to force new servers to a specific KMS server. This is particularly true if you have activated your KMS servers with different Volume Licensing keys (A for Web edition, B for Standard edition or C for Enterprise and Datacenter editions) or if you don't want to see your activation requests crossing all of your network.

Basically, a KMS client will send out a request to its DNS server for a record of type srv _vlmcs._tcp and the DNS will answer with the hostname of a KMS server to contact and to register with. What you can do is to use the integrated slmgr to tell your new server to connect directly to a specific server substantially bypassing the broadcast part.

Here's how.

Wednesday, November 17, 2010

Event ID 8214

Sometimes it happens that once you have modified you Alternate Access Mappings (AAM) on a SharePoint website, you start getting 8214 events in the Application EventLog:

Event Type: Error
Event Source: Windows SharePoint Services 3
Event Category: Topology
Event ID: 8214
Date: 15/03/2010
Time: 4:41:18 PM
User: N/A
Computer: WSSserver

This happens...

Intel Confirms Sandy Bridge Debut for January '11

Add to
Email this Article
Add to digg
Add to Google

Monday, November 15, 2010

Cloning Windows Server 2008 R2: Use Sysprep (no more NewSID)

Changing SID does matter, as you will learn reading this: Cloning Windows Server 2008 R2: Use Sysprep (no more NewSID): "It is not uncommon for system administrators to clone virtual servers or take an image of physical servers running Windows Server 2008 these days. There are plenty of tools to do that these days (Ghost, Acronis, Platespin for P2V conversions, etc.) If this is something you do regularly then you won’ ..."

Friday, November 12, 2010

Vmware Windows 2008 R2 template

Having been playing around for some time now with Vmware templates and Windows 2008 R2 integration, I have decided to give credit to the few sites that have helped me and that shared their experience of preparing a template I could easily use as a master for my future VM deployments.

This is a very complete resource, which comes with a full explaination of disk partitioning and of issues related to the component folder Winsxs...

PASH or... Powershell + Bash

PASH (Powershell + Bash): open Source powershell for Linux, Mac and Win Mobile: "Pash (PowerShell + Bash) is an open source reimplementation for 'others' (Mac, Linux, Solaris, etc...) and Windows (including Windows Mobile and Windows CE). The main goal is to provide a rich shell environment for other operating ..."

I'll give it a try!

Thursday, November 11, 2010

Monitoring registry changes under Windows 2008 R2

I need to monitor registry changes in a brand new Windows 2008 R2 installation to track changes to registry keys when I deactivate TCPIPV6, QoS and other stuff on the server network card. This task is a tough one, more than I expected. Not so longtime ago we had regmon, which was so powerful. Today regmon is no more an option for recent Microsoft Operating Systems. I could use procmon, of course, but it  is so heavy and resource-consuming and, what's more, too many information is displayed which it takes a lot of energy to filter out.

I have therefore started trying Registry Live Watch...

Wednesday, November 10, 2010

SEPM 11 communication with clients

Antivirus administrators, I have found an excellent video explaining communication between Symantec SEPM11 and its clients. I think that you might find it very interesting especially if you have a firewall between your SEPM management server and your SEP clients.

What you will learn from this video is that all SEP communications are CLIENT INITIATED from a random port, toward the SEPM HTTP port (from MR3 onwards the default is 8014, before it was port 80). There is no connection FROM the server TO the client. Even if you push an action as 'Update Content' the client will retrieve this command from the server at its next connection with the management server.

That's why using netstat -b | find /i "ip.address.of.server" you will see all the communication on port 8014.

TCP ports 139 and 445, as well as UDP ports 137 and 138, are only required for initial client deployment from SEPM, not for management.

I hope this helps!

Tuesday, November 9, 2010

The disk is offline because of policy set by an administrator

You have just installed or cloned a VM with Windows 2008 Enterprise or Datacenter or you have upgraded the VM to Virtual Hardware 7 and under Disk Management you get an error message saying:

"the disk is offline because of policy set by an administrator".

This is because, and this is by design, all virtual machine disk files (VMDK) are presented from Virtual hardware 7 (the one of ESX 3.5) to VMs as SAN disks.

Sunday, November 7, 2010

ESX server troubleshooting

Three days ago I was woken up for a problem on en critical ESX server for which I am on-call. As you know, duties of a system administrator are wide-ranging, and, in particularly sensitive environments, you must be ready to be answering the phone at any time of the year… so I duly spent most of my night alone with my laptop to solve it and that event made me think of a post where I would resume a bunch of information about ways and commands to troubleshoot an ESX server problem. This is that post.

First of all, when troubleshooting an ESX, you have to

Wednesday, November 3, 2010

SharePoint and SSL

Following our IT Security team guidelines, I have finally decided to migrate one of our WSS 3.0 websites to the HTTPS protocol. The procedure is a little bit complicated, because I had to modify SharePoint configuration first and only then proceed to setup the Security Certificate in IIS 6.0.

Start by running SharePoint 3.0 Central Administration, then select Application Management and choose the option 'Create or extend web application':


You're probably reading this post because you are wondering why there are so many processes running with the name svchost.exe. What are they? Microsoft has been strangely neboulous about this service. Usually Windows services have meaningful names and associated processes too. This is not the case for this sort of black box. What's hiding inside? And why is it so often taking so many server resources?

Microsoft has given its users a tool to check

Tuesday, November 2, 2010

TOP500 SuperComputer Sites and Tianhe-1

This November 2010, the TOP500 website will finally publish the name of the fastest supercomputer in the world. Suspense is at its highest level. Will China get the top rank with its Tianhe-1 supercomputer? It would be the first time ever that a non-American and non-japanese supercomputer lab get this prize... times are changing...

Last June, Jaguar Cray XT5 won with 1759 teraflops. This November, Tianhe-1 from the National SuperComputer Center in Tianjin seems to be able of scoring an impressive computing rate of 2507 teraflops, which is far beyond any recorded performance.

Sysadmins, stay tuned on!

Other interesting links:

SQL server open connections

In order to solve performance issues or to check database usage, it can be quite useful to know how to get current connections to a SQL Server.

In SQL Server 2000 (if you still have one...), SQL Server 2005 and SQL Server 2008 the sp_who2 stored procedure returns information about current SQL Server 2000 users and processes. This function is unfortunately not very well documented.

As a general information, you must know that the connections returned by this function are denoted as SPID, or Server process Id. Running sp_who2 is easy, All that is required is to type sp_who2 and type F5.

Tuesday, October 26, 2010

Windows, Linux and CPU architecture

Today I have been browing a bit and found a very interesting post on the MSDN blog talking about the Windows 2008 licensing model and how that connects to CPU models evolution during the last years. CPU terminology (Cores, NUMA nodes, Logical Processors) is so well explained I think you should really go and have a look. Also because most modern CPU’s, Intel new Nehalem’s and AMD’s veteran Opteron, are NUMA architectures whose characteristics are very well explained.

Here's the link to the MSDN blog post.

Other interesting posts I have been reading lately about this topic:

Monday, October 25, 2010

Disabling UAC part 2

I have recently posted about ways of of disabling User Account Control (UAC) in Windows 2008 (See here). What I did not say in that previous post, it is that it is luckily possible to disable UAC just for system administrators. Wonderful, isn't it? Because, frankly, if you are not in a sensitive security environment, or if your systems are well protected from outside access, then this UAC thing can be a real pain for your everyday sysadm activites....

So, here's how to partially disable UAC.
  • Run Registry Editor (RegEdit)
  • Locate the following REG_DWORD value: ConsentPromptBehaviorAdmin
  • Change the value of ConsentPromptBehaviorAdmin from 5 to 0.
  • Now Exit from Registry Editor
  • Restart the computer.
Simple and clean....

Background information: the default value for ConsentPromptBehaviorAdmin is 5, which means that Windows prompts for consent for non-Windows binaries. Other possible values are:

0 = Elevate without prompting
1 = Prompt for credentials on the secure desktop
2 = Prompt for consent on the secure desktop
3 = Prompt for credentials
4 = Prompt for consent

STOP 0x000000FE error

I have just run into the issue described in Microsoft KB974410. I have a computer that is running Windows Server 2008 R2 and when the computer enters or resumes from hibernation, it crashes. The Stop error message that comes up is this one:

STOP 0x000000FE

As far as I have understood, a Microsoft hotfix should be available for this problem. I haven't asked it yet. Instead, to solve my problem, I've just disabled the Selective Suspend feature in the USB composite class drive (Usbccgp.sys). This can be done this way:

Thursday, October 21, 2010

The workstation driver is not installed.

Sometimes it happens that trying to map a UNC path [net use * \\servername\path] from a WSS or MOSS document library, you get an error “The workstation driver is not installed”.

The problem is often in the startup order of the Webclient service and of MRxDAV which is the redirector for Web Distributed Authoring and Versioning (WebDAV).

First a little technical explaination of how this stuff should normally work in Microsoft Windows.

Tuesday, October 19, 2010

Installing PERL on Windows 2003 and IIS

This is an how-to concerning the configuration of IIS 6.0 on a Windows 2003 Server to make it able to run PERL script.

First of all, you have to download ActivePerl 5.12, which is a free distribution of the language developed by ActiveState. You can find it here. Perl is not installed on Windows platforms, that's why you have to get yourself this distribution. The advantage of ActivePerl over other distributions is that it's a open source distribution and that it has regular releases that track the major Perl releases.

Monday, October 18, 2010

Extract bz2

Have you find a .tar.bz2 file on your system and don't know how to get its content? Here's what to do. It's very easy. First, to uncompress it go to here and get bzip2.

Then use:

bzip2 -d file.bz2 to decompress and delete the original file.

bzip2 -dk file.bz2 to decompress and keep the original file.

This command can be used in conjunction with tar, if the file is an archive:

tar xjf archive.tar.bz2 (to decompress the archive).

For more information on the BZIP2 algorithm, have a look here.


McAfee VSE 8.5 or 8.7

Here's some information about McAfee support for different Windows Operating Systems.

First thing to know is that VSE 8.0 is End of Life (EOL) March 31, 2010.

Also important to note is that there is no more support for Windows NT. It stopped with the End of Life (EOL) of Common Management Agent (CMA) 3.6.0 on March 31, 2010.
No more support for Microsoft Windows ME and all 9x versions.

Wednesday, October 13, 2010

Installing SEPM 11 step-by-step

In this post I will show the procedure to follow to install Symantec Endpoint Protection Manager 11, console, and embedded database on a Windows Server 2008 R2 Enterprise Edition.

Symantec Endpoint is the new name for the successor of Symantec AntiVirus Corporate Edition. In a nutshell, Symantec Endpoint 11 (aka SEPM 11) adds handling of spyware, a firewall and support for endpoint security health verification, among other secondary features. The last published version of Symantec AntiVirus was version 10, and Endpoint Protection begins at version 11, so no wonder if you get a moment lost trying to understand why Symantec did not reset version numbering even if they changed the product name...

Monday, October 11, 2010

Limitations of SQL Server Express 2008

For those of you who need this information, the limitations of SQL Server Express 2008 are essentially the following ones:

  • 1 CPU (It is unable to scale to use multiple processors. So If a system has more than 1 SQL Express 2008 will still run but limit itself to 1 CPU.)
  • 1 GB of RAM (More RAM can be installed, but again SQL Express 2008 will only make use of a maximum 1 GB.)
  • 4Gb maximum for each database (not global storage)
  • Unlimited users
  • No SQL Server Agent service
  • No SQL profiler
  • Still has support for procedures, triggers & functions
  • Need Management Studio Express or higher to manage the instance (SQL Server Management Studio Express (SSMSE). This is downloadable as a standalone tool or integrated with a SQL Server Express edition at no charge.
If you’re able to cope with these limitations, SQL Server 2008 Express may be the best choice for you.

Otherwise, a great improvement comes with SQL Server Express 2008 R2 which is still free and where the maximum database size limit has been raised from 4 GB to 10 GB.

Another option to consider for database developers is the Developer Edition. Unlike Express Edition, Developer Edition has no limitations on database size, performance characteristics or functionality. However, it’s only licensed for use by a single developer in a non-production development environment.

Microsoft October Security Bulletin

Microsoft has just issued a Security Bulletin Advance Notification telling that in their October release there will be sixteen bulletins. This will be the biggest Patch Tuesday ever, with a total of 49 vulnerabilities set to be fixed.

Four bulletins will have the severity rating of critical and will be for Microsoft Windows and Internet Explorer. They will concern flaws that could allow malicious remote code execution.

Ten bulletins will have the severity rating of important and will be for Microsoft Server Software, Windows, and Office.

Two bulletins will have the severity rating of moderate and will be for Microsoft Windows.

Windows sysadmins, get ready. On October 13, 2010, Jerry Bryant, group manager at Microsoft, and special guest Jonathan Ness, principle security SDE lead, from the Security Research & Defense team, will make a public webcast where they will go into details about the bulletins, and answer questions live on the air.

If you want to attend this webcast, register in advance:

Date: Wednesday, October 13, 2010
Time: 11:00 a.m. PDT (UTC -7)

Friday, October 8, 2010

DHCP Jet Writer retryable error

During an incremental backup done with TSM client version 5 on Windows 2003 I encountered a VSS_WS_FAILED_AT_FREEZE error message. This caused the TSM scheduled backup to stop immediately.

This is what I could find in dsmerror.log located under c:\program files\tivoli\tsm\baclient:

10/08/2010 10:26:19 VssRequestor::checkWriterStatus: VssRequestor::checkWriterStatus failed with hr=VSS_E_WRITERERROR_RETRYABLE
10/08/2010 10:26:19 ANS5268W The Microsoft Volume Shadow Copy Services writer 'Dhcp Jet Writer' current state (VSS_WS_FAILED_AT_FREEZE) is not valid for the current operation.
10/08/2010 10:27:49 ANS5271E A Microsoft Volume Shadow Copy Services writer is in an invalid state before snapshot initialization.
10/08/2010 10:27:49 ANS1327W The snapshot operation for 'server\SystemState\NULL\System State\SystemState' failed with error code: 4353.
10/08/2010 10:27:49 ANS1228E Sending of object 'server\SystemState\NULL\System State\SystemState' failed
10/08/2010 10:27:49 ANS5258E An error occurred initializing a VSS request. For more information, see the TSM client error log.
10/08/2010 10:27:49 ANS1375E The snapshot operation failed.

As you may know...

Wednesday, October 6, 2010

Disabling UAC

There are to easy ways to disable the secure but annoying UAC (User Account Control) in Windows 2008 (R2 or not) or Windows Vista.

The simpler one is to use reg.exe at the command prompt. Just run the following command at the DOS prompt on one line:


This is the linux syntax to find some files and add them to an archive:

find . -name '*.cfg' -type f -newer flagfile -exec tar uf backup_it.tar {} \;

'{}' is a placeholder for the name of the file that has been found.

As we want the shell to ignore the semicolon and pass it verbatim to find we have to escape it with '\;'.

An explaination for other special characters can be found here.

Windows 2008 space issue and WinSxS growing fast

Are you asking yourself what the WinSxS folder is and why it is so big and growing?
In a few words, we can say that this is the folder that keeps Windows Vista, Windows 7 and Windows 2008 OS components and it is therefore very touchy.

SxS means Side-by-side technology and it is a solution integrated in recent Windows versions by Microsoft in a attempt to reduce DLL hell. The problem with this solution is that the system keeps all versions of installed components in order to be able to serve them to asking application. As a downside, you will notice that this folder grows up very quickly and this can quickly became a very serious issue for your production servers.

Monday, September 6, 2010

Conhost.exe, CSRSS and Session 0

Under Windows 2008 and Windows 7 a new process has appeared in task manager which did not exist before. This process is the Console Windows Host, %SystemRoot%\system32\conhost.exe.

The aim of this new process is to separate end user activity from system activity and limit exposure of the highly privileged CSRSS.EXE process. It is, to make it short, a brand new Microsoft security feature which you can definitively trust.

Friday, September 3, 2010

VMware guests and ISCSI/SAN storage

Last week I have had a problem with my Windows Server VMs residing on an iSCSI storage. Error eventid 11 (The driver detected a controller error on \Device\Harddisk0.) and eventid 15 (The device, \Device\Scsi\symmpi1, is not ready for access yet.) where recorded by some of my VMWARE virtual machines running Windows.

Event Type: Error
Event Source: Disk
Event Category: None
Event ID: 11
User: N/A
The driver detected a controller error on \Device\Harddisk1.

Event Type: Error
Event Source: symmpi
Event Category: None
Event ID: 15
User: N/A
The device, \Device\Scsi\symmpi1, is not ready for access yet.

Furthermore, in our case I detected the following error on the ESX logs:

Wednesday, September 1, 2010

SharePoint Gatherer Event ID 2442 and 2444

I have these days a problem with my SharePoint. To be specific, the search module is no more indexing documents that are added to the WSS 3.0 document libraries. To make myself clear, the serach module ("C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\mssearch.exe" ) is properly working but recently added docs are not being returned.

I have had a look to the Event Viewer on the Sharepoint server and, filtering for source Windows SharePoint Services 3 Search and Category Gatherer, I’ve found that I have two kind of events:

Thursday, August 26, 2010

Silent Internet Explorer 8 installation

Here's the script I wrote to silently install IE8.

The simple command line to use would be : "IE8-WindowsXP-x86-ENU.exe /passive /norestart" (for Internet Explorer Setup Options look here) but we want the script to do more and to automatically detect Windows OS version.

Start by download all these files from and put them in the very same directory:

  • IE8-WindowsXP-x86-enu.exe for XP 32 bits
  • IE8-WindowsVista-x86-ENU.exe for Vista 32 bits and Windows Server 2008 32 bits
  • IE8-WindowsVista-x64-ENU.exe for Vista 64 bits and Windows Server 2008 64 bits
  • IE8-WindowsServer2003-x86-ENU.exe for Win 2003 32 bits SP2
  • IE8-WindowsServer2003-x64-enu.exe for Windows 2003 64 bits and Windows XP Pro 64 bits

VMFS3 metadata files

Known extensions for metadata files on the VMFS3 volumes:
  • .fdc.sf - file descriptor system file
  • .sbc.sf - sub-block system file
  • .fbb.sf - file block system file
  • .pbc.sf - pointer block system file
  • .vh.sf - volume header system file
Here's an example of sizing for this files:

-r-------- 1 root root 480K Jul 21 15:31 .fbb.sf
-r-------- 1 root root 60M Jul 21 15:31 .fdc.sf
-r-------- 1 root root 244M Jul 21 15:31 .pbc.sf
-r-------- 1 root root 248M Jul 21 15:31 .sbc.sf
-r-------- 1 root root 4.0M Jul 21 15:31 .vh.sf

VMWare states that this files shoud not be deleted.

Friday, August 20, 2010

Event ID 1028 and CITRIX through a firewall

Today I have faced a problem with our CITRIX farm. Connecting to the CITRIX web interface on http://citrixserver/Citrix/MetaFrame/auth/login.aspx nothing happened during the authentication process for our users and on the citrix application server a error event 1028 was recorded :

Event Type: Warning
Event Source: TermService
Event Category: None
Event ID: 1028
Date: 20/08/2010
Time: 15:56:39
User: N/A
Computer: servername
The terminal server client servername has been disconnected because its license could not be renewed. The license server was contacted to get Windows Server 2003 - Terminal Server Per Device CAL Token. license for this client.

I quickly discovered that our security administrator had changed firewall rules between our site and the remote Licensing server. Packets to port 445 were discarded by the firewall.

So, in order to request Terminal Services client access licenses (TS CALs), you must get this kind of traffic allowed. Port 445 is for directory access, and you need that port open for user authentication. No way you can do without as far as I know.

Intel Buys Cyber McAfee For $7.68 Billion In Cash

Yesterday Intel has bought McAfee... if you want to understand what's going on beyond the curtains read here, here and here.

Wednesday, August 18, 2010

DOS string manipulation

I have just found this very interesting post on basic and advanced string manipulation in batch files. It really is not to miss if you want to become a command line master!

It explains how to:

Improved batch for DSFR monitoring

For those of you who have followed my post on DFSR monitoring, here's a better version of the batch file. I used DIRUSE.EXE to get some information I previously calculated with for loops...

Here's the code:

@echo off
setLocal EnableDelayedExpansion
echo Date Time Hidden_MB_1 Hidden_MB_2 Conflict_MB_1 Conflict_MB_2 Conflict_#_1 Conflict_#_2 Staging_MB_1 Staging_MB_2 DiskFree_F_1 DiskFree_F_2 > c:\supervi.txt
set member1=your_DFSR_member_1
set member2=your_DFSR_member_2
set diskvolume=f$


for /f "delims=" %%a in ('diruse \\%member1%\%diskvolume% /M /S ^| find "System Volume Information\DFSR" ^| find /V "DFSR\"') do @set value1a=%%a
set dfsr_hidden_size_1a=%value1a:~3,13%

for /f "delims=" %%a in ('diruse \\%member2%\%diskvolume% /M /S ^| find "System Volume Information\DFSR" ^| find /V "DFSR\"') do @set value1b=%%a
set dfsr_hidden_size_1b=%value1b:~3,13%

for /f "delims=" %%a in ('diruse \\%member1%\%diskvolume% /M /S ^| find "ConflictAndDeleted" ^| find /V "ConflictAndDeleted\"') do @set value2a=%%a
set dfsr_conflict_size_2a=%value2a:~3,13%

for /f "delims=" %%a in ('diruse \\%member2%\%diskvolume% /M /S ^| find "ConflictAndDeleted" ^| find /V "ConflictAndDeleted\"') do @set value2b=%%a
set dfsr_conflict_size_2b=%value2b:~3,13%

set /a how_many3a=0
set Fldr3a=\\%member1%\%diskvolume%\data_to_replicate\DfsrPrivate\ConflictAndDeleted
FOR /R "%Fldr3a%" %%I IN (*) DO set /a how_many3a=!how_many3a!+1

set /a how_many3b=0
set Fldr3b=\\%member2%\%diskvolume%\data_to_replicate\DfsrPrivate\ConflictAndDeleted
FOR /R "%Fldr3b%" %%I IN (*) DO set /a how_many3b=!how_many3b!+1

for /f "delims=" %%a in ('dir /s \\%member1%\%diskvolume%\data_to_replicate\dfsrprivate\staging ^| find "File(s)"') do @set value4a=%%a
set dfsr_staging_4a=%value4a:~24,16%

for /f "delims=" %%a in ('dir /s \\%member2%\%diskvolume%\data_to_replicate\dfsrprivate\staging ^| find "File(s)"') do @set value4b=%%a
set dfsr_staging_4b=%value4b:~24,16%

FOR /F "tokens=*" %%A IN ('dir \\%member1%\%diskvolume% ^| FIND "bytes free"') DO SET freedisk_f_1=%%A
FOR /F "tokens=*" %%A IN ('dir \\%member2%\%diskvolume% ^| FIND "bytes free"') DO SET freedisk_f_2=%%A

echo %date% %time% %dfsr_hidden_size_1a% %dfsr_hidden_size_1b% %dfsr_conflict_size_2a% %dfsr_conflict_size_2b% !how_many3a! !how_many3b! %dfsr_staging_4a% %dfsr_staging_4b% %freedisk_f_1% %freedisk_f_2% >> c:\supervi.txt

rem sleep 300

goto beginning

Monitoring DFSR

I have developped the following batch file to monitor disk space utilization in a Windows 2003 R2 DFSR environment. I think it can also be used in a Windows 2008 R2 environment.

DFSR Staging folders and Conflict and Deleted Folders are monitored as well as disk space on concerned hard drives. DFSR hidden folder is the folder containing the SimilarityTable database, which could grow up under some circunstances.

You just have to replace hostname1 and hostname2 with the name of the members of your DFSR Replication Group. And replace also the location of

Monday, August 16, 2010

DFSR R2 and event id 2104

Today my DFS-R volume is returning error 2104 every 1 hour in the DFS Replication event log.

Here's the content of the error event:

The DFS Replication service failed to recover from an internal database error on volume F:. Replication has been stopped for all replicated folders on this volume.

Additional Information:
Error: 9214 (Internal database error (-1414))
Volume: A9REC15F-ED9F-11DB-A78E-0019B44441DC
Database: F:\System Volume Information\DFSR

For more information, see Help and Support Center at

My configuration is Windows 2003 R2 with DFSR full mesh topology on two nodes. The replicated folder is : f:\data_to_replicate. Shadow Copies for volume F: are activated. Storage area for the Shadow Copies is on volume G:. The DFSR is very highly accessed and many very small files are continuously modified.

I have run a DFS Replication Health Report and here's what I got on the problematic DFS member:

  • A database problem is blocking replication on volume F:.
  • DFS Replication unable to replicate files for replicated folder data_to_replicate due to insufficent disk space.
  • Cannot access DFS Replication performance counters.
  • Cannot access DFS Replication performance counters.
  • Cannot access the local WMI repository.
  • One or more replicated folders have sharing violations.
The detailed error description is the following : “The DFS Replication service was unable to recover from an internal database error on volume F:. Replication has stopped for all replicated folders on this volume until the database is automatically rebuilt. If the database is rebuilt successfully, replication will resume after the rebuilding is complete. If the database cannot be rebuilt, a separate event is generated. If you are seeing this error more than two times in seven days, we recommend that you run Chkdsk on the volume that contains the database. Event ID: 2104”

I have had a look to F:\System Volume Information\DFSR and found that SimilarityTable_1 has taken all the available space on our Data Drive and is 8 GB.

So, to resume, the disk space situation is as follow:
  • Server001:Disk F: is full (because of SimilarityTable_1 file taking 8GB).
  • Server002:Disk F: is ok with more than 1GB available.
Looking on, I have found that the user action proposed by Microsoft tech guys is: “The system will attempt to rebuild the database automatically. However, you should ensure there is sufficient disk space on the volume for database maintenance and check the NTFS log for volume errors, which can help you troubleshoot possible hardware failures. If the database cannot be rebuilt, a separate event is generated. If you see this error frequently, you should run Chkdsk on the volume that contains the database to verify that the problem is not disk-related.”

So, in two words, the solution is simple: wait for the temporary SimilarityTable to be emptied and, if you can, free up some space on the full volume to speed up this job. In my case I had a few big files to delete on the F: volume and after two hours everything went back to normal.

If in the mean time your Conflict and Deleted folders has grown up, as in my case, perform a manual clean-up of it. A manual clean-up will permit you to select which files you want to keep. Delete all the rest once you are sure you have on each member the last version of the desired files.

As Microsoft states, DFS Replication uses a "last-writer wins" method for determining which version of a file to keep when a file is modified on two or more members. The losing file is stored in the Conflict and Deleted folder on the member that resolves the conflict. This member might not be the member where the changes originated.

Under this link you will find a good post explaining how to purge the Clnflict and Deleted folder. In a situation where the DFSR is in an error state, go straight to the second scenario:
  • Stop the DFSR service on every member.
  • Delete the contents of the ConflictAndDeleted folder manually (with explorer.exe or DEL) on every member.
  • Delete the ConflictAndDeletedManifest.xml file on every member.
  • Start the DFSR service back upon every member.
  • Wait a few minutes to be sure that replication starts correctly.
Just as a note, remember to properly set Staging Folders size in order to appropriately answer demand. Disks hosting DFSR folders must never fill up!

For tips on configuring and optimizing quota size and information on the consequences of having too small staging folders, refer to this.

Thursday, August 12, 2010

DCOM Error 10016 Solved

I have recently installed a SharePoint 2010 Farm and I have come across and fixed the DCOM error 10016, which shows up in the system log.

Here's the detailed error description:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
to the user SERVERNAME\xxxuser (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

To me, this error is related to an IIS misconfiguration more than to a SharePoint error.

61738644-F196-11D0-9953-00C04FD919C1 is in fact the key for the service “IIS WAMREG Admin Service”. You can check this looking in HKCR.

A simple solution under Windows 2003 and Windows 2008 is to run dcomcnfg and give the service account (which is indicated in the event log error) rights to Launch and Activate IIS WAMREG Admin Service.

To do so:
  • Click Start
  • Click Run
  • Type "dcomcnfg" and click ok
  • Expand Component Services / Computers / My Computer / DCOM Config
  • Scroll down and find IIS WAMREG admin Service.
  • Right click on it
  • Click the Security tab
  • Click Edit under Launch and Activation Permissions
  • Click the Add... button.
  • Enter the name of the Service Account for your Configuration Service
  • Click OK
  • In the Permission for your username, check these boxes: allow Local Launch and allow Local Activation rights.
  • Click OK
  • Click OK once again

Unfortunately, if you are working (as I was) in a Windows 2008 R2 environment, the solution is a bit harder, because, as I could discover, I had first to unlock the Launch and Activation Permission windows, which was greyed out due to lack of permissions.

Under Windows 2008 R2 the permission for this service for the Administrator accout is limitied to "Read". So:
  • Start Regedit (Click on Start/Run/Regedit)
  • Type F3
  • Search for the string 61738644-F196-11D0-9953-00C04FD919C1
  • Then right click on the key
  • Click Advanced in the Permissions dialog of this key
  • Select the Owner tab.
  • Change the owner of the key to the administrators group for example
  • Set full control to the administrators group. (Remember not to make ANY modification to the permissions for the TrustedInstaller!!)

You should no longer see the annoying DCOM 1006 errors in your System Event log!


Rack it the good way!

I have just found this simple post with suggestions on how to fill a server room rack: Always Fill a Rack From the Bottom Up

In any case this is what you want to evite:

A server rack buying guide can be found here.

Sites and blogs that link to me, I will link back

I'm going to link every site and blog that link to my blog. So, if you have placed a link of my blog on your blog, let me know and I will place a link for your blog/site too.

How to get Group Membership with DSQuery/DSGet

Recently I’ve been asked to put in place a batch script which could produce a recursive text report of all the members in one or more Active Directory groups.

Dsquery and Dsget are very useful commands for this kind of interaction with the Active Directory, and the can be used togheter on the same lcommand line. It is in fact possible to pipe Dsquery output to Dsget this way:

dsquery group –name *samplegroupname* | dsget group -members >> group_membership.txt

The problem with this is that if you want to redirect the output of this command to a text file you will get a list of group members but not the name of the groups they belong to.

So, the solution is to use a "for" cycle in a batch file. The group name is written to the text file before writing the group members names. Here's the batch file:

@echo off

if exist group_membership.txt del group_membership.txt

dsquery group >temp_groups.txt

for /f “tokens=*” %%g in (temp_groups.txt) do @echo %%g >> group_membership.txt && echo Members in this group: >> group_membership.txt && dsget group %%g -members >> group_membership.txt && echo **************************************** >> group_membership.txt

notepad group_membership.txt


The output of the batch file is automatically opened in Notepad. Just remember to put all the "for" cycle on one line only!

Thursday, August 5, 2010

Despicable me

The Minion IT administrator!!!

Source is here...

Windows and SSH, so disappointing

Why none of the Windows operating systems come with a SSH Server? This is the question I am asking myself today. Even Windows 2008 R2 has no SSH support, which is very strange and disappointing because Secure Shell is a standard network protocol since 1995.

So, still today, the administrator is forced to fall back on open-source software such as OpenSSH, which is a very complicated solution for a quite simple task.

There are today many SSH Server options available for Windows Server 2008:

* OpenSSH
* Van Dyke – vShell 3.0 Server (commercial)
* FreeSSHd
* WinSSHd (commercial)
* Kpym Telnet/SSH Server

Some of them are easier to install and configure, but the level of integration with Windows stays very low.

FreeSSHd is to me the easiest solution at now. Some others are somewhat complicated to manage, such as OpenSSH.
You can find a good tutorial explaining how to setup remote administration of Windows Server Core with OpenSSH here.

Other useful links:
PuTTY Download Page
Stupid SSH Tricks: Some Essentials

Powershell and NMAP

This is a Powershell function which is very useful to check that your servers have an HP Management interface listening on on port 2381. The Powershell script uses NMAP to effectively scan the remote system and output back the complete http link to the service.

You can also use this script againts a list of hosts. And, of course, this function can be used againts any known open port on the remote system.

#* Function: NMAP_Port_2301
#* Arguments: $Comp
#* Output: $hp_management_info
#* Purpose: Retrieve the service information for the
#* HP Management Interface. Port 2381 is the port
#* for the website and 2301 for the effective connection.
function NMAP_Port_2301
write-debug "Entering NMAP_Port_2301"
$global:hp_management_info = $null
$global:hp_management_site = $null
$global:nmap_hp_management_2301 = $null
$global:nmap_hp_management_2301 = nmap -p 2301 -sV $Comp
$global:hp_management_info = $global:nmap_hp_management_2301.SyncRoot[4]
if($global:hp_management_info -match "open")
$global:hp_management_site = "https://" + $Comp + ":2381"
$global:hp_management_info = $null
$global:hp_management_site = $null
write-debug "EXIT"

NMAP_Port_2301 $Comp

NMAP (Network MAPper) is a securityscanner that sends specially crafted packets to the target host and then analyzes the responses. You can download it from here.
Related Posts Plugin for WordPress, Blogger...