Microsoft
dcdiag – VerifyEnterpriseReferences – msDFSR-ComputerReferenceBL – Q312862
0While writing a Nagios plugin on Active Directory health, dcdiag /e /c got the good idea to give this alert:
Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=myDC,OU=Domain Controllers,DC=mydomain,DC=net Base Object Description: "DC Account Object" Value Object Attribute Name: msDFSR-ComputerReferenceBL Value Object Description: "SYSVOL FRS Member Object" Recommended Action: See Knowledge Base Article: Q312862
Article Q312862 is not really helpful, but the underlying problem is true.
Since Windows 2008, AD replication is meant through DFS-R and not FRS anymore. But it implies to have only DC > Windows Server 2003.
So if your DC are updated enough, you can use dfsrmig to migrate, which main commands are:
Check global state:
PS C:\users\mchateau\Desktop> dfsrmig /GetGlobalState Current DFSR global state: 'Start' Succeeded.
Values can be:
0 'Start' 1 'Prepared' 2 'Redirected' 3 'Eliminated'
==>if you are already in DFS-R, state is Eliminated.
Check migration state:
PS C:\users\mchateau\Desktop> dfsrmig /GetMigrationState
All domain controllers have migrated successfully to the Global state ('Start').
Migration has reached a consistent state on all domain controllers.
Succeeded.
Go from start to Prepared:
PS C:\users\mchateau\Desktop> dfsrmig /SetGlobalState 1 Current DFSR global state: 'Start' New DFSR global state: 'Prepared' Migration will proceed to 'Prepared' state. DFSR service will copy the contents of SYSVOL to SYSVOL_DFSR folder. If any domain controller is unable to start migration, try manual polling. Or run with option /CreateGlobalObjects. Migration can start anytime between 15 minutes to 1 hour. Succeeded.
Check state (in progress):
PS C:\users\mchateau\Desktop> dfsrmig /GetMigrationState
The following domain controllers have not reached Global state ('Prepared'):
Domain Controller (Local Migration State) - DC Type
===================================================
myDC01 ('Start') - Writable DC
myDC02 ('Start') - Writable DC
myDC03 ('Start') - Primary DC
myDC04 ('Start') - Writable DC
Migration has not yet reached a consistent state on all domain controllers.
State information might be stale due to Active Directory Domain Services latency.
PS C:\users\mchateau\Desktop>
You just have to go through the last two steps, turn by turn:
dfsrmig /SetGlobalState 2 dfsrmig /SetGlobalState 3
In the end:
PS C:\users\mchateau\Desktop> dfsrmig /GetMigrationState
All domain controllers have migrated successfully to the Global state ('Eliminated').
Migration has reached a consistent state on all domain controllers.
Succeeded.
SCOM 2012 : De l’installation à l’exploitation, mise en oeuvre et bonnes pratiques
2
Un peu d’auto promo sur un livre que j’ai écris et qui sort pour noël 
Il porte sur System Center Operations Manager (SCOM) 2012, depuis l’installation jusqu’à l’exploitation des alertes.
Il couvre à la fois les aspects techniques (règles vs moniteurs) mais aussi la manière de gérer et d’exploiter la solution.
Il répond aux besoins d’expertise du lecteur en traitant de façon approfondie, d’un point de vue théorique et pratique, de l’architecture à la supervision applicative, en passant par ledéploiement, les rapports, la création de packs et l’exploitation. L’aspect technique n’étant qu’une partie d’un projet SCOM, l’auteur présente également une méthode pour gérer le flux d’alertes, enrichie de ses retours d’expérience.
Aperçu de la table des matières :
Introduction (Pourquoi SCOM, Le mode de fonctionnement, Le modèle de licence, SCOM vs Nagios, Nouveautés depuis SCOM 2007…)
Architecture SCOM (Introduction, Composants SCOM, Capacity planning, Consommation réseau, Gestion de la sécurité, Haute disponibilité…)
Déploiement(Introduction, Installation initiale, Mise à jour depuis SCOM 2007, Accéder à la plateforme, Configuration initiale, Gestion des droits…)
Mise sous supervision (Introduction, Déploiement agent Windows, Compte restreint, Déploiement agent Linux, Supervision SNMP, Supervision Web…)
Exploitation de la supervision (Introduction, Présentation des consoles, Règle vs moniteur, Explorateur d’intégrité, Effet sapin de noël, Temps de maintenance, Bonnes pratiques…)
Les rapports (Introduction, Utilisation des rapports standards, La base entrepôt, Report Builder, Business Intelligence Development Studio, Suivi du niveau de service…)
Les packs d’administration (Introduction, Importation de packs, Remplacements, Packs de la communauté, Objets de packs, Création de packs…)
Supervision applicative (Introduction, Applications distribuées, Applications Web .Net, Applications Java J2E…).
Si vous n’avez pas encore envoyé votre lettre au père noël, il est encore temps ! 
SharePoint 2010 – error – removing SQL Server – wss_administration reference
0Symptoms:
When you try to remove a not used SQL Server from Sharepoint in the Central admin:
An object in the SharePoint administrative framework, "SPDatabaseServiceInstance Name= could not be deleted because other objects depend on it. Update all of these dependants to point to null or different objects and retry this operation. The dependant objects are as follows: SPWebService Name=WSS_Administration
Workaround:
You have switched to a new SQL server but SharePoint kept a reference. You can use an existing correct Web application to update Central admin with the good one:
$centralAdmin=Get-SPWebApplication -IncludeCentralAdministration | ? {$_.DisplayName -match ‘SharePoint Central Administration’}
$goodExample=Get-SPWebApplication -identity ‘http://mygoodwebapp’
$centralAdmin.Parent.DefaultDatabaseInstance=$goodExample.Parent.DefaultDatabaseInstance
$centralAdmin.Parent.Update()
$centralAdmin.Update()
Use SQL Alias for the next time
Internet Information Services (IIS) Manager. Bad Data. (Exception from HRESULT: 0×80090005)
0Problem:
When you try to use the IIS console, you get the following error:
Bad Data. (Exception from HRESULT: 0x80090005)
Why:
You have copied the configuration file of IIS from one computer to the other (C:\Windows\System32\inetsrv\config\applicationHost.config)
This file contains Windows account for the applications pools. The password is encrypted using a local key on the computer so the other server can’t decrypt the password.
Modifying the applications pools password doesn’t fix the issue.
Workaround:
2 ways:
- Rollback the configuration on the destination computer. By default, IIS keep the last 10 configurations (C:\inetpub\history)
- Use the supported way to copy the configuration.
Export configuration:
aspnet_regiis -px "iisConfigurationKey" "C:\iisConfigurationKey.xml" -pri aspnet_regiis -px "iisWasKey" "c:\iisWasKey.xml" –pri
Import on target:
aspnet_regiis -pi "iisConfigurationKey" "C:\iisConfigurationKey.xml" aspnet_regiis -pi "iisWasKey" "C:\iisWasKey.xml"
SharePoint 2010 – The super user account utilized by the cache is not configured
0You may already have seen this SharePoint warning:
Object Cache: The super user account utilized by the cache is not configured. This can increase the number of cache misses, which causes the page requests to consume unneccesary system resources. To configure the account use the following command 'stsadm -o setproperty -propertyname portalsuperuseraccount -propertyvalue account -url webappurl'. The account should be any account that has Full Control access to the SharePoint databases but is not an application pool account.
I use the following script (all my web Applications are in claim):
foreach ($a in (Get-SPWebApplication))
{
$a;
$a.Properties["portalsuperuseraccount"];
$a.Properties["portalsuperreaderaccount"];
$a.Properties["portalsuperuseraccount"] =“i:0#.w|mydomain\SharePointAdminAccount“;
$a.Properties["portalsuperreaderaccount"] =“i:0#.w|mydomain\SharePointDedicatedReadAccount“;
$a.Update();
}
But none of them had an incoorect value. To find out quickly, just need to switch on the detail of the event:
You will find the PID (Process ID) which generated the error:
You then just have to use Process Explorer for example to identify the web site:
In this case it was the Central admin, who shouldn’t be in claim anyway
TechEd 2012 Europe: best session
0TechED are now over… Here is my prefered session:Windows Azure Internals
Mark Russinovich (sure you know about him) shows up the Azure backstage.
Facts highlights:
- ~10 people to admin around 100 000 servers!
- Demo of one of the Azure admin interface,
- Graphical view of racks with VM,
- Demo on platform self healing,
- Explain on leap day bug (29th of february), with even source code line that broke everything
You are warned, heavy stuff
Video and slides available here: http://channel9.msdn.com/events/TechEd/Europe/2012/AZR302
TechEd 2012 Europe: coming soon
0TechED 2012 Europe coming soon
I will be there, and you ?
GPMC : 0×80070005 – access denied – E_Accessdenied
0Willing to change a GPO at customer, i had this error message from GPMC, and gpo was not modified:
By using Process Monitor, from Sysinternals, access to registry.pol file is refused while i am domain admin:
This is following an authoritative restore, and files are indeed with the read only attribute:
After removing the read only attribute, gpo changes are working again
Restore SQL database through PowerShell
0clear #--------------------------------------------------- $server="mysqlserver" $endpoint_port="5022" $instance="myNamedSQLinstance" $emailFrom = "provisioning@mydomain.com" $emailTo = "mathieu.chateau@lotp.fr" $smtpServer = "mysmtpserver" $sendmail=$true $foldersource='\\myfileserver\backupFromDev$' $folderarchived='\\myfileserver\backupFromDev$\done' $excludeList=@() $excludeList+='master' $excludeList+='tempdb' $excludeList+='model' #--------------------------------------------------- $foldersource="c:\" $folderarchived="F:\" $majorError=$true $global:log=@() try { [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SMO") | out-null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SmoExtended") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.ConnectionInfo") | Out-Null [System.Reflection.Assembly]::LoadWithPartialName("Microsoft.SqlServer.SmoEnum") $source = new-object ('Microsoft.SqlServer.Management.Smo.Server') "$server\$instance" $majorError=$false } catch { AddLog "major error, one side not reachable $_" "major error, one side not reachable $_" $majorError=$true } function AddLog($text) { $global:log+=$text Write-Host $text } if ($majorError -eq $false) { $databases = $source.Databases foreach ($file in (Get-childitem $foldersource -Filter "*.bak")) { $dbname=$file.Name -replace (".bak","") if ($excludeList -notcontains $dbname) { #not on the blacklist if (($databases | ?{$_.Name -ieq $dbname}) -eq $null) { #database does not exist try { #Restore $targetDBFilePath = $source.MasterDBPath + "\" + $dbName + ".mdf" $targetLogFilePath = $source.MasterDBLogPath + "\" + $dbName + ".ldf" AddLog " going to restore $dbname to:" AddLog " $targetDBFilePath and $targetLogFilePath" $restore = new-object ('Microsoft.SqlServer.Management.Smo.Restore') $restore.Action = 'Database' $restore.Database = $dbname ##$backupDataFile=$dbbk.Devices[0].Name #$restore.Devices.AddDevice($backupDataFile, [Microsoft.SqlServer.Management.Smo.DeviceType]::File) $backupfile=New-Object ("Microsoft.SqlServer.Management.Smo.BackupDeviceItem")($file.FullName, "File") $restore.Devices.Add($backupfile) #$restoredetails=$restore.ReadBackupHeader($source) $relocateDataFile = new-object ('Microsoft.SqlServer.Management.Smo.RelocateFile') $relocateLogFile = new-object ('Microsoft.SqlServer.Management.Smo.RelocateFile') $dbFileList = $restore.ReadFileList($source) $relocateDataFile.LogicalFileName = $dbFileList.Select("Type = 'D'")[0].LogicalName $relocateDataFile.PhysicalFileName = $targetDBFilePath $relocateLogFile.LogicalFileName = $dbFileList.Select("Type = 'L'")[0].LogicalName $relocateLogFile.PhysicalFileName = $targetLogFilePath $restore.RelocateFiles.Add($relocateDataFile) $restore.RelocateFiles.Add($relocateLogFile) $restore.ReplaceDatabase = $False $restore.NoRecovery = $False $restore.SqlRestore($source) AddLog " Restore done" Move-Item $file.FullName $folderarchived } catch { AddLog " error during restore: $_" $majorError=$true break } } else { #blacklisted name AddLog "database $dbname / $($files.Names) already exist" } } else { AddLog "Forbidden databasename: $dbname" } } } if($sendmail) { $temp="" foreach ($line in $log) { $temp+=$line+"`r`n" } $smtp = new-object Net.Mail.SmtpClient($smtpServer) $smtp.Send($emailFrom, $emailTo,"SQL mirror automator",$temp) } $log
RDP farm with broker: how to reach a specific server ?
0Hypothesis
- You have setup an RDP farm with let’s say 2 RPD Servers,
- You have the Broker working, so people get redirected to their current opened session (affinity),
- You restricted to one session per user.
Problem
When you try to reach a specific RDP (to do admin staff or help a user logged on it), you get rejected:
The connection cannot be completed because the remote computer that was reached is not the one you specified. This could be caused by an outdated entry in the DNS cache. Try using the IP address of the computer instead of the name.
Even trying by IP as suggested is not working:
The remote computer hat you are trying to connect is redirecting you to the remote computer. Remote Desktop Connection cannot verify that the two remote computers belong to the same farm. This can occur if there is another computer on your network with the same name as the computer your are trying to connect to.
Solution
You just have to the famous /admin option of mstsc to bypass farm/broker rules !