Thursday, July 21, 2011

TCP/IP ports (Network issue) addresed for Vista & 2008 but not for Windows 2008 R2

All the TCP/IP ports that are in a TIME_WAIT status are not closed after 497 days from system startup in Windows Vista and in Windows Server 2008


Symptoms:-

On a computer that is running Windows Vista or Windows Server 2008, all the TCP/IP ports that are in a TIME_WAIT status are not closed after 497 days from system startup. Therefore, TCP/IP ports may be exhausted, and new TCP/IP sessions may not be created.

Note Some network-related operations to this computer may be affected by this issue. For example, you try to use some remote administration tools to manage a Windows Server 2008-based domain controller that has been running for more than 497 days. In this example, the remote administration tools cannot connect to the domain controller.

Solution:-

Microsoft has released hot fix only for below operating systems.

  • Windows Vista Service Pack 1 (SP1)
  • Windows Vista Service Pack 2 (SP2)
  • Windows Server 2008
  • Windows Server 2008 Service Pack 2 (SP2)
There is no resolution for computer running Microsoft Windows Server 2008 R2, so need to wait for next release by Microsoft.

Though this problem exists under Windows Server 2008 R2, no real incidents are reported to MSFT and there is no QFE available for Windows Server 2008 R2.

Of course you can easily avoid this problem by rebooting the system before system uptime reaches 497 days. J

Wednesday, September 29, 2010

How to configure scavenging under DNS in Windows Server

Here are the step for configuring DNS scavenging 

-Go to the  server properties page and choose "Set Aging/Scavenging for All Zones".

-Choose the no-refresh and refresh interval as appropriate.

-Best practice is to choose a low no-refresh interval of 1 day.

-Refresh interval will be one more than the lease period of the client as a best practice.

-If we have a very large lease period, the results of scavenging will be visible after a long time.

-Example with a lease 5 days, no-refresh to be 1 day and refresh to be 6 days, we might not see any effects for  5+1+6 days' time.

-Identify the zone which you want to enable for scavenging and the ones you don't want to.

Scavenging configurations:

-Right click the specific zone, select Properties, and go to the General tab; click the Aging button. Set the no-refresh and the refresh intervals as per best practice above.

-There are 2 options to kick off scavenging.


a) Right click the server name, select Properties, and choose "Scavenge Stale Resource Records" (This should give an informational event in the application log telling if the scavenging was successful or not). Then, configure the scavenging engine to run automatically and periodically, go to the server's Properties, Advanced tab and check "Enable
Automatic scavenging of stale records".

b) If option 'a' fails, then first identify the manually created records in the specific zone by the following
    command:
    dnscmd /enumrecords <zone name> @ > manual.txt -The above command will pipe the output of the zone records to text file in the current directory.
-Then the records which do not have an aging value specified are the ones which have been manually created.

-Identify the static records that you want to keep from deleting.
-Run the following command:
    dnscmd /ageallrecords <zone name> @
-The above command will put a time stamp on each record including the static ones.
-Then go to the view menu on the server and enable advanced view.
-Go to the properties of static records you want to keep and uncheck the box 'Delete this record when it becomes stale'.

Windows Update issue-Prompting for Activex installation

If you face such situation where windows update unable to run and keep prompting for Activex control installation, you can follow the below steps.

1.
Register the following .dll files:
Jscript.dll
Msxml3.dll
Atl.dll
Wuapi.dll
Wuaueng.dll
Wuaueng1.dll
Wucltui.dll
Wups.dll
Wuweb.dll

To do this, follow these steps:

a.
Click Start, click Run, type cmd, and then click OK.
b.
At the command prompt, type cd %windir%\system32, and then press ENTER.
c.
Type the following commands, and then press ENTER after each command:
Regsvr32 Jscript.dll
Regsvr32 Msxml3.dll
Regsvr32 Atl.dll
Regsvr32 Wuapi.dll
Regsvr32 Wuaueng.dll
Regsvr32 Wuaueng1.dll
Regsvr32 Wucltui.dll
Regsvr32 Wups.dll
Regsvr32 Wuweb.dll
d.
Type exit, and then press ENTER to close the Command Prompt window.
2.
Stop the Automatic Updates service and the Background Intelligent Transfer Service (BITS). To do this, follow these steps:
a.
Click Start, click Run, type services.msc, and then click OK.
b.
In the list of services, right-click Automatic Updates, and then click Properties.
c.
In the Automatic Updates Properties dialog box, click the General tab, click Stop, and then click OK.
d.
In the list of services, right-click Background Intelligent Transfer Service, and then click Properties.
e.
In the Background Intelligent Transfer Service Properties dialog box, click the General tab, click Stop, and then click OK.
3.
Rename the SoftwareDistribution folder. To do this, follow these steps:
a.
Click Start, click Run, type %windir%, and then click OK.

Note The %windir% folder is the folder where you installed Microsoft Windows.
b.
Locate the SoftwareDistribution folder.
c.
Right-click the SoftwareDistribution folder, and then click Rename.
d.
Type OldSD, and then press ENTER.
4.
Start the Automatic Updates service and the BITS service. To do this, follow these steps:
a.
Click Start, click Run, type services.msc, and then click OK.
b.
In the list of services, right-click Automatic Updates, and then click Properties.
c.
In the Automatic Updates Properties dialog box, click the General tab, click Start, and then click OK.
d.
In the list of services, right-click Background Intelligent Transfer Service, and then click Properties.
e.
In the Background Intelligent Transfer Service Properties dialog box, click the General tab, click Start, and then click OK.

Thursday, August 19, 2010

"Naming Information cannot be located" error message when you try to open the Active Directory Users and Computers tool or the Active Directory Sites and Services tool in Windows 2000 Server

Symptoms:

When you try to open the Active Directory Users and Computers tool or the Active Directory Sites and Services tool in Microsoft Windows 2000 Server, the tool does not successfully open. In this scenario, you receive the following error message:


  • Naming Information cannot be located because: Login attempt failed.

Additionally, when you try to modify your Group Policy settings, you may receive the following error message:

  • Failed to open group policy: You may not have appropriate rights. The specified domain either does not exist or could not be located.

If you run the Dcdiag diagnostic tool, you may receive output that is similar to the following:

* Connecting to directory service on server ServerName.

[ServerName] LDAP bind failed with error 1323,

Unable to update the password. The value provided as the current password is incorrect.

***Error: The machine could not attach to the DC because the credentials were incorrect. Check your credentials

or specify credentials with /u:<domain>\<user> & /p:[<password>*""]

Cause:

This is a known issue for Windows 2000 Server if security policy get changed or modified from the default.

Solution:

To resolve this issue, re-create the default Group Policy settings on the computer.
To do this, use the Windows 2000 Default Group Policy Restore Tool (Recreatedefpol.exe).
For more information about this tool, visit the following Microsoft Web site:
Recreatedefpol.exe 

Wednesday, August 18, 2010

How to disable default SNP feature in windows 2003 server

Symptoms:


After you install Windows Server 2003 Service Pack 2 (SP2) or Windows Server 2003 Scalable Networking Pack (SNP) on a computer that has a TCP/IP Offload-enabled network adapter, you may experience many network-related problems.




The following issues may occur when Windows Server 2003 SNP is turned on:


1. When you try to connect to the server by using a VPN connection, you receive the following error message:


Error 800: Unable to establish connection.


2. You cannot create a Remote Desktop Protocol (RDP) connection to the server.


3. You cannot connect to shares on the server from a computer on the local area network.


4. You cannot join a client computer to the domain.


5. You cannot connect to the Exchange server from a computer that is running Microsoft Outlook.


6. Inactive Outlook connections to the Exchange server may not be cleaned up.


7. You experience slow network performance.


8. You may experience slow network performance when you communicate with a Windows Vista-based computer.


9. You cannot create an outgoing FTP connection from the server.


10. The Dynamic Host Configuration Protocol (DHCP) server service crashes.


11. You experience slow performance when you log on to the domain.


12. Network Address Translation (NAT) clients that are located behind Windows Small Business Server 2003 or Internet Security and Acceleration (ISA) Server experience intermittent connection failures.


13. You experience intermittent RPC communications failures.


14. The server stops responding.


15. The server runs low on nonpaged pool memory


Cause:
 
These issues occur because of several problems with the Windows Server 2003 SNP features that are enabled in Windows Server 2003 Service Pack 2. These features include Receive Side Scaling (RSS) and TCP/IP Offloading. Specifically, these problems include the following:



1. RSS is incompatible with NAT or with Network Load Balancing (NLB).


2. TCP/IP Offload has a problem with the Window Scaling feature. This problem typically occurs when you communicate with a Windows Vista-based computer. Windows Vista uses the Window Scaling feature.


3. Some TCP/IP Offload-enabled network adapters do not send TCP keep-alive messages. However, Exchange servers use TCP keep-alive messages to clean up inactive client sessions.


4. The TCP/IP Offload-enabled network adapter may consume lots of nonpaged pool memory. This may cause other problems in the operating system.


5. In some cases, the TCP/IP Offload-enabled network adapter may request large blocks of contiguous memory. This makes the computer stop responding when it tries to free the memory.
 
Prerequisite:
 
You must be running with service pack 2 on windows 2003 server, please check the type of OS it applies to.
 
Resolution:
 
Update information



This update turns off default SNP features. After you install this hotfix, you can manually re-enable these features by modifying registry values. The following files are available for download from the Microsoft Download Center:


Download the update for Windows Server 2003, x86-based versions (KB948496) package now.
Click Here  




Download the update for Windows Server 2003, x64-based versions (KB948496) package now.
Click Here




Download the update for Windows Server 2003, Itanium-based versions (KB948496) package now.
Click Here


This solution is Applies to following products:


Microsoft Windows Server 2003  Service Pack 2, when used with all editions of 2003
Microsoft Office SharePoint Portal Server 2003 and 2007
Microsoft Windows SharePoint Services 2.0 and 3.0
Microsoft Exchange Server 2003 & 2007 (Standard & Enterprise Edition)


Written By : Rajesh Parekh