Posted by bartvdw on December 16, 2008
I was playing last night with transferring FSMO roles between DC’s and just solved the previous mystery (events 53258) when I noticed there was still an issue, namely the MSDTC service fails. This morning I realized I’ve seen a blog post about this before, namely from Brian Desmond! In short, you’ll see the events below in the event logs:
System Even Log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7031
Date: 12/16/2008
Time: 08:16:23
User: N/A
Computer: LABDC01
Description:
The Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Application Event Log:
Event Type: Information
Event Source: MSDTC
Event Category: SVC
Event ID: 4145
Date: 12/16/2008
Time: 08:14:24
User: N/A
Computer: LABDC01
Description:
MS DTC has been notified that a DC Promotion/Demotion has happened. It is shutting down as a result.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Apparently this is normal. It also only happens when transferring the PDC role, other roles don’t have this result.
Thanks to the blog post of Brian Desmond!! Please refer to his (great) post about this with all the technical details…
MSDTC Exits on PDCe Transfer
http://briandesmond.com/blog/msdtc-exits-on-pdce-transfer/
Posted in Active Directory, Tech Stuff, Windows | 2 Comments »
Posted by bartvdw on October 8, 2008
Posted in Exchange | Leave a Comment »
Posted by bartvdw on October 6, 2008
If you run DHCP & DNS on 1 and same server, Microsoft recommends to use DNSCredentials for secure updates. For this, create a dedicated user account with a very difficult password set, but make sure the password is set to ‘Never expires’! No special group membership is needed for this user.
The run following command (command-line): netsh dhcp server set dnscredentials %USER% %DOMAIN% *
Note: the * sign at the end of the command enables prompt for password. When prompted, enter the password of the user.
Read the article below for more information.
Event ID 1056 Is Logged After Installing DHCP
http://support.microsoft.com/kb/282001
Posted in SBS, Windows | Leave a Comment »
Posted by bartvdw on August 21, 2008
Posted in Uncategorized | Leave a Comment »
Posted by bartvdw on August 13, 2008
When you configure antivirus software for servers, you need to take exclusions into account. And for MS products, they are fairly good documented. If you don’t add these exclusions, you could get trouble/errors. For applications not listed here (MS or third party), always verify if you need to exclude something to make sure your antivirus software does not affect your application!
Below a summary of such exclusions and references to MS articles describing these exclusions. I will update this post in case I have additional information.
Note: In the list below, default file locations are used. If you have change the location of the files (ex. Ntds.dit), you need to use the altered path obviously!!
General exclusions Windows Server 2003, Windows 2000, Windows XP, or Windows Vista:
- %windir%\ntfrs
- %windir%\SoftwareDistribution\Datastore\Datastore.edb
- %windir%\SoftwareDistribution\Datastore\Logs\Edb*.log
- %windir%\SoftwareDistribution\Datastore\Logs\Res1.log
- %windir%\SoftwareDistribution\Datastore\Logs\Res2.log
- %windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
- %windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
- For Windows 2000 & 2003 DC’s
- %windir%\ntds\Ntds.dit
- %windir%\ntds\Ntds.pat
- %windir%\ntds\EDB*.log
- %windir%\ntds\Res1.log
- %windir%\ntds\Res2.log
- %windir%\ntds\Temp.edb
- %windir%\ntds\Edb.chk
- %systemroot%\sysvol (only this folder, not all subfolders!!!)
- %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
- %systemroot%\sysvol\staging
- %systemroot%\sysvol\staging areas
- %systemroot%\sysvol\sysvol
- Clusters:
- %windir%\Cluster
- Q:\ (quorum)
- DHCP: %windir%\system32\dhcp
- DNS: %windir%\system32\dns
- WINS: %windir%\system32\wins
Exchange Server:
- Cdb.exe
- Cidaemon.exe
- Store.exe
- Emsmta.exe
- Mad.exe
- Mssearch.exe
- Inetinfo.exe
- W3wp.exe
- Exchsrvr\Conndata
- Exchsrvr\Mailroot
- Exchsrvr\Mdbdata
- Exchsrvr\Mtadata
- Exchsrvr\server_name.log
- Exchsrvr\Srsdata
- %systemroot%\IIS Temporary Compressed Files
- %SystemRoot%\System32\Inetsrv
- All .edb; .stm (on Exchange 2000 Server); .log Exchange files
- M: drive (on Exchange 2000 Server)
- SBS:
- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
- C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
SQL Server: SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension
WSUS: MSSQL$WSUS and WSUS content directory
References:
Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, Windows XP, or Windows Vista
http://support.microsoft.com/kb/822158
Overview of Exchange Server 2003 and antivirus software
http://support.microsoft.com/kb/823166
Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.com/kb/309422
Recommended Forefront Client Security file and folder exclusions for Microsoft products
http://support.microsoft.com/kb/943556
Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied
http://support.microsoft.com/kb/900638
Posted in Exchange, McAfee, SBS, SQL, Security, Windows | 1 Comment »
Posted by bartvdw on August 13, 2008
Posted in Outlook | Leave a Comment »
Posted by bartvdw on August 13, 2008
A collegue of mine was recently working on a Citrix server in a remote site and noticed that starting Outlook was really slow. Setup:
- Main data center: DC’s + Exchange
- Remote site: DC + Citrix servers
When he checked, he noticed a lot of traffic going to the DC’s in the main data center and not to the local DC although the local DC was also GC. When he checked he found that Outlook connects by default to the same GC as the Exchange server. A quick search revealed that there is a registry tweak to have Outlook connecting to the nearest or specific GC. See the MS KB for details! After setting that registry entry, Outlook opened in just seconds i.o. minutes!!
Connect to the nearest GC
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
Value name: Closest GC
Data type: REG_DWORD
Radix: Hexadecimal
Value data: 0×00000001
Connect to a specific GC
HKEY_CURRENT_USER\Software\Microsoft\Exchange\Exchange Provider
Value name: DS Server
Data type: REG_SZ (string)
Value data: FQDN of the global catalog server
How to configure Outlook to a specific global catalog server or to the closest global catalog server
http://support.microsoft.com/kb/319206
Posted in Exchange, Outlook | Leave a Comment »
Posted by bartvdw on August 13, 2008
Posted in VMware | Leave a Comment »
Posted by bartvdw on July 3, 2008
Posted in Security, Windows | Leave a Comment »
