Group Policy processing does not work and events 1030 and 1058 are logged in the Application log of a domain controller – the short answer was to run
dfsutil /purgemupcache
Microsoft have released a Windows Mobile 5 emulator that you can run on your pc, normally for developing software for the windows mobile. However, you can also use this to test and debug the setup of Direct Push with Microsoft Exchange 2003 service pack2. This is great to try before you blow up a users phone as you test stuff out. Seeing as though Direct Push has only just started being available on the phones, it is unrealistic to know how to get it working out of the box.
We’ve had two occurances of Terminal Services and Sql server not responding after the servers had been rebooted after the patches had been applied.
Terminal Services had the service running and using mstsc to the server would result in a message saying the server was not accepting connections. Telnetting to port 3389 would come back with a connection but nothing in the telnet prompt. A reboot of the server cured this problem.
As far as SQL server was concerned, the SQL service had not restarted after the reboot – not sure why as I didn’t have time to troubleshoot – I just needed to get the service running, which happened as soon as I launched Enterprise manager and attempted to connect to the server.
Anyone else had similar experiences?
and a batch file to do it automatically too (not tested by me though) is available at Bloggus Doekmanni
I’m not sure why, but on a server, in the d:\data directory I ran this command…
cacls . /t /g:usergroup:c
This didn’t have the expected behaviour of granting change to usergroup on the d:\data directory and all files and subdirectories -that would have been too simple.
Instead it replaced the permissions (I should have had the /e) which is fair enough, but WHY OH WHY did it proceed to do it not only on d:\data but also all the files (and subdirectories) in c:\windows (including system32 and other fairly important files). Needless to say I had a very worrying moment – in fact several of them when I discovered i had no access to run cacls anymore (permissions removed) and the only people who could access the windows directory (but with no access to logon locally) were members of the usergroup.
In the end I had to change the permissions, cascading down from windows and then run the Security Analyzer wizard to check that everything was ok.
I have no idea why it suddenly started doing c:\windows. I know I was in the d:\data directory as I checked before hitting return, I could see the present directory after the command finished AND the permissions were also correct on d:\data
Aha – I fell into the gotcha when I searched for the adminpak for windows2003 and it wouldn’t install. Thats because I’m running service pack 1 and instead I needed to download the adminpak for sp1. Would have been nice if the original page pointed this out as opposed to having to look under the “people also downloaded” section of the webpage.
Microsoft released 2 more patches yesterday – the day after I manage to schedule a lot of reboots for my customers for the wmf patch. Thankfully it looks like the machines may not need rebooting judging on my xp desktop experience. Hopefully the same will hold true for the server.
I had one customer box not reboot overnight because the boot.ini had been mysteriously changed to boot to a (non-existent) windows 2000 installation. Fortunately the customer mentioned (when I rang them early this morning) that the problem of not finding ntkernel.exe is solved by selecting the other option in the boot sequence….I’m glad they told me this but it would have been better if they had mentioned the problem before so I wouldn’t have had to get up early this morning in case I needed to make an emergency stop at their site…..so instead I’m catching up on some blogging.
I must be the only person in the world who wasn’t pleased that Microsoft released the wmf patch early on Thursday last week. Everyone else seems to be so grateful that this happened but it was a nightmare for me. Thursday night I was doing a software audit on a lan and I left it scanning the machines overnight. I came in the next morning expecting to sit down and start analyzing only to find that the machine had downloaded the new patch and automatically rebooted – loosing all the scanning results so I had to start again – not so happy. Before you tell me that you can set automatic updates to not do the reboot – I know – this was on a machine outside of my control AND Microsoft had also previously announced that the patch would not be ready until Tuesday.
It was a long day in the office today with an upgrade of a windows 2000 server running exchange2000 to a windows2003 running exchange2003. We also upgraded a w2k server running sqlserver to w2k3 too. The sql server was the easiest upgrade with no hitches whatsoever – shame we couldn’t say the same thing about the exchange server.
kb article 909444 has how to fix the issues that may arise when you install Microsoft Security Bulletin MS05-051: Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400). Although I’ve not had any of these issues – yet – this will be good reference for me.
I finally finished the install of Small Business server 2003 on the virtual server on the laptop this morning. It’s taken forever to do and this morning I had to go through the activation of the software. As the server doesn’t have internet connectivity (yet) I had to do it over the phone. The whole process was simple and straightforward with voice recognition guiding me through the process. After I had read out the 42 (i think) digit number it was time for it to read out the 42 digits. They were split into 7 groups of 6 digits and the funny thing was that it would ask you to say “Go On” at the end of each group if you were ready. I was starting to sound like Mrs Doyle – that annoying woman from the self assessment adverts on tv a couple of years ago – go on, go on, go on!