Tuesday, 15 November 2011

Change Autotuning, RSS, Chimney and Taskoffload Settings

To get the status of you present settings open an administrative command prompt and run:
netsh int tcp show global
netsh int ip show global

There are 4 settings that are regularly changed to tune performance for older clients, to disable them you would run the following commands:

netsh int tcp set global autotuning=disabled
netsh int tcp set global rss=disabled
netsh int tcp set global chimney=disabled
netsh int ip set global taskoffload=disabled

Finally you must reboot the appliance.

Wednesday, 8 June 2011

Enable Autologon for Windows 2008 R2 and Windows 7

When a Windows 7 or WIndows 2008 machine is added to a domain the AutoAdminLogon key is removed which in turn removes the "Users must enter a user name and password to use this computer" check box in the Userpasswords2 control panel applet.

To get the checkbox back :
  1. Open a command prompt and enter reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d "1" /f
  2. Rreplacing [domain] with your domain enter reg add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultDomainName /t REG_SZ /d [domain] /f
  3. Click start, run and enter control userpasswords2
  4. Untick Users must enter a user name and password to use this computer and click Ok
  5. Enter the username and password (excluding the domain name) you want to autologon with and click Ok

Now when the machine starts up it will automatically login as the user specified. Note that the password is encrypted.

Tuesday, 31 May 2011

Move DHCP from Windows 2003

To move DHCP from a Windows 2003 server to a new server start by exporting the DHCP database on the old Windows 2003 server:
  1. Open a command prompt and enter 'netsh dhcp server export C:\dhcp.txt all'
  2. Copy c:\dhcp.txt to the new DHCP server
  3. Load the DHCP console, right click on the server and select Unathorize
  4. Load services and change the DHCP Server service to disabled then stop the service
On the new server:
  1. Install DHCP from Add/Remove computers and Windows Components
  2. Open a command prompt and enter 'netsh dhcp server import c:\dhcp.txt all'
  3. Load the DHCP console, right click on the server and select Authorize
  4. Wait 10-15 seconds, refresh the screen and verify you can see your records

Issue a SAN Certificate from a Private Certificate Authority

Without modification the Certificate Authority service built in to Windows does not support SAN certificates which are required for correct operation of Exchange 2007 and Exchange 2010. To support them you need to add an additional flag called EDITF_ATTRIBUTESUBJECTALTNAME2.

To check if the flag already exists on your Certificate Authority open a command prompt and run:
certutil -getreg policy\EditFlags

To add the additional flag run:
certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

Finally you will need to restart the Active Directory Certificate Services service.

Upgrade Windows 2008 R2 or Windows 7 Versions

In Windows 2008 R2 and Windows 7 you can upgrade editions using the DISM tool. You need to enter the KMS Client Key rather, this will reset activation grace period to 3 days to allow you to enter your own product key.

To see what target editions are available run:
DISM /online /Get-TargetEditions
To upgrade to one of these editions run:
DISM /online /Set-Edition:<edition ID> /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
So to upgrade from to Windows Server 2008 R2 Enterprise from Standard you would run:
DISM /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y
The KMS Client productkeys for Windows 2008 R2 are as follows:
Standard - YC6KT-GKW9T-YTKYR-T4X34-R7VHC
Enterprise - 489J6-VHDMP-X63PK-3K798-CPX3Y
Datacenter - 74YFP-3QFB3-KQT8W-PMXWJ-7M648
Itanium-Based Systems - GT63C-RJFQ3-4GMB6-BRFB9-CB83V
The KMS Client productkeys for Windows 7 are as follows:
Professional - FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Professional N - MRPKT-YTG23-K7D7T-X2JMM-QY7MG
Enterprise - 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Enterprise N - YDRBP-3D83W-TY26F-D46B2-XCKRJ
Enterprise E - C29WB-22CC8-VJ326-GHFJW-H9DH4

Thursday, 26 May 2011

Windows XP Remote Access Connections Binding Order

When using Remote Access Connections in Windows XP you may find that despite the connection being active no data traverses this connection and/or DNS requests for this connection do not get submitted to the the DNS server associated with the connection. You would expect it to use the device that is highest in the binding order however it is not doing so. To resolve this we can change the binding order in the registry:
  1. Click Start, Run and type regedit
  2. Navigate to KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Linkage
  3. In the right pane, double-click Bind.
  4. In the Value data box, select the "\Device\NdisWanIp" item, press CTRL+X, click the top of the list of devices, and then press CTRL+V.
  5. Click OK, and then quit Registry Editor.
You may need to disconnect and reconnect to the VPN or restart the computer. If any changes are made to the network adapter bind order you may need to repeat these actions.

Thursday, 19 May 2011

Add NIC drivers to ESXi 4

You cannot add drivers to an ESXi installation during the setup process, they must be added after:

1.       Connect to the ESXi host using the vSphere Client and put the ESXi host in to maintenance mode

2.       Download and install the VMware vSphere Command-Line Interface
3.       Download the drivers for your hardware on to the local PC
4.       Load the VMware vSphere CLI and run the following command:
vihostupdate.pl –server [HOSTS IP] –username root –install –bundle [PATH TO FILES ON LOCAL PC]

5.       Restart the host, once it’s back up verify you can see the additional NICs and remove it from maintenance mode

Monday, 9 May 2011

Exchange 2010 Calendar Permissions from the Powershell

With Exchange 2010 came the ability to manage permissions on folders through the powershell, one of the most common tasks with this is managing calendar permissions. Here are a set of simple commands to aid managing them.

To get the permissions of a mailbox:
Get-MailboxPermission -identity "Dan Woodhouse"
To get the permissions of a subfolder in a mailbox:
Get-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar"
To change permissions on a subfolder in a mailbox:
Add-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar" -user "The Boss" -AccessRights Reviewer
To remove permissions on a subfolder in a mailbox:
Remove-MailboxFolderPermission -identity "Dan Woodhouse:\Calendar" -user "The Boss"
If we wanted to add permissions to every mailbox that matches a certain criteria we can use filters, in the example below we will grant The Boss Author permissions to every mailbox for users whos name starts with Dan and are based in the Birmingham office:
Get-mailbox -Filter {(Name -like 'Dan*' -and Office -eq 'Birmingham')} | ForEach-Object {Add-MailboxFolderPermission $_":\Calendar" -User "The Boss" -AccessRights Author}
To remove these permissions we could use:
Get-mailbox -Filter {(Name -like 'Dan*' -and Office -eq 'Birmingham')} | ForEach-Object {Remove-MailboxFolderPermission $_":\Calendar" -User "The Boss"}

Monday, 11 April 2011

Basic HP Switch Configuration

HP switch commands are very similar to Cisco commands, however SH is show and not shutdown (worth remember when you go back to configuring a cisco device).

If you get stuck at any point pressing tab will show you a list of possible commands or syntax for the command you’ve already entered.

Basic commands provide information or change configuration modes:

sh vlan                                                                                  ; Shows Vlan
sh run                                                                                   ; Shows running config
sh save                                                                                 ; Shows saved config
en / exit                                                                               ; Back to enable mode
conf                                                                                       ; Enter config mode
write mem                                                                          ; Write the running config to memory

And here’s a typical config, in this example there’s 2 VLANs for servers and workstations, a trunk to a server network device, two servers which host virtual workstations on ports 5-6, a DHCP/DNS/SNMP server on and another DNS/SNMP server on, finally there’s a gateway to another network that traffic needs to route to.

hostname "ProCurve Switch xxxxx"                                        ; Set the name of the switch
trunk 47-48 Trk1 Trunk                                                                   ; Create a static trunk group on port 47-48 called Trk1
ip default-gateway                                             ; Set the default gateway for the switch
ip routing                                                                                             ;
vlan 1                                                                                                    ; Modify VLAN1
   name "Servers"                                                                             ; Set the name of the VLAN
   untagged 1-6,Trk1                                                                        ; Untag port 1-6 and Trk1 (our trunk)
   ip helper-address                                                  ; Set the IP helper address for DHCP
   ip address                                    ; Set the switches IP address on the VLAN
   no untagged 7-46                                                                          ; Set ports 7-46 not to be untagged on this VLAN (VLAN 1 only requires this)
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
vlan 2                                                                                                    ; Modify VLAN2
   name "Workstations"                                                                 ; Set the name of the VLAN
   untagged 7-46                                                                                ; Untag port 7-46
   ip helper-address                                                  ; Set the IP helper address for DHCP
   ip address                                    ; Set the switches IP address on the VLAN
   tagged 5-6                                                                                        ; Set ports 5-6 as tagged on VLAN2
   ip igmp                                                                                              ; Allow IGMP packets
exit                                                                                                        ; Stop modifying VLAN1
fault-finder bad-driver sensitivity high                                   ; Fault-finder highly sensitive undersized/giant packets
fault-finder bad-transceiver sensitivity high                         ; Fault-finder highly sensitive excessive jabbering
fault-finder bad-cable sensitivity high                                     ; Fault-finder highly sensitive CRC/alignment errors
fault-finder too-long-cable sensitivity high                           ; Fault-finder highly sensitive late collisions
fault-finder over-bandwidth sensitivity high                        ; Fault-finder highly sensitive high collision or drop rate
fault-finder broadcast-storm sensitivity high                       ; Fault-finder highly sensitive excessive broastcasts
fault-finder loss-of-link sensitivity high                                  ; Fault-finder highly sensitive loss of link
fault-finder duplex-mismatch-HDx sensitivity high           ; Fault-finder highly sensitive duplex mismatches (reconfigure to full duplex)
fault-finder duplex-mismatch-FDx sensitivity high            ; Fault-finder highly sensitive duplex mismatches (reconfigure to auto)
timesync sntp                                                                                    ; Set the time protocol to SNTP
sntp server priority 1 3                                           ; Set SNTP server and priority
sntp server priority 2 3                                           ; Set SNTP server and priority
ip dns domain-name "domain.local"                                        ; Set network DNS domain name
ip dns server-address priority 1                          ; Set DNS servers and priority
ip dns server-address priority 2                          ; Set DNS servers and priority
ip route                                       ; Set default gateway
ip route             ; Set gateway to a specific subnet
snmp-server community "public" unrestricted                   ; Set SNMP community name
snmp-server host community "public"           ; Set SNMP servers for the community
snmp-server host community "public"           ; Set SNMP servers for the community
snmp-server contact "IT Dept." location "Server Room" ; Set SNMP published contact details
spanning-tree                                                                                   ; Enable spanning tree protocol
spanning-tree Trk1 priority 4                                                       ; Set spanning tree priority for Trk1

Friday, 8 April 2011

Network Load Balancing on VMware

When using Network Load Balancing (NLB) on VMware (or doing a PtoV conversion where NLB exists) be aware that while Multicast works without making any changes to the configuration for Unicast you will need to modify the NIC adapters on the HOST to prevert PARP packet transmission on the virtual switch or on the port group.

  1. Load the VMware vSphere Client and select the host.
  2. Click the Configuration tab and choose Networking.
  3. Click on Properties for the Virtual Switch in question.
  4. Click Edit next to either the Virtual Switch or Port Group (which to choose depends on your requirements however Port Groups will overide Virtual Switches).
  5. Select the NIC Teaming tab and set Notify Switches to No.
  6. Click OK and close the Properties box.

Check a Blackberry Service Plan

If you need to check the plan for a Blackberry and want a definative answer Blackberrys Enterprise Activation Readiness Tool is excellent.

Go to http://www.blackberry.com/besc and login, select Enterprise Activation Readiness, specify the product type, enter the PIN and serial number, click Next and follow the instructions for the service type.

Improve VMWare Console Mouse Control on Windows 2008

VMWare Tools on Windows 2008 leaves the default video driver installed, this causes laggy mouse controls when using the console to access the server.

To resolve this go to Device Manager and update the driver on the Standard VGA Adapter from:
C:\Program Files\Common Files\VMware\drivers\wddm_video
This will install a VMware SVGA 3D (Microsoft Corporation - WDDM) driver, reboot the server when it's convenient and mouse control will be as good as it was under Windows 2003.

Wednesday, 6 April 2011

acctinfo.dll: Additional Account Info in AD

As part of the Windows 2003 Resource Kit Support Tools (download here) came .dll file called Acctinfo.dll. if you register the .dll and load Active Directory Users and Computers (ADUC) you will find an Additional Account Info tab which contains details including:
  • Password Last Set and Password Expires date and time
  • SID and GUID of account
  • Last Logon, Last Logoff and Last Bad Logon
  • Logon Count and Bad Password Count

To enable the function on computer(s) or server(s) you administrate ADUC from install the resource kit tools or copy acctinfo.dll to %systemroot%\system32 the run the following command:
regsvr32 %systemroot%\system32\acctinfo.dll
To remove the additional account info run the following command:
regsvr32 /u %systemroot%\system32\acctinfo.dll

PFDAVAdmin: Recover Deleted Public Folders

If you need to manage or recover Public Folders have a look at PFDAVAdmin from Microsoft, it allows you to recover deleted public folders (if they’re within the retention period) very easily:

Load the tool, select File, Connect and enter the details for the server and specify Public Folders and ok.

Right click on the folder above the one that’s missing, right click and select Show deleted subfolders (this only works for folders directly underneath it) and the deleted folders will show up  in red.

Right click and select Recover and it will recover the folder and append RECOVERED to the end of it, it will take a few minutes but when it’s completed you’ll get a prompt to say it’s completed. You can then rename the folder back and change the permissions so it doesn’t happen again.

Forfiles or the command you always wanted

Forfiles allows you to search for files
over a certain date, of a certain type or configure more detailed crieria.

To find files in C:\SQLBackups that start with the name SQL1 and have the extension of .bak and are over 7 days old then delete the file the command would be:
This command has replaced many vbscripts and batch files I've built up over the years.
forfiles /p C:\SQLBackups /m SQL1*.bak /d -7 /c "cmd /c del @file"

To find directories in C:\Data\Pictures that start with the name Holiday and were create after 06/04/2011 then delete the directory and its contents quietly the command would be:
forfiles /p C:\Data\Pictures /m Holiday* /d 06/04/2011 /c "cmd /c rmdir /s /q @file"

Alternative Server Names

Occasionally you'll decomission an old server but you don't know if there are any hard coded links in place to that servers name, to get around that issue you can add an alternative server name, this alternative name allows the server to respond to requests on that name as well as the name it already has.

The domain functional level is Windows 2003 Native, you can then use the following command:
netdom computername <servers_name> /add:<additional_name>.<domain.com>
Next you need to add a CNAME entry in to DNS for the additional name directing it to the existing DNS entry for the server. 
Finally you can need to disable strict name checking, that is the mechanism that allows the server to only respond on its primary name. Open regedit and navigate to the following key:
Create a new DWORD called DisableStrictNameChecking with a value of 1 then restart the server.

Your server will now respond on the additional name you've given it, next you need to reshare the volumes or printers with the same share names as the server you're replacing and users can continue to use their old shortcuts, mapped drives and printers.

Disable Offline Files & Folders in Windows 7

If you need to disable Offline Files and Folders on a computer disabling the user side will still allow shares that have already been set to work offline to continue to do so. To disable all Offline Files and Folders on the computer edit your GPO and expand the following location:

·         Computer Policy\Computer Configuration\Administrative Templates\Network\Offline Files

Then set the following policy elements as listed below:

·         Allow or disallow use of offline files feature: Disabled
·         Prohibit user config: Enabled
·         Sync all offline files when logging on: Disabled
·         Sync all offline files before logging off: Disabled
·         Sync offline files before suspend: Disabled
·         Remove Make offline: Enabled
·         Prevent use of Offline Files folder: Enabled

Run a gpupdate on the computer or reboot it for the changes to take effect.

Re-registering VSS in Windows 2008

Open an Administrative command prompt and enter the following commands:

cd /d %windir%\system32
net stop "System Event Notification Service"
net stop "Background Intelligent Transfer Service"
net stop "COM+ Event System"
net stop "Microsoft Software Shadow Copy Provider"
net stop "Volume Shadow Copy"
net stop vss
net stop swprv
regsvr32 /s ATL.DLL
regsvr32 /s comsvcs.DLL
regsvr32 /s credui.DLL
regsvr32 /s CRYPTNET.DLL
regsvr32 /s CRYPTUI.DLL
regsvr32 /s dhcpqec.DLL
regsvr32 /s dssenh.DLL
regsvr32 /s eapqec.DLL
regsvr32 /s esscli.DLL
regsvr32 /s FastProx.DLL
regsvr32 /s FirewallAPI.DLL
regsvr32 /s kmsvc.DLL
regsvr32 /s lsmproxy.DLL
regsvr32 /s MSCTF.DLL
regsvr32 /s msi.DLL
regsvr32 /s msxml3.DLL
regsvr32 /s ncprov.DLL
regsvr32 /s ole32.DLL
regsvr32 /s OLEACC.DLL
regsvr32 /s OLEAUT32.DLL
regsvr32 /s PROPSYS.DLL
regsvr32 /s QAgent.DLL
regsvr32 /s qagentrt.DLL
regsvr32 /s QUtil.DLL
regsvr32 /s raschap.DLL
regsvr32 /s RASQEC.DLL
regsvr32 /s rastls.DLL
regsvr32 /s repdrvfs.DLL
regsvr32 /s RPCRT4.DLL
regsvr32 /s rsaenh.DLL
regsvr32 /s SHELL32.DLL
regsvr32 /s shsvcs.DLL
regsvr32 /s /i swprv.DLL
regsvr32 /s tschannel.DLL
regsvr32 /s USERENV.DLL
regsvr32 /s vss_ps.DLL
regsvr32 /s wbemcons.DLL
regsvr32 /s wbemcore.DLL
regsvr32 /s wbemess.DLL
regsvr32 /s wbemsvc.DLL
regsvr32 /s WINHTTP.DLL
regsvr32 /s WINTRUST.DLL
regsvr32 /s wmiprvsd.DLL
regsvr32 /s wmisvc.DLL
regsvr32 /s wmiutils.DLL
regsvr32 /s wuaueng.DLL
sfc /SCANFILE=%windir%\system32\catsrv.DLL
sfc /SCANFILE=%windir%\system32\catsrvut.DLL
sfc /SCANFILE=%windir%\system32\CLBCatQ.DLL
net start "COM+ Event System
Now reboot the server to bring the writers back to a stable state.