Setup Windows Firewall on a Domain Controller

If you would like to enable Windows Firewall on a domain controller, you will want to consider the following exceptions to the firewall before going live. These exceptions are necessary if you want domain authentication and file and print sharing. I would also recommend enabling these ports so only the local network is the exception. Allowing “outside” access may be hazardous to your server’s health.

Enable program exceptions for lsass.exe and ntfrs.exe.exe which are found under %windir%\system32.

Enable port exceptions for ports 53 (TCP and UDP), 88 (TCP and UDP), 123 (UDP), 135 (TCP), 137 (TCP), 389 (UDP), 464 (TCP and UDP) and 636 (TCP).

 

Did this help, leave a comment…

Fix - Outlook Express needs to compact disk space.

To free up disk space outlook express can compact messages. Problem is, you don’t even have Outlook Express installed! What’s going on?

This problem occurs if Outlook Express uses a third party search tool to index items on your hard drive. For our purposes we will say that you have Windows Search for your desktop. If you’re using Windows Search, right click the System Tray icon, select Windows Search Options. When the Indexing Options dialog box appears, click the Modify button at the bottom. Find Microsoft Outlook Express in the list, clear the check box, click OK. Microsoft Outlook Express should no longer appear in the “Index these locations:” list. Next, close the dialog box to finish.

By performing this method, Outlook Express should no longer try to index your hard drive and thus should not prompt you to compact your messages.

Fix - Invalid Guest on Virtual Center

After encountering an ESX host problem the other night, I ran into an issue today with a VM guest showing up as “invalid” in virtual center. I was able to bring the guest back into VC without taking an outage by doing the following procedures.

First some background.

Due to circumstances still being investigated, the console of an ESX box froze disconnecting it from virtual center. All of the guests (approximately 40) on the host were still available and running, but VMware support confirmed that the state of the server was so degragated that it would require a reboot of the host and thus an outage of all the guests on it to fix. Since the ESX box is in an HA cluster, after some necessary VM guest applications were shut down the ESX box was rebooted and HA promptly brought up the guest VM’s onto other hosts in the cluster. All the guests affected were then checked out and appeared fine.

Thinking I was in the clear, today I noticed one of the affected VM’s icon in Virtual center appeared as blue and was italicized with the words “(invalid)” added after the vm name. Knowing that I had successfully started and checked this particular vm the night before, I was needless to say confused.

First things first, since the VM was a Linux guest I tried to ssh to the guest to see if it was still running. Luckily, I was able to log in to the VM and everything looked normal. Next, I logged onto the ESX host console that this VM had last been registered to and issued a vmware-cmd -l. There was no entry for the invalid VM so to double check I issued a ps -axf | grep -i and found that there was indeed a process running for the vm in question on this particular ESX host.

I decided to try to re-add the VM into VC manually by first removing the invalid guest from inventory in VC and then re-adding it by browsing to the .vmx file. To do this, I clicked on the ESX host in VC and on the summary tab double click on the data store that the .vmx file for this vm lives on. You can then browse to the directory for the vm guest and should be able to right-click the .vmx file and choose the “Add to inventory” option. I say should be able to because in this particular instance that option was grayed out and not selectable.

In an attempt to find out some more information from the ESX host logs, I then logged onto the ESX host the VM was last registered on and navigated to the /var/log/vmware directory. Issuing a grep -i * gave a lot of good output. The interesting bit I found were some entries concerning .vmx file syntax errors. They appeared as follows:

hostd-9.log:[2008-12-07 17:28:17.388 'BaseLibs' 20241328 info] Reloading config state: /vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx
hostd-9.log:[2008-12-07 17:28:17.435 'BaseLibs' 20241328 warning] VMHSVMLoadConfig failed: File “/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx” line 94: Syntax error.
hostd-9.log:[2008-12-07 17:28:17.448 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 3076424608 info] Failed to load virtual machine.
hostd-9.log:[2008-12-07 17:28:17.466 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 3076424608 info] Failed to load virtual machine. Marking as unavailable: vim.fault.InvalidVmConfig
hostd-9.log:[2008-12-07 17:28:17.467 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 3076424608 info] State Transition
(VM_STATE_INITIALIZING -> VM_STATE_INVALID_CONFIG)
hostd-9.log:[2008-12-07 17:28:17.467 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 3076424608 info] Marking VirtualMachine invalid
hostd-9.log:[2008-12-07 17:28:17.467 'Vmsvc' 3076424608 info] Loaded virtual machine: /vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx
hostd.log:[2008-12-08 09:18:04.516 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 60660656 info] State Transition (VM_STATE_INVALID_CONFIG -> VM_STATE_UNREGISTERING)
hostd.log:[2008-12-08 09:18:04.586 'vm:/vmfs/volumes/48dabc48-573b1344-46f8-001ec939c5cb/vmabc123/vmabc123.vmx' 60660656 info] State Transition (VM_STATE_UNREGISTERING-> VM_STATE_GONE)

These entries are from approximately 17 hours after I successfully restarted the invalid VM after the ESX host outage. Since they specified bad .vmx entries, I navigated to the .vmx file in question and made a backup copy of the file. Then I opened the original .vmx file and noticed the last three lines of the file were:
evcCompatibilityMode = "FALSE"
0001e9ebd3fbff"
evcCompatibilityMode = "FALSE"

The .vmx file is basically the configuration of the VM, and each line should have relevant information. The second to last line consisting of a multiple of digits is not a correct entry and the evccompatibilitymode entry should only appear once. Seems like I found the syntax errors the hostd logs were complaining about. After editing the .vmx file to remove the last two entries. I decided to stop and restart the vmware management agents to see if they could now pick up the orphaned VM guest process.

This was done using the following commands:
#/etc/rc.d/init.d/vmware-vpxa stop
#service mgmt-vmware stop
#service mgmt-vmware start
#/etc/rc.d/init.d/vmware-vpxa start

After restarting the services, I tried manually registering the VM guest to the host using #vmware-cmd -s register . This returned successfully so I checked for the VM’s operation state using vmware-cmd getstate. The command showed that the VM was in a powered on state, which also meant that the VMware services now recognized the vm as a valid guest. I logged back into VC and sure enough the vm guest icon was now showing as powered on and I was able to open a console to the guest.

I’m still not sure who or what created the bad entries in the vmx file to begin with and why they didn’t cause an issue until so long after the guest was rebooted, but at least I was able to fix the issue without an outage.

Repair MS Office

Sometimes Microsoft Office problems are just to weird and/or extreme for the home user or even IT professional to troubleshoot. In those cases it is sometimes necessary to reinstall your office program, for those cases of high corruption it may be best to try a repair install rather than trying to completely reinstall the entire Office Suite or product.

How to perform an MS Office repair.
*Note* Depending on your installation, you may need the MS Office disk to perform the repair.

 

Performing a repair is easy. You can repair a single Office product or repair the entire suite.

 

Repairing a single product…

• With your troubled product open (i.e. Outlook, Word), goto Tools > Repair .
• Your product will begin repairing program files, you may be asked for your disk during this process.
• When it has completed, you should restart your application and test the fix.

 

Repairing the Office Suite
To repair the Office Suite grab your MS Office disk and perform the following:

• Insert your MS Office disk.
• Goto Start > Control Panel > Add/Remove Programs > Microsoft Office > Change
• Once you click Change, you will be prompted with a wizard that will guide you through the repair.
• Follow the on screen prompts to complete the repair process.

 

That is all there is to repairing your Office installations! It is important to note that this will NOT erase any settings or files associated with your MS product.

Incorrect Profile Loading

If you have found yourself logging into your computer only to find that all of your desktop shortcuts are missing and your background isn’t the same, chances are Windows loaded the wrong user profile for you. Most times the profile that is loaded is a Temporary user profile. You can find out which profile you have loaded by Right-Clicking on the Start button and Clicking Explore.

 

As you can see, I have loaded the Administrator Profile.
Your profile that loads should be similar to your login name. For example, John Smith logs in as jsmith and should have profile called jsmith located under /Documents and Settings. If he logs into a domain, such as, “business”, he may see jsmith.business as his profile. It depends whether or not he logged in as jsmith on the local computer and the domain.

 

What happens if the profile I loaded is not my usual?
You can follow these steps to ensure the next time you log into your machine you load the correct profile.

1. Click Start > Run type Regedit press Enter
2.
3. On the left hand side navigate to the following registry key: HKEY_LOCAL_MACHINE > SOFTWARE > MICROSOFT > WINDOWS NT > CURRENT VERSION > PROFILE LIST
4. Select the folder where your profile image path is located. (i.e. jsmith)
5.
6. Double-Click ProfileImagePath and change the path to the correct profile which user JSMITH should open.
7.
8. Click OK and exit from the registry editor.
9. The user must logoff and log back in for the changes to take effect.

If you never want this to happen again and are looking for a permanent solution, you can try the following hack…

1. Save the Profile List registry key to a location on your hard drive by Right-Clicking and selecting Export.
2. Create a Batch File with the following information:
reg import C:\path\name.reg (Where you define the path and name.)

3. Add the batch file to your start-up script by editing the local computer group policy.

• Click Start > Run Type gpedit.msc > Enter
• Navigate to Computer Configuration \ Windows Settings \ Startup Script
• Add the location of the batch file to the startup script policy.

That’s it!

How to change file associations.

How do you change which program starts when you want to open a file? For example, if I were to double-click a .jpg (common image file), Windows would open Microsoft Picture Manager to manage that file type. Since I typically edit these types of files, I would like to open Adobe Photoshop instead, so for convenience sake, I would need to associate that type of file with Photoshop, allowing me to simply double-click the file to open Photoshop. Read below to find out how to change the file association settings.

How to change a file association?
1. Open My Computer or Windows Explorer, right-click a file for which you want to change the program that opens that file type, and then use either of the following methods to change which program starts:
• Click Open With to choose the program that you want.
• Point to Open With, and then click Choose Program to choose the program that you want.

2. Notice that the Open With dialog box appears. Use one of the following methods to select the program that you want to use to open this kind of file:
• In the Programs list, click the program that you want.
• Click Browse, locate and then click the program that you want to use, and then click OK.
• Click Look for the appropriate program on the Web to browse the Internet for the program that you want.

3. Click to select the Always use the selected program to open this kind of file check box if it is not already selected.

4. Click OK.

Note: You cannot use this method for a file that does not have a file name extension, or for a file that has a system extension, such as exe, .com, .bat, and so on. (http://support.microsoft.com/kb/307859)

How-to Repair a Windows Installation

Sometimes troubleshooting problems with your PC can lead you down a path of no return. For example, your Windows installation could have contracted a virus from the internet, the virus could have re-written Windows system files such as .dll’s, this type of virus could leave your system virtually inoperable.

 

So, how do you get all the Windows system files back to original state, without having to restore from backup? You simply use the Windows system disk and repair the OS. The Windows system disk should have shipped with your computer, and it may be labeled Windows XP Re-Installation CD.

 

Steps to Repair your Windows Installation:

1. Insert your Windows system disk into your optical drive. (cd/dvd)
2. Reboot your system.
3. When the system begins to start back up, force it to boot from your optical drive. The option to select a boot device will typically flash on the screen for a few seconds before Windows starts. (i.e. Press F12 or F10 key to select boot device.)
4. Once you have selected it to boot from your optical drive, the screen will turn blue and your system will prepare itself for a windows installation.
5. The next message you will see is the “Welcome to set-up” screen that will list the following options:
• To set-up Windows now press Enter
• To repair a Windows installation using recovery console, press R
• To quit set-up without repairing Windows, press F3

6. You want to press Enter to run Windows set-up. (Do NOT press R)
7. Accept the License agreement by pressing F8.
8. The next screen will list the Windows installations currently installed on your computer, you should only have one, but if not, simply choose the one you want to repair and press R. If Repair is not one of the options, you should END the set-up process.
9. Set-up will now start copying system files to the Windows installation you chose.
10. After the file copy is done, your system will reboot and continue with the installation screen. (You do NOT have to do anything.)
11. When the installation is complete the system will reboot for the final time. You can now take the Windows installation CD out of your optical drive, and Windows will boot normally.

 

This process will repair a Windows installation by replacing Windows system files to there original state. This is not a “fix-all” solution and in many cases should be treated as a last resort before attempting a complete Windows re-installation. A repair can assist you by helping you bring your machine back to life after a virus or program has damaged basic Windows functions, it will not rid you of your virus problem.

 

Cramped C: Partition? - Move your pagefile.

Ok, so here’s the scenario, you created a partition when you installed Windows, but you made the C: (or Windows) partition too small. Now you don’t have space to temporarily download files, defragment (requires %15 free disk space), or even add additional programs. What to do? You don’t want to rebuild the machine!

 

Answer
Well there are a couple of things you can do. Both of which include buying an additional hard drive, if you don’t already have one.
1. Start changing your install path for new software installs to your new additional drive. (i.e. D:\Program_Files\newsoftware)
2. Move your pagefile.sys to the new drive. (This is what we will be focusing on.)

 

Moving your Pagefile.sys

1. Click Start > Run Type Regedit and Press Enter
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management
3. Double-Click the PagingFiles entry on the right-hand side of the screen.

4. Now enter the new path where you want the pagefile to reside. (In this case it will be located on our separate drive D:/pagefile.sys)


5. Once you have successfully edited the path, you will need to restart the computer before the changes will take effect.
6. After you have restarted you can now navigate to your old pagefile location (C:\pagefile.sys) and delete it.

 

Moving the pagefile is not always recommended and moving it to a separate drive is not a best practice, try to remember to give yourself enough room for the next partition you create!

 

Filed Under Tech "How-To" · Leave a Comment  

Keep your VM’s in shape with Auto Tool updates

July 7, 2008

If you’ve used VMware software, you know the importance of installing and keeping the Tools up to date on the VM guests. VMware Tools provide VM guests OS specific drivers which can greatly increase the speed and stability of virtualized machines. Stressing the importance of these Tools is a continually ongoing battle between administrators and clients who don’t want to incur a scheduled reboot of their server when updates need to be applied.

 

Thanks to a new feature in VMware ESX, you can enable a setting to have the guest OS automatically upgrade its tools if needed after a reboot. Now instead of scheduling outages, the VM itself will take care of the update after a client initiates a reboot or a reboot occurs due to Windows OS patching. To enable this feature, follow the steps below.

1) Use VMware Infrastructure Client to log into the Virtual Center that manages the desired ESX host or to the ESX host directly.
2) Under the Inventory tab, select the ESX host containing the VM you wish to enable the feature on.
3) Right click on the desired VM guest and choose “Edit Settings”.
SCREENSHOT
4) When the VM properties box pops up, select “VMware Tools” under the “Options” tab.
5) Under the Advanced options, check the box entitled “Check and upgrade Tools before each power-on”
SCREENSHOT
6) Hit Ok.

Note: This setting can only be changed through VI Client when the VM is powered off. If you need to change the setting while the VM is running, use a RCLI script or a Windows Powershell script using the VMware API plug-in.

 

Filed Under Tech "How-To" · Leave a Comment  

Remote Shell Access in ESXi

June 30, 2008


If you’ve used VMware ESX in the past, you’ll know that one of the most useful administrative features is the Red Hat based console used to interact with the ESX host. With the introduction of VMware’s console-less hypervisor ESXi, many of us were left trying to find ways to accomplish familiar tasks in a shell-less environment.
Fortunately word has gotten out that contrary to VMware marketing, ESXi does include a limited shell which can be accessed in times of need. This shell is actually the open-source BusyBox, which includes among other tools an ssh client/server. To access this shell and enable remote ssh logins, follow the steps below. Note: This assumes you have physical (or console based) access to the ESXi host.

1) After booting into ESXi, go to the console screen of the host and press the buttons ALT-F1 which will take you another console terminal screen.
2) Type the word “unsupported” and hit enter at this screen. Note: character echoing is turned off so you will not see what you are typing.
3) A prompt will appear explaining you are entering “Tech Support Mode”, please read it carefully and understand what you are agreeing to. Enter the root password and hit enter.
4) To enable sshd, type “vi /etc/inted.conf”
5) Find the line that begins with ssh and delete the “#” at the beginning. (I assume you know vi editor commands)
6) Save the file and find the inted service by typing “ps | grep inetd”.
7) Kill the inetd process by typing “kill -9 process id from step 6
8) The inetd process will now restart and the sshd service will be enabled. You can now use an ssh client to access the ESXi host as root.

Filed Under Tech "How-To" · 1 Comment  

Next Page »