Skip to main content


Showing posts from March, 2006

sms: sms 2003 sp2 schema extension

so you ran the schema extension you say, and it ran so fast that you didn't notice it had finished? if you're upgrading from SMS 2003 to SP2, the included schema "extension" doesn't do very much at all. in fact, from a practical standpoint, nothing is extended. an existing attribute is linked to an existing class. if you're a sms administrator and can't convince your ad administrators to run it, just show them this. here's a log of a proper run: <03-30-2006> Modifying Active Directory Schema - with SMS extensions. <03-30-2006> DS Root:CN=Schema,CN=Configuration,DC=bladerunner,DC=int <03-30-2006> Attribute cn=MS-SMS-Site-Code already exists. <03-30-2006> Attribute cn=mS-SMS-Assignment-Site-Code already exists. <03-30-2006> Attribute cn=MS-SMS-Site-Boundaries already exists. <03-30-2006> Attribute cn=MS-SMS-Roaming-Boundaries already exists. <03-30-2006> Attribute cn=MS-S

mom: graphing performance in the operator console

well, i've had more than a few requests on how to do this. i thought it'd be helpful to share and have a convenient link to send for anyone else that doesn't know how to do it. everyone knows that you can graph performance data in the mom 2005 operator console, but how do you do it longer than the default of two hours (or whatever is specified)? let's take a look at the performance data view "free megabytes". it's located under microsoft windows server base os/performance/logical disk . this is all you have to do. on free megabytes (left pane), right-click and choose properties. the first tab of this window is "criteria". click the measured in specified time period . click the link in the lower window and specify the time frame for the graph you want. click ok. choose the items you want to include. select draw graph. now you have a graph of data in a longer time range.

mom: useless exchange rule

remember this rule ? exchange availability report is dependent on the script generating 9980 events. well, i finally shut it off. i have 500,000 events in my production database right now. i figured if my database is grooming at 4 days, then the calculations would stand to this reason: 4 days = 500,000 events ; therefore, the production database is storing 125,000 of these a day. 125,000 * 60 = 7,500,000 since the mom warehouse stores 60 days (61 actually... but who's counting?) now, assuming all has been going well, the corollary philosophy here is that i am not actually losing any data for availability. why? well, first of all, the exchange availability report that comes from the exchange mp was a monster to run. clearly, you can see why. second, the availibility report that comes from the availability reporting mp doesn't even use 9980. it uses 1001 (and some other stuff, but 1001 for the purpose of exchange). with availability reporting and sla scorecard in place

mom: monitoring organizationalUnit changes...

i've lost a lot of hair today. why? mom is finicky and aggravating. i'll get to that later. here's how to setup rules to pickup event id 566. it's comprised of two rules: collection and event. first of all, why create a collection event? it's simple. if you only create an event to pick up the alert, you don't necessarily hold all the parameters that you want. if you want to go look for this later, it may be challenging if you're scavenging alerts faster than events. set it up like this: source: security event id: 566 type: success audit description: contains substring organizationalUnit parameters: 3,4,9,12 i'm not going to advocate collecting all the event parameters. it's probably safe with the description filter but saw some come in with some wild parameter counts (in the mid 100's). now, you will pick up events that you probably didn't mean to, like user accounts getting created/deleted under an OU. anyway, the parameters i

ds: dsacls is driving me crazy!

here's a little background. i'm trying to delegate permissions for create/delete computer objects on a given ou. i get back this nonsensical response on a command i know i've issued before but can't seem to make it work! seen this before? here's the command: dsacls "OU=Computers,OU=General,DC=Company,DC=com" /G "Company\SupportGuy:CCDC;Computer" this is the response: No GUID Found for Computer The parameter is incorrect. The command failed to complete successfully. apparently case does matter in some cases (intended). capitalizing Computer causes the output to fail. why? i guess dsacls is case sensitive. it's looking for an object called Computer. switching it to lowercase computer works just fine.

mom: upgrading to sql 2005

have you upgraded to sql 2005? why not? alright, i haven't either but do have a legitimate excuse. i was waiting on three hotfixes to be published. mom 2005 sp1 is not compatible with sql 2005 (operations and reporting database) without these three hotfixes. kb913812 , unable to discover computers in ad after upgrading to .net framework 2.0 kb915785 , errors can occur when data collected by mom 2005 sp1 is queried with sql server 2005 reporting services kb913801 , deadlocks may occur on sql 2005 (some of these are not yet accessible.)

os: wmidiag tool finally posted!

what was once a trivial thing to understand has become an edifice for systems management in the windows space. back when i started learning sms, wmi was completely foreign. it was used primarily to hold configuration data here and there, acting as a mini-database and largely untapped by most software vendors at the time. since its popularity has grown, so has the usage. this is largely ostensible without spinning up wbemtest, opening cim studio, or constructing a single wmi query. if your repository corrupts, there is absolutely no recommendations at this point to remove all items from the wbem repository directory and allow wmi to recover. the ubiquitous usage almost guarantees something will break. i suppose for that reason, wmidiag was born. download it and get to know it . while you're at it, attend the webcast if you can. alain lissoir himself is presenting... content should be great.

sms: addressing wmi corruption...

i picked up this tidbit from jeff gilbert on the sms mailing list. anyway, there are a few ways to address this if the os of the affect client is windows xp or windows 2003 or greater. here's what he had to say on the matter: There is help for XP SP1-SP2 and Server 2003, SP1 systems to diagnose and repair WMI corruption: To check the WMI repository for errors on a Server 2003 SP1 system, run the following command from command prompt: rundll32 wbemupgd, CheckWMISetup Once you've run that command, check the setup.log file located at: %windir%\System32\Wbem\Logs\Setup.log. Check for entries from today's date. If you find none, then WMI is probably OK and you should continue troubleshooting somewhere else. If however, you see an error message from today saying that it can't find a namespace then yes, your WMI repository does have issues and you should do the below: rundll32 wbemupgd, RepairWMISetup This will re-create your WMI repositor