Skip to main content


Showing posts from July, 2007

sms: forcing child sites to show up in the parent hierarchy...

this was recently posted on the myitforum mailing list. it's worth archiving for later reference. :) question: I have a secondary site that shows its parent site as the primary, which is good. In my SMS console, I have registered my central site database and my primary site database. When I drill down to the secondary site in question from the central site, I can see it, BUT if I drill down to the secondary site from the primary it is not there?? Any one ever see this? answer: Copy the site control file from the secondary site and rename it to *.CT2. Copy the renamed file into the HMAN.BOX on the parent primary and it will show up after it gets processed. This resolves the immediate problem of not seeing the secondary from the primary. You may need to take a look at the SENDER.LOG to determine why it isn't communicating. Thanks, Mark A. Mears, Sr.

os: tcpip offloading and windows server 2003...

recently, we had problems with the [t]cpip [o]ffload [e]ngine features on a nic that caused all kinds of bizarre and strange problems. apparently if you have a nic that supports the scalable networking pack, included in windows server 2003 sp2, these features kick in. the guys over at posted this very nice write up on their blog. if you're planning on upgrading ... this is a must read. here's a few articles related to this as well:

ds: another tool to add to your sysinternals toolbelt...

this was released recently, and everyone is blogging or posting about it. i might as well join in. :) anyway, it's called adexplorer , brought to you from the same guys that bring you all those nice sysinternals tools. this isn't the only free ldap browser out there though. there is the softerra ldap browser which is also pretty nice.

mom: subnet missing from ad site configuration

if you've upgraded your domain controllers to windows 2003 (and i hope by now you have), you won't be able to pick up these events anymore: Event Type: Information Event Source: NETLOGON Event Category: None Event ID: 5778 Date: Time: User: N/A Computer: 'Computer Name' Description: 'Computer Name' tried to determine its site by looking up its IP address ('Computer IP Address') in the Configuration\Sites\Subnets container in the DS. No subnet matched the IP address. Consider adding a subnet object for this IP address. instead, you get this type of event message that really doesn't help at all: Event Type: Information Event Source: NETLOGON Event Category: None Event ID: 5807 Date: Time: User: N/A Computer: 'Computer Name' Description: During the past 4.22 hours there have been 26 connections to this Domain Controller from client machines whose IP addresses

ds: enumerating dns ptr records with dnscmd...

wow, what an fun topic. :/ it was a little confusing so i figured i'd post it as a gentle reminder for later when i completely forget. let's assume you have a reverse lookup zone of 10.x.x.x. if you want to pull the records for 10.1.1 for example, you could run the command like this: dnscmd /enumrecords 1.1 it doesn't actually show you semantically how all this gets put together, unless you fork it up like i did. here's the output of an incorrect command format: c:\>dnscmd /enumrecords 10.1.1 DNS Server failed to enumerate records for node     Status = 9714 (0x000025f2) Command failed:  DNS_ERROR_NAME_DOES_NOT_EXIST     9714  (000025f2) if you notice, it appends the zone name to the requested node name of 10.1.1. since doesn't exist, it fails. moving on... i think in older versions, you had to include the "." following the zone, like "

sms: advertising packages based on status message

i have no idea what to call this particular post. i mean, it's the day before the 4th of july... so i could call it something like... making fireworks with sms? i don't know. the whole thing started off when i was down visiting with a site system. they pointed out that some of their clients were failing to patch. further examination revealed that these clients looked healthy. wiping vpcache, reinstalling the client, etc... just wasn't doing it. examining this scan process showed that smswushandler.log was where the real problems were stemming from. anyway, i found that some of their failures had a common execution status of 11412. the unfortunate part of this error message is that it can mean different types of scan failures including down-level or broken windows update agents. in my case, i wanted to break it up into two distinct things so that i could correct both client problems. the reason for doing is because 11412 isn't distinct enough to handle it with one m

os: capturing packet traces in such a clever way...

i was referred to by microsoft pss on this great article on how to capture netmon traces (and stop them when a certain criteria is met). there were a few differences from our end than what's in the article. basically, we were required to look for an event on a particular machine and stop the trace on an entirely different machine. here's the command line i used: nmcap /network * /capture /file c:\temp\myCapture.cap:200M /stopwhen /frame "ipv4.SourceAddress== and ipv4.DestinationAddress==" /DisableConversations   here's what the switches mean: nmcap - this file is usually located under c:\program files\microsoft network monitor 3.0 /network * - selects all network adapters, wildcard capable /capture - capture packets /file - capture to the file c:\temp\myCapture.cap :200M - sets myCapture.cap to a circular 200MB /stopwhen - specifies to look for a condition on when to stop (in this case what's defi

mom: reporting on security event data

another mom blogger, bryce kinnamon , wrote up this nifty blog. i'm blogging about it in case you missed it. typically the problem with reporting security event data is that the data itself is all clogged up in the description field. using patindex, bryce shows a clever way to break this up into distinct columns . very nice.

misc: new mom mvp!

i just heard that anders bengtsson was finally awarded a mvp yesterday. this guy has been doing some great work. i've been watching to see just when he'd get his nom. looks like it finally came through! congratulations to you, anders. keep up the great work supporting the community. (looks like i'll have to pay attention to what he says now... :/ ...)