Scenario: Many users after migrating to EXO will call to Service Desk asking why they lost the permissions to change the Distribution List.
They will investigate and confirm the permissions are right and nothing was change, right? No, wrong. This/These users were migrated to EXO and they cannot access the DL on-premises.
To solve this situation follow the simple instructions:
<Solution>
Open the CMD and type the following
"C:\Windows\System32\rundll32.exe
dsquery,OpenQueryWindow"
Chang's Blog
Search This Blog
May 29, 2015
Apr 27, 2015
After migrating users to O365 the Lync Client 2013 (on-premises) stopped displaying the meeting icon
In a hybrid scenario where you can have different version of Office installed on your machine you may notice a new issue with Lync Client.
In this particular scenario, and I believe only at the company that I'm working we have that. See below:
Win7 and Office 2010 + Lync Client 2013 (we have a Lync 2013!)
In that scenario after moving the Exchange mailbox (on-premises) to a new Exchange Online environment all users cannot see the meeting icon in their Lync Client.
That happens because the EWS cannot contact the properly both environment.
Solution:
• As a workaround changed the default URL to use HTTPS instead:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOIdentityCRL\Environment\Production]
"RemoteFile"=https://clientconfig.microsoftonline-p.net/PPCRLconfig.srf
• With this key set the calendar icon appears and EWS status shows OK in Lync configuration information
In this particular scenario, and I believe only at the company that I'm working we have that. See below:
Win7 and Office 2010 + Lync Client 2013 (we have a Lync 2013!)
In that scenario after moving the Exchange mailbox (on-premises) to a new Exchange Online environment all users cannot see the meeting icon in their Lync Client.
That happens because the EWS cannot contact the properly both environment.
Solution:
• As a workaround changed the default URL to use HTTPS instead:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSOIdentityCRL\Environment\Production]
"RemoteFile"=https://clientconfig.microsoftonline-p.net/PPCRLconfig.srf
• With this key set the calendar icon appears and EWS status shows OK in Lync configuration information
That key already exist in Office2013! :)
Apr 13, 2014
Error 1207 ID - The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements
Here a way to find out and fix the pain in the ass ID 1207 when you don't have the default access denied message.
That it's to help who has the following error below: Hope it helps.
<Scenario>
ID 1207 being logged on the DAG member servers (Host Owner) each 15 minutes.Even if you tried move the "Cluster Group" to another servers the ID still being generated on the server that now it's hosting the "Cluster Group"
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: 4/12/2014 2:33:32 PM
Event ID: 1207
Task Category: Network Name Resource
Level: Error
User: SYSTEM
Computer: EX01.chang.com
Description: Cluster network name resource 'Cluster Name' cannot be brought online. The computer object associated with the resource could not be updated in domain 'chang.com' for the following reason:
Unable to update password for computer account.
The text for the associated error code is: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.
The cluster identity 'DAG01$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.
<Troubleshooting Actions >
The first though was review all the permissions and compare the DAGs account with the EUR since the EUR Servers was not generating any ID 1207 on the DAG members servers.
Second step was review the cluster.log and check the communication between the server impacted and domain controler (PDC).
000021a8.00003948::2014/04/12-14:26:09.160 INFO [RES] Network Name <Cluster Name>: Trying to find computer account DAG02 object GUID(913b4ecd1bd89047a6186b15a9f69e21) on any available domain controller.
000021a8.00003948::2014/04/12-14:26:09.300 INFO [RES] Network Name <Cluster Name>: Found computer account DAG01 on domain controller \\DC0008.chang.com.
000021a8.00003948::2014/04/12-14:26:09.300 INFO [RES] Network Name <Cluster Name>: Trying to obtain the VSToken for Core Cluster Name resource
000021a8.00003948::2014/04/12-14:26:09.316 INFO [RES] Network Name <Cluster Name>: GetCoreNetnameObject_VSToken returning status 0
000021a8.00003948::2014/04/12-14:26:09.316 INFO [RES] Network Name <Cluster Name>: Obtained the security token for cluster name account.
00001a5c.00004e2c::2014/04/12-14:26:12.373 INFO [GUM] Node 5: Processing RequestLock 7:211485
00001a5c.00004e2c::2014/04/12-14:26:12.373 INFO [GUM] Node 5: Processing GrantLock to 7 (sent by 5 gumid: 11988005)
00001a5c.00001d1c::2014/04/12-14:26:12.623 INFO [GUM] Node 5: Processing RequestLock 3:223687
00001a5c.00004e2c::2014/04/12-14:26:12.623 INFO [GUM] Node 5: Processing GrantLock to 3 (sent by 7 gumid: 11988006)
000021a8.00003948::2014/04/12-14:26:14.760 ERR [RES] Network Name <Cluster Name>: Unable to update password for computer account DAG02 on DC \\PDC0101.chang.com, status 2245.
00001a5c.00002eb4::2014/04/12-14:26:14.776 INFO [GUM] Node 5: Processing RequestLock 5:221212
00001a5c.00001d1c::2014/04/12-14:26:14.776 INFO [GUM] Node 5: Processing GrantLock to 5 (sent by 3 gumid: 11988007)
000021a8.00003948::2014/04/12-14:26:14.776 WARN [RES] Network Name <Cluster Name>: Automatic Password rotation failed with status 2245.Will retry in 2245 seconds
000021a8.00003948::2014/04/12-14:26:14.776 INFO [RES] Network Name <Cluster Name>: TimerQueueTimer rescheduled to fire after 900 secs
After reviewing the PDC server and capture network traces between the PDC x EX01, we could see the communications were working fine.
Reviewed the code error 2245 and that means the object could not reset the password account.
Found the "Computer Account" in the 'userAccountControl' attribute was set with the incorrect value (0x220 - for User Account).
Using as example another DAG01, the first pic show the wrong configuration
This second picture show us how is the correct value. Checked and the ID 1207 has been generated only for DAG02 servers.
One part of the symptom was when we try find the DAG0X account using the ADUC snap-in the return value is empty. After resetting the value we can find the computer account in the ADUC snap-in.
<Solution>
UserAccountControl must be changed from 0x220 to 0x1000 value.
Now you can see the account as Workstation/Server Computer Account under ADUC snap-in.
<Scenario>
ID 1207 being logged on the DAG member servers (Host Owner) each 15 minutes.Even if you tried move the "Cluster Group" to another servers the ID still being generated on the server that now it's hosting the "Cluster Group"
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: 4/12/2014 2:33:32 PM
Event ID: 1207
Task Category: Network Name Resource
Level: Error
User: SYSTEM
Computer: EX01.chang.com
Description: Cluster network name resource 'Cluster Name' cannot be brought online. The computer object associated with the resource could not be updated in domain 'chang.com' for the following reason:
Unable to update password for computer account.
The text for the associated error code is: The password does not meet the password policy requirements. Check the minimum password length, password complexity and password history requirements.
The cluster identity 'DAG01$' may lack permissions required to update the object. Please work with your domain administrator to ensure that the cluster identity can update computer objects in the domain.
<Troubleshooting Actions >
The first though was review all the permissions and compare the DAGs account with the EUR since the EUR Servers was not generating any ID 1207 on the DAG members servers.
Second step was review the cluster.log and check the communication between the server impacted and domain controler (PDC).
000021a8.00003948::2014/04/12-14:26:09.160 INFO [RES] Network Name <Cluster Name>: Trying to find computer account DAG02 object GUID(913b4ecd1bd89047a6186b15a9f69e21) on any available domain controller.
000021a8.00003948::2014/04/12-14:26:09.300 INFO [RES] Network Name <Cluster Name>: Found computer account DAG01 on domain controller \\DC0008.chang.com.
000021a8.00003948::2014/04/12-14:26:09.300 INFO [RES] Network Name <Cluster Name>: Trying to obtain the VSToken for Core Cluster Name resource
000021a8.00003948::2014/04/12-14:26:09.316 INFO [RES] Network Name <Cluster Name>: GetCoreNetnameObject_VSToken returning status 0
000021a8.00003948::2014/04/12-14:26:09.316 INFO [RES] Network Name <Cluster Name>: Obtained the security token for cluster name account.
00001a5c.00004e2c::2014/04/12-14:26:12.373 INFO [GUM] Node 5: Processing RequestLock 7:211485
00001a5c.00004e2c::2014/04/12-14:26:12.373 INFO [GUM] Node 5: Processing GrantLock to 7 (sent by 5 gumid: 11988005)
00001a5c.00001d1c::2014/04/12-14:26:12.623 INFO [GUM] Node 5: Processing RequestLock 3:223687
00001a5c.00004e2c::2014/04/12-14:26:12.623 INFO [GUM] Node 5: Processing GrantLock to 3 (sent by 7 gumid: 11988006)
000021a8.00003948::2014/04/12-14:26:14.760 ERR [RES] Network Name <Cluster Name>: Unable to update password for computer account DAG02 on DC \\PDC0101.chang.com, status 2245.
00001a5c.00002eb4::2014/04/12-14:26:14.776 INFO [GUM] Node 5: Processing RequestLock 5:221212
00001a5c.00001d1c::2014/04/12-14:26:14.776 INFO [GUM] Node 5: Processing GrantLock to 5 (sent by 3 gumid: 11988007)
000021a8.00003948::2014/04/12-14:26:14.776 WARN [RES] Network Name <Cluster Name>: Automatic Password rotation failed with status 2245.Will retry in 2245 seconds
000021a8.00003948::2014/04/12-14:26:14.776 INFO [RES] Network Name <Cluster Name>: TimerQueueTimer rescheduled to fire after 900 secs
After reviewing the PDC server and capture network traces between the PDC x EX01, we could see the communications were working fine.
Reviewed the code error 2245 and that means the object could not reset the password account.
Found the "Computer Account" in the 'userAccountControl' attribute was set with the incorrect value (0x220 - for User Account).
Using as example another DAG01, the first pic show the wrong configuration
This second picture show us how is the correct value. Checked and the ID 1207 has been generated only for DAG02 servers.
One part of the symptom was when we try find the DAG0X account using the ADUC snap-in the return value is empty. After resetting the value we can find the computer account in the ADUC snap-in.
<Solution>
UserAccountControl must be changed from 0x220 to 0x1000 value.
Now you can see the account as Workstation/Server Computer Account under ADUC snap-in.
Aug 29, 2012
Outbox remains items or duplicate itens in Outbox folder
Hello Everyone,
PS: After deploying the registry entry for end users you should instructed the end users to cleanup their Outbox. Probably it will not be an easy way.
It's one more issue
that we need some help from Microsoft to identify and try make the easy as
possible to end users. You will see during the description below
Subjective
===================- Some end users cannot send emails because their Outbox Folders (when view with cache mode disabled) has more than their Default limit size and their messages looks like duplicated. Messages were already sent but still being archived under Outbox folder.
- This symptom has been increased the number of the user impacts since they were migrated to Exchange 2010 Mailbox.
Actions
======================
General
recommendations to narrow down the causes as follows:
- Verify the users have only one Outlook client open for their mailbox. If they have multiple workstations with Outlook open, instruct them to only have one open at a time.
- Verify if the affected users are on Outlook 2007 or Outlook 2010
- For users on Outlook 2007, educate users in Cached mode to avoid: known causes and help them to change their behaviors to prevent them from triggering the failure:
- Avoid Rules on items as they are sent
- Avoid moving items you have sent without waiting a significant amount of time (5 minutes or more)
- Do not have your Outlook/Exchange profile configured to deliver mail to a PST
- Do not select the option “In folders other than Inbox, save replies with original message”
- Even if users are updated to Office 2010, they still need to avoid having their mail delivered to PST or they can see similar symptoms
- Go ahead and deploy the SendOne reg key for Outlook 2007 users. This is the KB948984 you already have noted below and will help mitigate many of the known issues in that version.
Solution
===============
Used the article and
apply the registry 'SendOne' = 0 and restart the Outlook. After applying the SendOne reg key to your Outlook 2007
users, continue periodically reviewing the Mailbox Folder Statistics for the
Outbox folder counts to verify the counts are no longer growing.
Outlook
2007 attempted to optimize the submission process with Exchange and it left
some openings for certain client/user behaviors to interrupt that
optimization. The “SendOne” reg key reverts to Outlook 2003 and prior
cached behavior and removes the submission optimization.
PS: After deploying the registry entry for end users you should instructed the end users to cleanup their Outbox. Probably it will not be an easy way.
Aug 20, 2012
Use Mailbox Search to Delete Messages
Hello ALL,
Sometimes in the Exchange organization you have to find and delete some emails that someone sent by mistake, delete inappropriate or potentially harmful e-mail messages sent to multiple mailboxes across their organization and you have to do this ASAP to avoid this email be read for people supposed to NOT read.
Below a short example about how to find and delete email was sent by mistake.
Scenario: Delete for all users under OU (let’s call "São Paulo") the email with the subject "MARCELOCHANGTESTE" .
PS: Can't use Multi-Mailbox Search in the Exchange Control Panel for this purpose, but, in Windows PowerShell, can do it, using theSearch-Mailbox cmdlet with the DeleteContent switch parameter.
Important: When use the Search-Mailbox cmdlet with the DeleteContent parameter, messages are permanently deleted from the user's mailbox and can't be recovered.
Actions
==================
First you need have the correct permission to execute the cmdlet 'search-mailbox'. To do this you have to add the permissions below:
Assign the required RBAC roles
Mailbox Search This role allows search for messages across multiple mailboxes in your organization.Administrators aren't assigned this role by default. To search multiple mailboxes, add yourself as a member of the Discovery Management role group.
Mailbox Import Export This role allows delete messages from a user's mailbox. This role isn't assigned to administrators by default. To delete messages from users' mailboxes, add the Mailbox Import Export role to the Organization Management role group.
In that case added the Roles under the Organization Management role group.
Without the Roles above it's not possible run the cmdlet.
Commands and Results:
The following command searches all mailbox under the OU "SaoPaulo" for messages with a specific value in the Subject line “in that case MARCELOCHANGTESTE”and then sends a message with the results to the target mailbox.
Get-Mailbox -OrganizationalUnit "mpc.lab/Organizations/Users and Groups/SaoPaulo" |Search-Mailbox -SearchQuery 'Subject:"MARCELOCHANGTESTE"' -TargetMailbox "MCHANG" -TargetFolder "SearchAndDeleteLog" -LogOnly -LogLevel Full
Report:
RunspaceId : 0d671b70-775b-4a66-84e9-ae3d8bddc407
Identity : mpc.lab/Organizations/Users and Groups/SaoPaulo/JOAODASILVA
TargetMailbox : mpc.lab/Organizations/Users and Groups/SaoPaulo/MCHANG
TargetPSTFile :
Success : True
TargetFolder : \SearchAndDeleteLog\UserName UHT-6/16/2012 6:21:18 PM
ResultItemsCount : 14
ResultItemsSize : 119.8 KB (122,687 bytes)
The following command searches for messages with the subject line and then permanently deletes them.
Get-Mailbox -OrganizationalUnit "mpc.lab/Organizations/Users and Groups/SaoPaulo" |Search-Mailbox -SearchQuery 'Subject:"MARCELOCHANGTESTE"' -DeleteContent
RunspaceId : 0d671b70-775b-4a66-84e9-ae3d8bddc407
Identity : mpc.lab/Organizations/Users and Groups/SaoPaulo/JOAODASILVA
TargetMailbox :
TargetPSTFile :
Success : True
TargetFolder :
ResultItemsCount : 8
ResultItemsSize : 113.9 KB (116,677 bytes)
Additional Information
========================
Use Mailbox Search to Delete Messages
Pasted from <http://technet.microsoft.com/en-us/library/ff459253.aspx>
Search For and Delete Messages from Users' Mailboxes
Pasted from <http://help.outlook.com/en-ca/140/gg315525.aspx>
Mar 19, 2012
Logging event id 1069 and 1558 every 15 minutes
- In this case my Failover Cluster is running with Exchange 2010 SP1 and we've configure the Quorum with FSM option. The File server is Hub Server.
- Looking to HUB server (Witness Disk Servers) we see the following drivers are with the same driver level for SMB:
- contains the MRXSMB10.sys = 6.1.7601.21767 and MRXSMB20.sys = 6.1.7601.17605
- Generated the Cluster.log using the command "cluster log /gen"
- Restarted the all Servers involved for tests (Cluster nodes and File Server).
- After rebooting new "Host Current Server" is generating the event ID 1069 and 1558
- Checked the Links below:
- Basically in that articles Microsoft request to update some drivers like SMB, Clussvc.exe and TCPIP.
- Changed the Cluster parameters
- Installed Updates
- Installed the following updates and rebooted all DAGs and Hub (FSW Server).
- Changed the Quorum model to Node and Majority and then go back to FSW.
- AV exclusion contains the correct drive "X:\Witnesses"
- Generated Cluster.log again. Getting the same issues on Cluster.log. Nothing changed so far.
- Running a Validate this Cluster and everything is up, running and OK.
- Checked Network Provider status inside regedit.
- Our HUB Server is running under VM technology and contains the following info: on the fileshare witness server following value exist. "vmhgfs,RDPNP,LanmanWorkstation" - but it doesn't impact anything. The values are correct.
- File Share witness is on a Virtual Machine. Checked on Microsoft technet that recommend configuration sould be use a File Server running on physical box .
- Changed the FSW server to a physical server. (It doesn't worked).
- Shutdown all nodes leaving just one online.
- The last one need to be restarted to perform the FORM process.
- After completing the reboot process turned on all others nodes.
Hello,
I'm posting a new
issue that I saw in few days and was solved with a solution that it's not so
simple. Actually the solution is simple but the way to do that in same cases
could create a second problem :)
Let's check the
scenario and actions takens.
Subjective
============
Getting Events 1069
and 1558 logged every 15 minutes on the server USPHXE0251 which has the
Cluster Group.
In this scenario we
had Exchange 2010 DAG impacting but these "errors" can appears on
SQL or any Cluster activity.
Typed "cluster
res" command
Listing status for
all available resources:
Resource Group Node Status
--------------------
-------------------- --------------- ------
Cluster IP
Address Cluster Group E0251 Online
Cluster Name Cluster Group E0251 Online
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Event ID: 1069
Task Category:
Resource Control Manager
Level: Error
User: SYSTEM
Computer: E0233.xyz.com
Description:
Cluster resource 'File Share Witness (\\e0202.xyz.com\DAG01.xyz.com)'
in clustered service or application 'Cluster Group' failed.
Log Name: System
Source: Microsoft-Windows-FailoverClustering
Event ID: 1558
Task Category:
Quorum Manager
Level: Warning
User: SYSTEM
Computer: E0251.xyz.com
Description: The
cluster service detected a problem with the witness resource. The witness
resource will be failed over to another node within the cluster in an attempt
to reestablish access to cluster configuration data.
Actions Takens
===============
00002bcc.00001eb8::2012/02/28-21:47:49.278
ERR [QUORUM] Node 4: Failing quorum
resource due to witness failure
00002bcc.00002c90::2012/02/28-21:47:49.278
INFO [GUM] Node 4: Processing
RequestLock 4:368
00002bcc.00001eb8::2012/02/28-21:47:49.278 INFO [RCM] HandleMonitorReply:
FAILURENOTIFICATION for 'File Share Witness (\\e0202.xyz.com\DAG01.xyz.com)',
gen(578) result 0.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
Online-->ProcessingFailure.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM]
rcm::RcmGroup::UpdateStateIfChanged: (Cluster Group, Online --> Failed)
00002bcc.00001eb8::2012/02/28-21:47:49.278
ERR [RCM]
rcm::RcmResource::HandleFailure: (File Share Witness (\\e0202.xyz.com\DAG01.xyz.com))
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [QUORUM] Node 4: PostRelease for
0dd9ec96-71d1-4949-806d-7d5403ff3f6d
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] resource File Share Witness
(\\e0202.xyz.com\DAG01.xyz.com):
failure count: 2, restartAction: 2.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] Greater than restartPeriod
time has elapsed since first failure, resetting failureTime and failureCount.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] Will restart resource in 500
milliseconds.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
ProcessingFailure-->[WaitingToTerminate to DelayRestartingResource].
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM]
rcm::RcmGroup::UpdateStateIfChanged: (Cluster Group, Failed --> Pending)
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
[WaitingToTerminate to DelayRestartingResource]-->[Terminating to
DelayRestartingResource].
00002284.000042a4::2012/02/28-21:47:49.278
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Terminating resource ...
00002284.000042a4::2012/02/28-21:47:49.278
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Resource is offline.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] HandleMonitorReply:
TERMINATERESOURCE for 'File Share Witness (\\e0202.xyz.com\DAG01.xyz.com)',
gen(579) result 0.
00002bcc.00001eb8::2012/02/28-21:47:49.278
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
[Terminating to DelayRestartingResource]-->DelayRestartingResource.
00002bcc.00001d1c::2012/02/28-21:47:49.278
INFO [GUM] Node 4: Processing GrantLock
to 4 (sent by 6 gumid: 140952)
00002bcc.00002c90::2012/02/28-21:47:49.278
INFO [QUORUM] Node 4: Witness Failed
Gum Handler [QUORUM] Node 4
00002bcc.00002c90::2012/02/28-21:47:49.278
INFO [QUORUM] Node 4: witness attach
failed. next restart will happen at 2012/02/28-22:02:49.278
00002bcc.0000238c::2012/02/28-21:47:49.278
INFO [QUORUM] Node 4: quorum is not
owned by anyone
00002bcc.00004178::2012/02/28-21:47:49.792
INFO [RCM] Delay-restarting File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com)
and any waiting dependents.
00002bcc.00004178::2012/02/28-21:47:49.792
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
DelayRestartingResource-->OnlineCallIssued.
00002284.00002360::2012/02/28-21:47:49.792
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Beginning arbitration ...
00002284.00002360::2012/02/28-21:47:49.792
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Opening file \\e0202.xyz.com\DAG01.xyz.com\0dd9ec96-71d1-4949-806d-7d5403ff3f6d\Witness.log.
00002284.00002360::2012/02/28-21:47:49.808
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Attempting to lock file \\e0202.xyz.com\DAG01.xyz.com\0dd9ec96-71d1-4949-806d-7d5403ff3f6d\Witness.log,
try 1 of 30.
00002284.00002360::2012/02/28-21:47:49.808
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Succeeded in locking file \\e0202.xyz.com\DAG01.xyz.com\0dd9ec96-71d1-4949-806d-7d5403ff3f6d\Witness.log
00002bcc.00004178::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4: PostArbitrate
=> 0 for 0dd9ec96-71d1-4949-806d-7d5403ff3f6d
00002bcc.00004178::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4
CompareAndSetWitnessTag: ignoring any existing data on witness resource.
00002bcc.00004178::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4
CompareAndSetWitnessTag: writing witness tag 164:164:509200
00002284.00002360::2012/02/28-21:47:49.824
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Writing file share witness epoch data.
00002284.00002360::2012/02/28-21:47:49.824
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Wrote 88 bytes to the witness file share.
00002bcc.00004178::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4
CompareAndSetWitnessTag: releasing witness share lock
00002284.00002360::2012/02/28-21:47:49.824
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Releasing locked witness share.
00002284.00002360::2012/02/28-21:47:49.824
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Bringing resource online ...
00002284.00002360::2012/02/28-21:47:49.824
INFO [RES] File Share Witness <File
Share Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Resource is online.
00002bcc.00000c60::2012/02/28-21:47:49.824
INFO [RCM] HandleMonitorReply:
ONLINERESOURCE for 'File Share Witness (\\e0202.xyz.com\DAG01.xyz.com)',
gen(579) result 0.
00002bcc.00000c60::2012/02/28-21:47:49.824
INFO [RCM] TransitionToState(File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com))
OnlineCallIssued-->Online.
00002bcc.00000c60::2012/02/28-21:47:49.824
INFO [RCM]
rcm::RcmGroup::UpdateStateIfChanged: (Cluster Group, Pending --> Online)
00002bcc.00000c60::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4: PostOnline for
0dd9ec96-71d1-4949-806d-7d5403ff3f6d
00002bcc.0000238c::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4: quorum is
arbitrated by node 4
00002bcc.0000238c::2012/02/28-21:47:49.824
INFO [QUORUM] Node 4: releasing witness
lock (if held) because witness is not needed for quorum in new view.
00002284.000029f4::2012/02/28-21:47:49.886 INFO [RES] File Share Witness <File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Ignoring request to release witness share because it is not currently locked.
cluster /prop SameSubnetDelay=2000 (The default value is 1000
milliseconds, we could set it to 2000 milliseconds.)
cluster /prop CrossSubnetDelay=2000
++++++++
KB2550886
- A transient communication failure causes a Windows Server 2008 R2 failover
cluster to stop working
Clussvc.exe
6.1.7601.21772
KB2661010
- IP packets are not routed through a Windows Server 2008 R2–based LAN router
in a VLAN environment
Fwpkclnt.sys
6.1.7601.17514
Tcpip.sys
6.1.7601.17754
Fwpkclnt.sys
6.1.7601.21889
Tcpip.sys
6.1.7601.21889
KB2616514
- Cluster service sends unnecessary registry key change notifications among
cluster nodes in Windows Server 2008 or in Windows Server 2008 R2
Clussvc.exe
6.1.7601.17730
Clussvc.exe
6.1.7601.21867
KB2612966
- Paged pool memory leak when you access some shared files in Windows 7 or in
Windows Server 2008 R2
Mrxsmb10.sys
6.1.7601.21819
Mrxsmb20.sys
6.1.7601.21819
++++++++++++++++++
00001738.00002760::2012/03/12-22:23:21.225 ERR [QUORUM] Node 3: Failing quorum resource
due to witness failure
00001738.00001b38::2012/03/12-22:23:21.225 INFO [RCM] HandleMonitorReply:
FAILURENOTIFICATION for 'File Share Witness (\\e0202.xyz.com\DAG01.xyz.com)',
gen(7) result 0.
00001738.00001b38::2012/03/12-22:23:21.225 ERR [RCM] rcm::RcmResource::HandleFailure:
(File Share Witness (\\e0202.xyz.com\DAG01.xyz.com))
00002168.00002808::2012/03/12-22:23:21.771 INFO [RES] File Share Witness <File Share
Witness (\\e0202.xyz.com\DAG01.xyz.com)>:
Ignoring request to release witness share because it is not currently locked.
Solution
==============
http://support.microsoft.com/kb/2750820
I'm not able to make this test but it's important to keep the troubleshooting mindset to figure out the root cause.
- Be running the Cluster service.
- Be unable to locate any other nodes in the cluster (in other words, no other nodes can be running).
- Acquire exclusive ownership of the quorum resource.
- According to Microsoft this logs although being generated every 15 minutes doesn’t means Cluster impact, but so far the only way to fix is using the form procedure. The Quorum (Witness Disk) is the first resource brought online when cluster service attempts to form a cluster.
Forming a Cluster
The first server that comes online in a cluster, either after
installation or after the entire cluster has been shut down for some reason,
forms the cluster. To succeed at forming a cluster, a
server must:
Information
==================
Feb 14, 2012
Activation Issue - The following Failure occurred while trying to use the product by: Code: 0x80070005 Description: Access is denied
Hello
ALL,
Copyright (C) Microsoft Corporation. All rights reserved.
Error: 0x80070005 Access denied: the requested action requires elevated privileges
Actions
Taken
==============
Copyright (C) Microsoft Corporation. All rights reserved.
Cause
=========
Today I
was reading some old emails with the solutions done and I would like to share
another issue it happens all the time. Hope it helps.
Issue
==========
Sometimes
you may have Access Denied message when you're trying activate your Windows
edition.
The message error is:
Invalid Product key
The following Failure occurred while trying to use
the product by: Code: 0x80070005 Description: Access is denied.- Probably if you have facing an issue like this one if you try run the command (even using Administrator account) "slmgr.vbs /dlv" on the server the activation error will show you the following message:
- For this case the best way is use one generic key to try install it and check if the Windows recognize it. After activating with that generic key we will be able to install the correct one to activate the Window properly.
- KMS Client Setup Keys http://technet.microsoft.com/en-us/library/ff793421.aspx
C:\Windows\System32>cscript slmgr.vbs /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y
Microsoft (R) Windows Script Host Version 5.8Copyright (C) Microsoft Corporation. All rights reserved.
Error: 0x80070005 Access denied: the requested action requires elevated privileges
==============
- When attempting to activate any type of licensing (MAK or KMS client) received the following error message to permissions issues.
- Validated using RSOP.MSC the path "Computer Configuration/Policies/Windows Settings/Security Settings/System Services" and service "Plug and Play" has been set as "Not Defined".
- Checked the permission within the Regedit to the following key "HKEY_USERS\S-1-5-20" and the local account 'Network Service' has Full Control permission.
Solution
=============- Added to Full Control permission to the 'Everyone' account in the following folders
- "C:\users\default\AppData\Roaming\Microsoft"
- "C:\Windows\serviceprofiles\networkservice\appdata\roaming\microsoft"
- Restarted the service "Software Protection" and and made Activation of Windows Server with a generic key as below:
C:\Windows\System32>cscript slmgr.vbs /ipk 489J6-VHDMP-X63PK-3K798-CPX3Y
Microsoft (R) Windows Script Host Version 5.8Copyright (C) Microsoft Corporation. All rights reserved.
Installed product key
489J6-VHDMP-X63PK-3K798-CPX3Y successfully.
- Started the "Activate Now" Wizard. Typed the correct license successfully.
- Double check the license thru command "cscript slgmr.vbs /dlv"
C:\Windows\System32>cscript slmgr.vbs /dlv
Microsoft (R) Windows Script Host Version 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Software licensing service version: 6.1.7600.16385
Name: Windows Server(R), ServerEnterprise edition
Description: Windows Operating System - Windows Server(R), VOLUME_MAK_B channel
Partial Product Key: G7X78
License Status: Licensed
Remaining Windows rearm count: 3
=========
- This issue was related to insufficient permissions on the folders mentioned above.
User unable to connect to OCS because token size was too large
Hello ALL,
Articles Related
===========
A small issue that occurred and I'd like to share. Simple but
sometimes you need to read.
Issue:
A user was unable to connect to OCS with Office Communicator.
Symptoms:
Error message was: Cannot sign in to Communicator. You may have entered your sign-in
address, user name incorrectly, or the authentication service may be
incompatible with this version of the program. If your sign-in information is
correct and the problem persists, please contact your system administrator.
System Event log entry was:
The kerberos SSPI package generated an output token of size 12175 bytes, which was too large to fit in
the token buffer of size 12000 bytes, provided by process id 6492.
The output SSPI token being too large is
probably the result of the user blablabla@mpc.local being a member of a large number of
groups.
It is recommended to minimize the number of groups a user
belongs to. If the problem can not be corrected by reduction of the group
memberships of this user, please contact your system administrator to increase
the maximum token size, which in term is configured machine-wide via the
following registry value:
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize.
Solution:
Reduce the number of groups to which the user belongs.
Explanation: The user is not able
to authenticate because the Kerberos token that is generated during
authentication attempts has a fixed maximum size. Transports such as remote
procedure call (RPC) and HTTP rely on the MaxTokenSize value when they allocate
buffers for authentication. In Windows 2000 (the original released version),
the MaxTokenSize value is 8,000 bytes. In Windows 2000 Service Pack 2 (SP2) and
Microsoft Windows Server 2003 and and still remains in Windows 7 and Windows
2008 R2, the MaxTokenSize value is 12,000 bytes.
If a user is a
member of more than 120 groups, the buffer that is determined by the
MaxTokenSize value is not large enough. As a result, users cannot authenticate,
and they may receive an "out of memory" error message.
This is why the
default value is not a hard limit, the maximum recommended configuration is
65535 bytes or 64k. It is recommended that you do not set the MaxTokenSize
greater than 65535 bytes or 64k. If you set the MaxTokenSize greater than 65535
bytes applications using Kerberos authentication could potentially fail.
If you want the
another solution for this same case is change the MaxTokenSize.
===========
New resolution for
problems with Kerberos authentication when users belong to many groups
http://support.microsoft.com/kb/327825
MaxTokenSize and
Kerberos Token Bloat
http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspxFeb 13, 2012
An SMB share is displayed incorrectly as an NFS share
Hello ALL,
I was reading some old emails and I'd like to share one more case that I worked. It was an interesting case where we have 2 scenario and 2 separates solution. Unfortunately one hasn’t solution found.
Let's go!
Scenario
============We have a Windows Server running 'Client for NFS' (Windows 2K8R2 SP1) and a File Server running UNIX OS (NFS). When some user log onto Windows Server the end user needs to map the Unix File Shared using one letter. When that end user select the option for map an UNIX NFS server with the "Reconnect at logon" the message below is displayed if tries use the mapped drive letter after logoff/logon is done.
"Z:\ is not accessible. The filename, directory name, or volume label syntax is incorrect".
Actions and Solution PART I
=======================- First action is use the article KB2025723 to review the Security Option.
- Client for NFS on Windows 2008 R2 does not work properly
http://support.microsoft.com/kb/2025723
- The resolution is to select only “sys” option and reboot the system.
- After that you should deploy the KB2485529 to fix the error message "Z:\ is not accessible. The filename, directory name, or volume label syntax is incorrect" and for best practices update the Windows Server with the KB2580164.
- Now we have fix the error message and the drive Z:\ can be accessible.
- Now the interesting part ... After logoff and logon the mapped drivers (Z:) is working however just if we click again in Explorer Window on the drive letter Z:\
- Now we see after logon the driver letter is being displayed with Red Cross. "X"
- Event Viewer
Event 16397, NfsClnt
General Details
Windows(R) Lightweight DirectoryAccess Protocol (LDAP) failed a request to connect to Active Directory Domain Services(R) for Windows user< BLABLA\XYZ.ABC>.
Without the corresponding UNIX identity of the Windows user, the user cannot access Network File System (NFS) shared resources.
Verify that the Windows user is in Active Directory Domain Services and has access permissions.
- Found the article blog "Getting Red X sign on mounted NFS volume from Windows client " - http://blogs.technet.com/b/sfu/archive/2011/09/20/getting-red-x-sign-on-mounted-nfs-volume-from-windows-client.aspx
Windows NFS client is known not to handle multiple path NFS shares. The issue is by design and comes when the client is mounting an NFS share which is more than 26 characters in length.
Users would be able to access the NFS shares after mounting it to a drive letter but a red X (disconnected) sign would be there on the mounted volume. The NFS mounted drives will be in connected state even if UI shows disconnect.
The recommendation would be to have a single path nfs share like “\\servername\sharename” or a multipath NFS share having less than 25 characters.
- In that case the number of characters was 20.
- No more actions to do. This is by design.
Solution PART II
==============NFS share are session specific and are not persistent mount. Even if we check the persistent mapping option while doing a Map network driver or put the parameter persistent=yes with the mount command.
Unlike CIFS shares where the drive mapping is persistent, NFS is not. So once the user logs off and logs back in, he will see the disconnected sign on the drive. The same observation would be there, if he runs the mount command from the cmd.
This is a known behavior.
Hope it helps!
Feb 10, 2012
Risks and Best Practices related to the introduction of the first Win2K8 DC in a Win2K3 Forest
Hello ALL,
Sometimes you think
... "Hey it's too easy to install a Windows Server and upgrade it or too
easy is add a new domain controller", but sometimes you really need to
take care of small things you cannot imagine it will impact you.
This post is to help
and complete the previous post http://panerarichang.blogspot.com/2011/05/how-to-install-first-2008-r2-domain.html
Let's starting think
about this scenario:
The first DC running Windows Server 2008 R2 was added in the forest which has
the side-effect of stamping the isrecycled attribute on live objects AND deleted objects that
reside in the deleted objects container, including objects that are @ the cusp
of TSL expiration and about to be garbage collected. This update triggers an
outbound replication event to replica DCs hosting common partitions.
NTDS Replication
Event 1988 is logged on strict mode destination DCs that received a request to
inbound replicate an update to an object from the source DC cited in the event
that the destination DC has already seen, deleted and garbage collected.
This event is being logged because the source
DC contains a lingering object which does not exist on the local DCs Active
Directory database. This replication
attempt has been blocked.
Cause
=============
The
problem occurs when introduction of the First Windows Server 2008 R2 DC
outbound replicates updates objects deleted (@ the cusp of) TSL # of days in
the past to strict mode destination DCs that have independently garbage
collected the deleted objects
An up-to
12 hour "race condition" exists that can block AD replication when
source DCs that have not yet garbage collected objects deleted at the cusp of
TSL expiration outbound replicate IsRecycled stamps to strict mode destination
domain controllers that have seen, deleted and garbage collected those same
objects.
There is
a known issue when you add your first Windows 2008 R2 domain controller in an
Active Directory forest. It is caused by the Active Directory Recycle Bin
feature, which requires updating all Active Directory objects to fill the new
attribute named isRecycled even if this feature is not enabled.
When this
DC is added, it will update the objects to set the isRecycled attribute. This
attribute change has to be replicated to other DCs. As the objects deleted
about Tombstone_Lifetime days earlier may have already been garbage collected
on the target DCs, this update will concern a non-existing object. This
scenario is the lingering object one, and its effect is to block replication
(if strict replication is configured) until this lingering object is removed.
In this
case, this situation will disappear after a maximum of 12 hours, the interval
between to execution of the garbage collection.
Resolution
=============
Wait up
to 12 hours for all domain controllers logging the NTDS Replication 1988 event
to garbage collect lingering object
OR
Accelerate
the execution of garbage collection on DCs that have yet to garbage collect
objects deleted TSL # of days in the past on the source DCs referenced in the
1988 events using the ROOTDSE "DoGarbageCollection control.
- In Ldp.exe, when you click Browse on the Modify menu, leave the Distinguished name box empty.
- In the Edit Entry Attribute box, type "DoGarbageCollection" (without the quotation marks),
- In the Values box, type "1" (without the quotation marks).
- Set the Operation value set to Add and click the Enter button, and then click Run.
OR
Increase
the garbage collection interval prior to the introduction prior to the
introduction of the 1st Win2K8 R2 DC.
The
garbage collection interval can be configured by entering a value in the
garbageCollPeriod attribute at:
CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=forest,DC=root
Default - 12 hoursMinimum - 1 hour
Maximum - Not documented.
Articles Related
==================
Enable Strict
Replication Consistency
http://technet.microsoft.com/en-us/library/cc816938(WS.10).aspx
Troubleshooting
Active Directory operations that fail with error 8606 Insufficient attributes
were given to create an object
http://support.microsoft.com/kb/2028495
Event ID 1988 Logged
in Directory Service Log after Schema Update
http://support.microsoft.com/kb/2005074
Problems with
introducing a new Windows Server 2008 DC into a Windows 2003 forest
http://blogs.technet.com/b/instan/archive/2009/07/30/problems-with-introducing-a-new-windows-server-2008-dc-into-a-windows-2003-forest.aspx?wa=wsignin1.0
Subscribe to:
Posts (Atom)