Unpublish network printers

To uncheck the "List in the directory" for all print queues on \\printserver use this command:

• C:\Program Files\Windows Resource Kits\Tools>setprinter \\printserver 7 "dwAction=unpublish"

Adding new MSCS node with Snapdrive and iSCSI

I was having problems replacing a failed node in a Windows 2003 MSCS cluster. With Netapp storage, I had the LUNs mapped to both nodes, but I could not add the shared disks to the new node unless I added it the cluster first.

Use Cluster Administrator to add a new node and specify "Advanced", then click "Advanced (minimum) configuration". This will add the node without shared disks. Once complete, I was able to open SnapDrive and the shared LUNs showed up.

For some strange reason, the only weird think in the System event logs was this warning, Event ID 20:

"A Path Verification request to a device on \Device\MPIODisk2 that is controlled by Microsoft iSCSI DSM has failed. This may indicate a Path Failure."

When I booted the new node alone (with other cluster node off), the LUNs showed up, but as "dedicated" LUNs in SnapDrive.

This led me to try and see if I could add the node to the cluster without shared disk, then to try and access the LUNs after that to see if they showed up as "clustered", which they did!

Reference: http://support.microsoft.com/kb/331801/en-us

Connecting ESX host to iSCSI LUN on Netapp v3140

Reference: http://blog.scottlowe.org/2006/12/15/iscsi-from-netapp-to-esx-server/

Adding an Netbios alias to a filer

This is located under CIFS, Configure, Options. Fill in the NetBIOS Aliases box, comma separated, then click Apply button.

Setting SSL on Netapp Filer

For some reason the GUI doesn't work too well.

1. Creating a certificate signing request

From the command line, enter:
secureadmin setup ssl

Answer the prompts and at the end, the setup generates a self-signed certificate for temporary use and a certificate signing request that can be sent to your CA for certificate creation.

2. Installing the signed certificate

• Create a text file with the signed certificate, ie. /etc/keymgr/cert.cer
• Install the certificate: secureadmin addcert ssl /etc/keymgr/cert.cer
• From the GUI, you can Restart SSL to enable new certificate.

Enabling & starting Dedup

To Enable dedup on a volume: sis on path

where path is the complete path to the FlexVol volume, ie. /vol/vol1.

To start dedup operations: sis start [-s] [-f] [-d] [-sp] /vol/volname

• The —s option scans the volume completely and you are prompted to confirm if deduplication should be started on the volume.
• The —f option starts deduplication on the volume without any prompts.
• The —d option starts a new deduplication operation after deleting the existing checkpoint information.
• The p option initiates a deduplication operation using the previous checkpoint regardless of how old the checkpoint is. Note: This option should be used along with -s only. This is applicable if checkpoint data is corresponding with the gathering stage.

Creating a dedup schedule

Command: sis config -s schedule path

schedule lists the days and hours of the day that deduplication runs. The schedule can be of the following forms:

• day_list[@hour_list] - If hour_list is not specified, deduplication runs in at midnight on the morning of each scheduled day.
• hour_list[@day_list] - If day_list is not specified, deduplication runs every day at the specified hours.
• A hyphen (-) disables deduplication operations for the specified FlexVol volume.
• auto - Deduplication runs automatically when the number of blocks added or changed since the last deduplication operation (performed either manually or automatically) exceeds approximately 20 percent of the total number of blocks that deduplication has already processed.

path is the complete path to the FlexVol volume.

Example
The following command starts deduplication operations at 11 p.m., Monday through Friday.

• sis config -s mon-fri@23 /vol/vol1

How to give access to SQL 2005 Activity Monitor

To view the Activity Monitor the user needs VIEW SERVER STATE permission on a SQL Server 2005 server.

Permission to KILL a process default to the members of the sysadmin and processadmin fixed database roles, and are not transferable.

References: http://msdn.microsoft.com/en-us/library/ms175518(SQL.90,printer).aspx

Creating MetaLuns

Good link to step by step for setting up EMC MetaLuns.

Reference: http://blog.scottlowe.org/2009/10/23/how-to-create-a-metalun/

Sharing a picture on Flickr

Somewhat off topic, but just wanted to blog it for my own notes...

To share private pictures from a Flickr account, you can do a "Share This" and email a guest pass to someone. To allow "guest" to be able to download "all sizes", you can change the Copyrights to something other than "All rights reserved".

Another way is to use this:
http://www.flickr.com/account/prefs/downloads/

But, this applies to your whole photostream. If you mark your pictures all private, others still won't be able to download unless you give them a guest pass.

How to SSL enable SQL 2005 Reporting Services

This assumes you have received the required CERT to enable SSL on IIS.

1. Install SSL cert to IIS and enable SSL and required 128-bit.
2. Open Reporting Services Configuratioin tool to configure the Report Server Virtual Directory.
3. Select Require Secure Socket Layer (SSL) connection checkbox.
4. Select level 3.
5. Enter certificate name which is (usually) the DNS of the webserver.
6. Click Apply.
7. Using Notepad, edit RSReportServer.config and modify the UrlRoot to use "https:" and the full DNS (certificatename) of the webserver.
   https://certificatename/reportservervirtualdirectoryname

Reference: http://msdn.microsoft.com/en-us/library/ms345223(SQL.90).aspx

Netbackup Restore Jobs

I was trying to do a SQL database restore job and in the Netbackup (NBU) Admin Console, the job showed that it successfully completed. However, on the SQL agent client console the job status showed that it failed.

The solution was that the MAXTRANSFERSIZE had one value "0" in the backup script and a different value "6" in the restore move script. Once I changed the "6" to "0", the job worked.

For more info on this, see Netbackup SQL Administrator's Guide at http://support.veritas.com/docs/290212

Reference: http://seer.entsupport.symantec.com/docs/311524.htm

SQL Agent Proxy Accounts

In SQL 2000, you could use a single windows account to be the proxy for all jobs that needed to run Sysadmin level tasks. New in SQL 2005 is that you can define multiple proxies for the non-Sysadmin.

To create:

1. Create or use a Windows login (local or domain) to be the proxy that will run the job.
2. Give that account "Log on as a batch job" right in the OS
3. Create SQL login for Windows login and give it SQLAgentUserRole in msdb.
4. Create the credential using SQL 2005 Management Studio (SSMS) to reference this account.
5. Create Proxy using SSMS and give it access to desired subsystem(s): ActiveX Script, Operating System, Replication Distributor, Replication Merge, Replication Queue Reader, Replication Snapshot, Replication Transaction-Log Reader, Analysis Services Command, Analysis Services Query, SSIS Package Execution
6. Job owner--->Proxy--->Credential--->Windows Login--->runs the job.

Reference: http://msdn.microsoft.com/en-us/library/ms189064(SQL.90).aspx

Configuring SSIS

SSIS is not cluster-aware so installing to a SQL 2005 cluster is problematic. I'm running an Active/Active, two instance, two physical server Windows 2003 cluster so I installed SSIS on both nodes and configured to reference MSDB on both virtual server\instances. I did not create anything within cluster groups for SSIS.

Reference: http://msdn.microsoft.com/en-us/library/ms137789(SQL.90).aspx

What's new in SQL 2005

Old, but good...

Reference: http://msdn.microsoft.com/en-us/library/cc966397(printer).aspx

How to transfer SSL certificates between IIS6

Export the server certificate

1. Run MMC
2. Add "Certificates" snap-in for "Computer Account"
3. Select "Local Computer".
4. Close add snap-in dialogs.
5. Open Certificates tree to Personal>Certificates.
6. Right-click on certificate to be exported and select "All tasks", "Export".
7. Specify "Yes" to export the private key.
8. Include all certificates in the certification path and click "Next".
9. Create a password and click "Next".
10. Save, next, then Finish.

Import certificate and private key server

1. Run MMC
2. Add "Certificates" snap-in for "Computer Account"
3. Select "Local Computer".
4. Close add snap-in dialogs.
5. Open Certificates tree to Personal>Certificates.
6. Right-click on >Certificates and select "All Tasks", "Import".
7. Select PFX file you created in previous section and be sure to "Mark this key as exportable".
8. Enter password created in previous section.
9. Confirm that "Personal" is selected as the Certificate Store and click Next.
10. Click Finish to complete.

Assign certificate to website

1. Open Internet Service Manager.
2. Right-click on website you want to install SSL cert.
3. Right-click website and select "Properties".
4. Select "Directory Security" tab.
5. Select "Server Certificate", then Next.
6. Select "Assign an existing certificate", then Next.
7. Highlight imported server certificate.
8. Assign SSL port, then Next.
9. Review summary of changes, then click Next and Finish.

Reference: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/2cfeeba2-511f-47e8-913c-f196b74e6a44.mspx?pf=true

Reporting Services SQL 2005 Performance tuning

This is a nice article about this topic.

Reference: http://technet.microsoft.com/en-us/library/cc966418(printer).aspx

Troubleshooting Netbackup connections

Use "bpclntcmd -pn":
When the -pn option is run on a NetBackup client, it initiates an inquiry to NetBackup master server, and the master server returns information about the requesting client to the requesting client. The information returned is, in effect, how the master server "identifies" the client server.

Good response looks like this:
C:\Program Files\VERITAS\NetBackup\bin>bpclntcmd -pn
expecting response from server master_server_01
client_01.domain.com client_01 192.168.0.30 3815

In effect, the master server identifies the requesting client as a machine named "client_01" with an IP address of 192.168.0.30.

Problem:
C:\Program Files\VERITAS\NetBackup\bin>bpclntcmd -pn
expecting response from server master_server_01
client_01.domain.com *NULL* 192.168.0.30 3815

If the output showed *NULL* for the NetBackup client name (as shown below), the client is not configured in a policy and does not show up in the image database.

Reference: http://seer.entsupport.symantec.com/docs/286620.htm

Disabling and undo-ing A-SIS for Netapp R200

Solution

To increase the size of an A-SIS enabled volume beyond the maximum limit for A-SIS, the A-SIS service must be turned off and the changes undone. Undoing A-SIS will re-inflate the file system and could require more disk space than is available in the A-SIS enabled volume. There is no way to expand the volume size until the undo is completed, so the recommended course of action is to create and use a temporary volume and migrate data necessary to free enough space for the re-inflation to complete.

WARNING: Once the volume is grown beyond the maximum size supported for A-SIS, A-SIS will be disabled.

WARNING: Disabling A-SIS will require additional disk space as files will be undeduplicated.

WARNING: Using "sis undo" may require rebaselining of snapmirror or snapvault relationships.

Complete the following steps to undo A-SIS: Note: The undo must be performed from diag mode. The sis undo command can take some time (hours) based on how much data is being un-deduped and the filer type.

• Enter df -s .
  Note the space saved, this is the amount of space that will be necessary for the re-inflation.
• Enter df .
  Note the available space. If it is not greater than or equal to the space saved found in the previous output, space will need to be cleared using other methods to complete the undo--for example, deleting Snapshots or migrating data.
• Enter sis off .
• Enter priv set diag.
• Enter sis undo .

Once the undo is complete, the volume will be a normal FlexVol volume that can be expanded.

Applies to:
All NearStore models
Data ONTAP 7G
A-SIS

Reference: kb35784 from Netapp.

Netapp oplocks

Reference: http://now.netapp.com/NOW/knowledge/docs/ontap/rel7251/html/ontap/smg/provisioning/task/t_oc_prov_oplocks.html#t_oc_prov_oplocks

Installing SQL 2005 Reporting Services

This install assumes 2 server, one for SQL and one for web/IIS part.

1. Install IIS with ASP.NET enabled to webserver.
2. Install SQL 2005 Std Ed to SQL server, database components only.
3. Install SQL 2005 Reporting services on the webserver.
4. Create SQL Account for SSRS to use to access database (see http://msdn.microsoft.com/en-us/library/ms159133.aspx) on SQL server.
5. Run the SSRS Configuration Wizard and point databases to SQL server.
6. Add users to SSRS access permissions.

Update: installed Oracle drivers to access Oracle database reports, but needed to add permissions (Users group RX) to C:\Oracle install folder so that IIS could access DLL files.

References: http://msdn.microsoft.com/en-us/library/ms159689(SQL.90).aspx
http://msdn.microsoft.com/en-us/library/ms143736(SQL.90).aspx

Adding Sysprep to VIC server

Reference: http://vmetc.com/2009/08/18/how-to-add-sysprep-to-vmware-vcenter-for-vm-customizations-vmware-converter-also/

SQL 2005 build versions after SP2

Reference: http://support.microsoft.com/kb/937137/LN/

Unattended Execution Account

If using a local account for this, I found I had to give it the User Right "Allow log on locally". Otherwise, the account is just a normal Users group account on the Reporting Services test server. SQL 2005, SSRS, and IIS are installed on the same (virtual) server.

Permissions and User Rights for IIS 6.0

Reference: http://support.microsoft.com/kb/812614

Hung VM or VM fails to power on with swap file errors

1. Login to each ESX host (via Putty or similar app)
2. Run

   ps -efwww | grep vm_guest_name

   on each host to determine which host has the hung VM process.
3. If you get something like this: (This is the process that has your file open in ESX)
   
   root 1092 1 0 10:33 ? 00:00:00 /usr/lib/vmware/bin/vmkload_app /usr/lib/vmware/bin/vmware-vmx -ssched.group=host/user -# name=VMware ESX Server;version=3.5.0;licensename=VMware ESX Server;licenseversion=2.0 build-82663; -@ pipe=/tmp/vmhsdaemon-0/vmx6a6188c22e804baf; /vmfs/volumes/48729e6e-7cf3b2df-6ca0-001ec9b1b30a/vm_guest_name/vm_guest_name.vmx
   
   
4. Kill the process using: kill -9 pid, where pid is 1092 in example above.
5. You should be able to power on the VM now.

ESX Logs

1. Login to ESX host (via Putty or similar app)
2. Review files in /var/logs

Expanding a VM-Windows partition

1. Power off the VM
2. Expand VMDK file to final size: One method is to use VIC, Edit settings, select Hard Disk, then change New Size.
3. The other is to login to ESX host and use command line tool /usr/sbin/vmkfstools –X #G pathtofile/file.vmdk, where #G is the final disk size and file.vmdk is the vmdk of the virtual server.
4. Edit settings of VM and mount the Gparted-livecd-*.iso to the VM.
5. Go into Options tab and change Boot Options to for entry into BIOS setup screen and make CD-ROM boot before the hard disk.
6. OK to close VM Properties.
7. Power on VM
8. Once within GParted tool, use the defaults until into the GUI
9. Click on current partition
10. Select Resize
11. Drag arrow to expand partition
12. Click Resize
13. Click Exit and Shutdown VM
14. Edit settings again to remove the Gparted ISO
15. Power on VM
16. Login via VIC console and Windows will find new hardware.Reboot the VM to complete process.

Reference: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=994

Netbackup Duplication jobs fail with Status Code 191

Cause:

• More files are open than the memory cache manager can handle. As a result, the cache manager has exhausted the available paged pool memory.
• The backup program has tried to back up a file whose size is larger than the backup API can access on that version of the operating system. This has the same result (that is, the paged pool is exhausted).

Solution:

• On the Windows 2003 server in question, 2 Registry Keys (PoolUsageMaximum, PagedPoolSize) may be created to fine-tune how the operating system manages Paged Pool Memory.
• First create PoolUsageMaximum regkey and set to DWORD value = 60. If that does not work, try value = 40. If that works, increase the value by 25% until it stops working. Go back to last working value.
• If backups are still failing, use PagedPoolSize with DWORD (hex) value = FFFFFFFF. Do not set this to any other value if you are using the /3GB switch. If you are running /3GB and /PAE together, do not set this setting without extensive testing.

References: http://seer.entsupport.symantec.com/docs/295563.htm

http://support.microsoft.com/kb/304101/en-us

Impact of "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing" security setting"

Reference: http://support.microsoft.com/kb/811833

Netbackup Service account user rights

To use a domain account as a service account to run the Netbackup Client Service and Netbackup Remote Manager and Monitor Service, these are the user rights required:

• Act as part of the operating system
• Create a token object
• Debug Programs???
• Logon as a service
• Replace a process level token

Reference: http://seer.entsupport.symantec.com/docs/270086.htm

Gizmodo guide to cables

Nice guide to the latest cable types and it includes pictures too!

Reference: http://gizmodo.com/5030810/giz-explains-an-illustrated-guide-to-every-stupid-cable-you-need

Performance tuning SQL 2000/2005 on Windows 2003

Maximize Data Throughput for Network Applications

If the Maximize data throughput for network applications network connection option is selected, the operating system gives priority to applications that perform buffered I/O operations by caching their I/O pages in file system cache. This option may limit memory available to SQL Server for normal operation. Use "Minimize memory used".

Reference: http://technet.microsoft.com/en-us/library/ms178067(SQL.90).aspx

Proper SQL server settings

Do not use priority boost for clustered servers that are running SQL Server 7.0, SQL Server 2000, or SQL Server 2005.

Reference: http://support.microsoft.com/kb/319942

ASPNET account rights

Default permissions for the ASPNET account

The ASPNET account is created as a local account when you install ASP.NET. The ASPNET account belongs only to the Users group on that computer. Therefore, the ASPNET account has all of the rights that are associated with the Users group and can access any resources that the Users group is granted access to. The ASPNET account inherits the following user rights from the Users group.

It also is granted:

• Log on as a service
• Log on as a batch job
• Deny log on locally

Reference: http://support.microsoft.com/kb/317012

Microsoft Office Sharepoint 2007 service accounts

This is about the "best" reference article I could find on MOSS 2007 service accounts, but IMO, that's not saying much... :-)

Reference: http://technet.microsoft.com/en-us/library/cc263445.aspx

Uninstalling Java from Windows

1. Download the Microsoft Installer Clean Up utility file and save it on your desktop.
2. Double click on executable file. The installation process will start. Follow the instructions accordingly.
3. Once installation process is over, go to Start -> All Programs -> Run Windows Install Clean Up utility.
4. This will launch the Windows Installer Clean Up utility dialog box
   Under the Installed products list, select the desired Java version that you want to remove.
5. Click Remove and Exit

Reference: http://www.java.com/en/download/help/uninstall_java.xml

User rights for IIS Service Account

Windows user rights

Access this computer from the network

• Administrators
• ASPNET
• IUSR_MachineName
• IWAM_MachineName
• Users

Adjust memory quotas for a process

• Administrators
• IWAM_MachineName
• Local service
• Network service

Bypass traverse checking

• IIS_WPG
  

Allow log on locally (see Note)

• Administrators
• IUSR_MachineName

Deny logon locally

• ASPNET

Impersonate a client after authentication

• Administrators
• ASPNET
• IIS_WPG
• Service

Log on as a batch job

• ASPNET
• IIS_WPG
• IUSR_MachineName
• IWAM_MachineName
• Local service

Logon as a service

• ASPNET
• Network service

Replace a process level token

• IWAM_MachineName
• Local service
• Network service

Note: If the Users group and the Everyone group must be removed from the Bypass traverse checking permissions, add the IIS_WPG group to permit IIS to function as expected.

Reference: http://support.microsoft.com/kb/812614
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/3648346f-e4f5-474b-86c7-5a86e85fa1ff.mspx?pf=true

SQL Server upgrade versions

Reference: http://msdn.microsoft.com/en-us/library/ms143393.aspx

Notes from VMware VSphere Tour

In no particular order

• Fault Tolerance (FT) can only be enabled for 1-CPU VMs and must used shared storage.
• Data Recovery (DR) images cannot be backed up to tape.
• With Netapp storage, the have Snap Manager for Virtual Infrastructure (SMVI) that plugs into vCenter APIs to backups for VMs.

SQL Service account requirements

If you don't want to just make your service account(s) part of the local administrators group, here are the user rights that you need to know...

For SQL 2000, a service account requires these user rights:

• Act as Part of the Operating System = SeTcbPrivilege
• Bypass Traverse Checking = SeChangeNotify
• Lock Pages In Memory = SeLockMemory
• Log on as a Batch Job = SeBatchLogonRight
• Log on as a Service = SeServiceLogonRight
• Replace a Process Level Token = SeAssignPrimaryTokenPrivilege

For SQL 2005, it's somewhat more complicated, depending on what service the account is for:

SQL Server

Default instance: SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER
Named instance: SQLServer2005MSSQLUser$ComputerName$InstanceName

• Log on as a service
• Act as part of the operating system (only on Windows 2000)
• Log on as a batch job
• Replace a process-level token
• Bypass traverse checking
• Adjust memory quotas for a process
• Permission to start SQL Server Active Directory Helper
• Permission to start SQL Writer

SQL Server Agent

Default instance: SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER
Named instance: SQLServer2005SQLAgentUser$ComputerName$InstanceName

• Log on as a service
• Act as part of the operating system (only on Windows 2000)
• Log on as a batch job
• Replace a process-level token
• Bypass traverse checking
• Adjust memory quotas for a process

Analysis Services

Default instance: SQLServer2005MSOLAPUser$ComputerName$MSSQLSERVER
Named instance: SQLServer2005MSOLAPUser$ComputerName$InstanceName

• Log on as a service

Reporting Services

Default instance: SQLServer2005ReportServerUser$ComputerName$MSSQLSERVER and SQLServer2005ReportingServicesWebServiceUser$ComputerName$MSSQLSERVER
Named instance: SQLServer2005ReportServerUser$ComputerName$InstanceName and SQLServer2005ReportingServicesWebServiceUser$ComputerName$InstanceName

• Log on as a service

Integration Services

Default or named instance: SQLServer2005DTSUser$ComputerName

• Log on as a service
• Permission to write to application event log
• Bypass traverse checking
• Create global objects
• Impersonate a client after authentication

Full-Text Search

Default instance: SQLServer2005MSFTEUser$ComputerName$MSSQLSERVER
Named instance: SQLServer2005MSFTEUser$ComputerName$InstanceName

• Log on as a service

SQL Server Browser

Default or named instance: SQLServer2005SQLBrowserUser$ComputerName

• Log on as a service

SQL Server Active Directory Helper

Default or named instance: SQLServer2005MSSQLServerADHelperUser$ComputerName

• No special rights

References: http://support.microsoft.com/kb/283811

http://msdn.microsoft.com/en-us/library/ms143504(SQL.90).aspx

User rights required for IIS

Below are User Rights required for an IIS server:

• Log on Locally
  Administrators
  IUSR_ (Anonymous)
  Users (authentication required)
• Access this computer from the Network
  Administrators
  ASPNet (.NET Framework)
  IUSR_ (Anonymous)
  IWAM_
  Users
• Log on as a Batch Job
  ASPNet
  Network
  IUSR_
  IWAM_
  Service
• Logon as a Service
  ASPNet
  Network
• Bypass Traverse Checking
  Administrators
  IUSR_ (Anonymous)
  Users (Basic, Integrated, Digest)
  IWAM_

Reference: http://support.microsoft.com/kb/271071

Moving event log files

To move Event Viewer log files to another location on the hard disk, follow these steps:

1. Click Start, and then click Run.
   
2. In the Open box, type regedit, and then click OK.
   
3. Locate and click the following registry key:
   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
   
4. Click the subkey that represents the event log that you want to move, for example, click Application.
   
5. In the right pane, double-click File.
   
6. Type the complete path to the new location (including the log file name) in the Value data box, and then click OK. For example, if you want to move the application log (Appevent.evt) to the Eventlogs folder on the E drive, type e:\eventlogs\appevent.evt.
   
7. Repeat steps 4 through 6 for each log file that you want to move.
   
8. Click Exit on the Registry menu.
   
9. Restart the computer.

Reference: http://support.microsoft.com/kb/315417

Automatic backup of event log files

At registry entery: HKLM/System/CurrentControlSet/Services/Eventlog:

• Add regkey: AutoBackupLogFiles <> 0 to logfile you want to setup auto-backup for.

Reference: http://msdn.microsoft.com/en-us/library/aa363648(VS.85).aspx

Multiple IP websites on a single server

Reference: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/b77cf015-017f-489c-9b5b-65ca4a679392.mspx?pf=true

Problem with mapped drive not showing up

Found out problem was related to Windows XP Professional Fast Logon Optimization feature. As a result, Windows XP does not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials. This results in shorter logon times, but the problem was that account profile mapped drives did not show up for the logged on user.

To fix:

• Use gpedit.msc to turn off Fast Logon Optimization
• Go to the policy setting and ENABLE:
  Computer Configuration\Administrative Templates\System\Logon\ Always wait for the network at computer startup and logon

Reference: http://support.microsoft.com/kb/305293

Configuring SQL to use more than 2GB RAM

Reference: http://support.microsoft.com/kb/274750

Large memory support in Windows 2000/2003

PAE is the added ability of the IA32 processor to address more than 4 GB of physical memory. The following operating systems can use PAE to take advantage of physical memory beyond 4 GB:

• Microsoft Windows 2000 Advanced Server
• Microsoft Windows 2000 Datacenter Server
• Microsoft Windows Server 2003, Enterprise Edition
• Microsoft Windows Server 2003, Datacenter Edition

To enable PAE, use the /PAE switch in the Boot.ini file.

The exception is when the /3GB switch is used in conjunction with the /PAE switch. In this case, the operating system does not use any memory in excess of 16 GB. This behavior is caused by kernel virtual memory space considerations. Thus, if the system restarts with the /3GB entry in the Boot.ini file, and the system has more than 16 GB of physical memory, the additional physical random access memory (RAM) is not used by the operating system. Restarting the computer without the /3GB switch enables the use of all the physical memory.

Reference: http://support.microsoft.com/kb/283037

Connect to console session via Terminal Services

From the command prompt, enter mstsc -v:servername /F -console to connect as console to a remote server.

• -v: - indicates the remote server
• /F - use full screen mode
• -console - connect as console

If someone is currently logged into the console, you will see the following message:

The user domain\username is logged locally on to this computer. The user has been idled for number minutes. The desktop is unlocked. If you continue, this user's session will end and any unsaved data will be lost. Do you want to continue?

If you continue, the current console user is logged off and remote server will be locked until you end your remote session.

Reference: http://support.microsoft.com/kb/278845

Automatically running CD-ROMs

Use regedit and change key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDRom

• Autorun = 0 to disable
• Autorun = 1 to enable

Close regedit and restart computer for change to apply.

Testing SMTP Communication

1. At a command prompt, type telnet, and then press ENTER. This command opens the Telnet session.
   
2. Type set localecho and then press ENTER. This optional command lets you view the characters as you type them. This setting may be required for some SMTP servers.
   
3. Type set logfile . This optional command enables logging of the Telnet session to the specified log file. If you only specify a file name, the location of the log file is the current working directory. If you specify a path and a file name, the path must be local to the computer. Both the path and the file name that you specify must be entered in the Microsoft DOS 8.3 format. The path that you specify must already exist. If you specify a log file that doesn't exist, it will be created for you.
   
4. Type open mail1.fabrikam.com 25 and then press ENTER.
   
5. Type EHLO contoso.com and then press ENTER.
   
6. Type MAIL FROM:chris@contoso.com and then press ENTER.
   
7. Type RCPT TO:kate@fabrikam.com NOTIFY=success,failure and then press ENTER. The optional NOTIFY command defines the particular delivery status notification (DSN) messages that the destination SMTP server must provide to the sender. DSN messages are defined in RFC 1891. In this case, you are requesting a DSN message for successful or failed message delivery.
   
8. Type DATA and then press ENTER. You will receive a response that resembles the following:
   354 Start mail input; end with .
   
9. Type Subject: Test from Contoso and then press ENTER.
   
10. Press ENTER. RFC 2822 requires a blank line between the Subject: header field and the message body.
    
11. Type This is a test message and then press ENTER.
    Press ENTER, type a period ( . ) and then press ENTER. You will receive a response that resembles the following:
    250 2.6.0 Queued mail for delivery
    
12. To disconnect from the destination SMTP server, type QUIT and then press ENTER. You will receive a response that resembles the following:
    221 2.0.0 Service closing transmission channel
    
13. To close the Telnet session, type quit and then press ENTER.
    

Reference: http://technet.microsoft.com/en-us/library/bb123686.aspx

Minimum rights required to run a scheduled task

Assumptions:

• Applies to Windows 2003 server
• Service account is not a member of the local administrators group
• Batch job runs as non-interactive process

Required for service account:

• RX permissions to c:\windows\system32\Cmd.exe
• Any share and NTFS permissions it needs to access files or data
• "Logon as a service" configured in the security policy editor (run gpedit.msc -> computer configuration -> windows settings -> security settings -> local policies -> user rights assignment -> Log on as a service)
• "Log on as a batch job" configured similarly using gpedit.msc

Reference: http://support.microsoft.com/kb/867466/en-us