Windows storage hierarchy explained

Quick cheat sheet:
1) Physical disk, represented by Win32_DiskDrive and MSFT_Disk WMI classes. This is hardware presented to your computer. It is HDD, SSD, FC LUN or iSCSI LUN.
2) Partition, represented by Win32_DiskPartition and MSFT_Partition WMI classes. Partitions are walls that transforming your physical space into rooms, which later can be used to store your data. Physical disk can have 0 or more partitions.
3) Volume, represented by Win32_Volume and MSFT_Volume WMI classes. Volumes are named spaces, from abstract rooms you get living room, kitchen and bedrooms. You format room to make it “named room”. Or in other words, you format partition to some file system, i.e. NTFS, FAT or ReFS. Volumes can store data and provide access to it. One partition can have 0 or 1 volume. When partition has 0 volume, in most cases this means that there is no data accessible by user.
4) Logical Disks, represented by Win32_LogicalDisk. Logical disks are like doors to your named rooms. Without doors you can access your named rooms through windows (mount points) and ventilation (“start \\?\Volume{GUID}\” command), and of course it is not always convenient. So giving your volumes disk letter makes it Logical Disks. One volume equal to 0 or 1 logical disks.

“The update is not applicable to your computer”

Recently I’ve needed to apply 2 patches to our Windows 2008 R2. But both patches show me error “The update is not applicable to your computer”. But I knew for sure, that these updates were applicable, because installed file’s version was lower than the one contained in hotfixes.
In Setup log I’ve got “Windows update could not be installed because of error 2149842967” error.

The problem was that someone disabled Windows Modules Installer service on this machine, which is TrustedInstaller.exe process. After enabling and running this service, I’ve installed both patches successfully.

Random data big file creation

Sometimes you just need a big file. For example to test network speed, of backup speed. And to prevent software of hardware compression you need this file to be absolutely random. Also you do not want to write this file byte by byte, as it can be really slow. Here is my version of powershell script to generate such file:

$chunksize=2*1024*1024 #I use 2 Mb chunks
$filesize = 50*1024*1024*1024 # File size in bytes
[Byte[]]$randombuffer=@(0)*$chunksize #First of all we create buffer filled with zeroes
$Random = New-Object System.Random #Our random number generator
$myfile = New-Object IO.FileStream "c:\testfile", 'Append' #Replace c:\testfile with the proper path
1..($filesize/$chunksize) | %{$Random.NextBytes($randombuffer);$myfile.Write($randombuffer,0,$randombuffer.Length)};$myfile.Close() #Magic

Wmic exception occured

Some time ago we have faced problem that our script which calls wmic to get some values stopped to work. After a short research we have found that on some servers wmic utility stopped to work, showing exception every time we run any command:

wmic os get caption
ERROR:
Description = Exception occurred.

In the same time wbemtest and powershell worked correctly. The solution was to add “/value” switch to a command:

wmic os get caption /value
Caption=Microsoft Windows Server 2008 R2 Enterprise

For some reason wmic can’t format output as a table (the same error you can get with /format: table switch and get rid of it with /format:list), which is default, or can be done with /all switch. Hope this helps someone.

Enable Text Console (SOL) on Windows Server 2012

After installing Windows 2012 on old Fujitsu Primergy RX200 we lost ability to manage it with serial console. We’ve even tried to update iRMC firmware with no luck. Problem was resolved after we enabled EMS (Emergency Management Services) with the following set of commands:

BCDedit /bootems {Boot_entry_id} ON

bcdedit /ems on

bcdedit /emssettings EMSPORT:2 EMSBAUDRATE:115200

Ensure that you’ve changed Boot_entry_id to your ID (you can get it with bcdedit /v), 2 to your COM port number (you can get it from your bios settings, or from irmc settings) and 115200 to your bauderate (you can get it from your bios settings, or from irmc settings).

Reboot and enjoy serial access to your server.

Find all active AD users not expiring in a month

Sometimes your AD has a lots of temporary users, with accounts expiring in near future, and to ensure that only legitimate users have never expiring or long expiring accounts you want to audit your accounts. To do so, perform next:
1. Create test account expiring today
2. With ADSI edit get the value of accountExpires property
3. Add to this value Number_of_days*864000000000, write down this value (actually you can create test account expiring on required date, but it is not so fun)
4. Run the following command:
dsquery * -filter “(&(objectCategory=person)(objectClass=user)(accountExpires>=130344624000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”
where 130344624000000000 is the number from step 3
and !(userAccountControl:1.2.840.113556.1.4.803:=2) means that we only want to find enabled users.

UPD

In some cases users with expire date “Never” have accountExpires=9223372036854775807 but in some cases it is equal to 0. So, correct search query will be:

dsquery * -filter “(&(objectCategory=person)(objectClass=user)(|(accountExpires>=130720500000000000)(accountExpires=0))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))” -limit 1000

Fixing MSDTC errors 4135 4163 4185 4112

One of clients had problem with MSDTC service on Windows 2003 server, which couldn’t start. After short investigation I have found corresponding errors in Application log:

Event Type:    Error
Event Source:    MSDTC
Event Category:    LOG
Event ID:    4163
Date:        2011-08-02
Time:        12:02:08 PM
User:        N/A
Computer:    servername
Description:
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

Event Type: Error
Event Source: MSDTC
Event Category: TM
Event ID: 4185
Date: 2011-08-02
Time: 12:02:08 PM
User: N/A
Computer: servername
Description:
MS DTC Transaction Manager start failed. LogInit returned error 0x3.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

Event Type: Error
Event Source: MSDTC
Event Category: SVC
Event ID: 4112
Date: 2011-08-02
Time: 12:02:08 PM
User: N/A
Computer: servername
Description:
Could not start the MS DTC Transaction Manager.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Also System eventlog contained:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 2011-08-02
Time: 12:19:26 PM
User: N/A
Computer: servername
Description:
The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

As it is recommended in first event and numerous forums I have tried to run:

msdtc -resetlog

but this command generated another error:

Event Type: Error
Event Source: MSDTC
Event Category: SVC
Event ID: 4135
Date: 2011-08-02
Time: 12:01:51 PM
User: N/A
Computer: servername
Description:
Failed to create/reset the MS DTC log file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

after some search I have found several solutions to this problem, such as activating network access for DTC, but nothing helped. From colleagues I have learn that this server previously was in cluster but then cluster was abolished. So problem was with log file settings of MSDTC and I have decided to find out where Whindows store information about this files. After short search on healthy system I have found registry key HKEY_CLASSES_ROOT\CID\{GUID}\CustomProperties\LOG\Path where {GUID} some random GUID. Default value of this key pointed to MSDTC log file. After this I have looked through HKEY_CLASSES_ROOT\CID\ subkeys on problem server and found GUID stored similar settings. Log file settings here pointed to Q:\MsDtc, where Q: previously was quorum drive and not longer existed. After fixing this setting to point correct path, problem gone.