Find all active AD users not expiring in a month

Sometimes your AD has a lots of temporary users, with accounts expiring in near future, and to ensure that only legitimate users have never expiring or long expiring accounts you want to audit your accounts. To do so, perform next:
1. Create test account expiring today
2. With ADSI edit get the value of accountExpires property
3. Add to this value Number_of_days*864000000000, write down this value (actually you can create test account expiring on required date, but it is not so fun)
4. Run the following command:
dsquery * -filter “(&(objectCategory=person)(objectClass=user)(accountExpires>=130344624000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))”
where 130344624000000000 is the number from step 3
and !(userAccountControl:1.2.840.113556.1.4.803:=2) means that we only want to find enabled users.

UPD

In some cases users with expire date “Never” have accountExpires=9223372036854775807 but in some cases it is equal to 0. So, correct search query will be:

dsquery * -filter “(&(objectCategory=person)(objectClass=user)(|(accountExpires>=130720500000000000)(accountExpires=0))(!(userAccountControl:1.2.840.113556.1.4.803:=2)))” -limit 1000

Unexpected server reboot caused by windows update

Recently I’ve got unexpected Windows server 2008 R2 reboot with some recovery reason, which is quite uninformative:

The process C:\Windows\system32\svchost.exe (servername) has initiated the restart of computer servername on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Recovery (Planned)
Reason Code: 0x80020002
Shutdown Type: restart
Comment:

As time of reboot was very close to 03:00 AM (default windows update installation time) and System event log contained couple of events about update installation, I’ve decided to check WindowsUpdate.log file.

It has following:

2013-12-16    03:17:06:606     832    13c8    AU    AU invoking RebootSystem (OnRebootNow)
2013-12-16    03:17:06:647     832    13c8    Misc    WARNING: SUS Client is rebooting system.
2013-12-16    03:17:06:647     832    13c8    AU    AU invoking RebootSystem (OnRebootRetry)
2013-12-16    03:17:06:651     832    13c8    AU    AU received handle event

So to eliminate such unexpected reboots disable automatic updates for production servers, or deny it automatically reboot server.

TSM Active Data pool file number

One of the strange features of TSM AD pool is that, when you do first incremental backup (for example 10 files), then change some data (for example 5 files) you’ll get incorrect number of files with query occupancy stg=adpool command. It will show you number of files equal to 15, the same as in your primary storage pool. But if you compare sizes of pool you’ll see a difference.  So do not rely only on file number in your AD storage pool

Clustered MS SQL dependency on mounted volume

Recently I have added new mounted volume to Microsoft cluster (lets say disk 3 mounted at m:\history), and tried to restore some old backup to it. But after I have run SQL script I’ve immediately got an SQL error:
Only formatted files on which the cluster resource of the server has a dependency can be used. Either the disk resource containing the file is not present in the cluster group or the cluster resource of the SQL Server does not have a dependency on it.
After short searches I’ve found couple of links stating than I need to add my volume to clustered MS SQL service dependencies to operate with this volume. By the way Microsoft’s manuals does not clarify do you really need to bring clustered MS SQL server offline before adding new dependency or not. One instruction says that you should to do so and others say that you can just add new dependency without interruption.
But after I’ve tried to follow this instruction the problem have not gone, and script showed the same error. I’ve tried to add source file’s drive (lets say disk 2 mounted to m:\backups) to dependencies as well without luck. The error was resolved only after I’ve added “root” volume M:. But this volume was previously added to original disk dependencies, so disk 3 mounted at m:\history was dependent on disk 1 (M:). So it seems clustered MS SQL does not look through dependency chain and just tests the drive which starts the file path, without worrying about real dependent volume. Hope this will save your time.

vSphere Client and space key

Recently we have had a very confusing incident while trying to access one of our production virtual server through vSphere client. As linux servers in default installation redraw its console only on some event (some input or output), every time we open virtual machine with linux to see its console we need to press some key on keyboard. The problem is when you just opened console in the thick client user’s input focused on the toolbar. More precisely on its first button, which is “Shutdown”. When you press this button you’ll get confirmation dialog and input focus is on the “OK” button again. So if just opened server console, without clicking mouse anywhere, and quickly press space key two times, it will immediately shutdown you server, which will cause unplanned downtime to your production system. Very disappointing application design for industry’s leader solution. By the way, vSphere webclient doesn’t have such problems.

Error 1602 or 1618 during install of any msi packet

Recently we’ve got error installing driver on our Windows 2008 R2 server. It does not provide any specific error dialog, just constantly showing “Please wait while the application is preparing for the first use”. After you press Cancel, it gives you error message saying that installation could not be completed because other installation is in progress. The only diagnostic message in the Application log was EventID 1033 form MsiInstaller with message “Installation success or error status: 1602” or “Installation success or error status: 1618”. Which obviously not helpful. Internet search revealed, that this message is quite common and can be caused by many things.
Continue reading “Error 1602 or 1618 during install of any msi packet”

Error 1053 while starting NetBackUP Client Service

Recently I have stuck with error 1053 “The service did not respond to the start or control request in a timely fashion” while starting NetBackUP Client Service. But the error appeared much faster then 30 seconds which is actual service timeout, so the message was incorrect. The problem was that affected server was joined into MSCS to host SQL server group. So to backup MSSQL we run NetBackUP Client Service as domain user with rights to access SQL bases. To start service correctly domain user must have local server administrator right. After I’ve added this user to local administrator’s group error gone.

Fixing MSDTC errors 4135 4163 4185 4112

One of clients had problem with MSDTC service on Windows 2003 server, which couldn’t start. After short investigation I have found corresponding errors in Application log:

Event Type:    Error
Event Source:    MSDTC
Event Category:    LOG
Event ID:    4163
Date:        2011-08-02
Time:        12:02:08 PM
User:        N/A
Computer:    servername
Description:
MS DTC log file not found. After ensuring that all Resource Managers coordinated by MS DTC have no indoubt transactions, please run msdtc -resetlog to create the log file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

Event Type: Error
Event Source: MSDTC
Event Category: TM
Event ID: 4185
Date: 2011-08-02
Time: 12:02:08 PM
User: N/A
Computer: servername
Description:
MS DTC Transaction Manager start failed. LogInit returned error 0x3.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

and

Event Type: Error
Event Source: MSDTC
Event Category: SVC
Event ID: 4112
Date: 2011-08-02
Time: 12:02:08 PM
User: N/A
Computer: servername
Description:
Could not start the MS DTC Transaction Manager.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Also System eventlog contained:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7024
Date: 2011-08-02
Time: 12:19:26 PM
User: N/A
Computer: servername
Description:
The Distributed Transaction Coordinator service terminated with service-specific error 3221229584 (0xC0001010).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

As it is recommended in first event and numerous forums I have tried to run:

msdtc -resetlog

but this command generated another error:

Event Type: Error
Event Source: MSDTC
Event Category: SVC
Event ID: 4135
Date: 2011-08-02
Time: 12:01:51 PM
User: N/A
Computer: servername
Description:
Failed to create/reset the MS DTC log file.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

after some search I have found several solutions to this problem, such as activating network access for DTC, but nothing helped. From colleagues I have learn that this server previously was in cluster but then cluster was abolished. So problem was with log file settings of MSDTC and I have decided to find out where Whindows store information about this files. After short search on healthy system I have found registry key HKEY_CLASSES_ROOT\CID\{GUID}\CustomProperties\LOG\Path where {GUID} some random GUID. Default value of this key pointed to MSDTC log file. After this I have looked through HKEY_CLASSES_ROOT\CID\ subkeys on problem server and found GUID stored similar settings. Log file settings here pointed to Q:\MsDtc, where Q: previously was quorum drive and not longer existed. After fixing this setting to point correct path, problem gone.