Windows 2008: Difference between revisions
m (→Build: Minor text elaboration) |
(→Procedures: Added "NTP Client") |
||
Line 14: | Line 14: | ||
# Sysprep will run and reboot the OS | # Sysprep will run and reboot the OS | ||
#* You'll need to provide a ''new'' password, and any hostname and IP details will need updating | #* You'll need to provide a ''new'' password, and any hostname and IP details will need updating | ||
=== NTP Client === | |||
Machines that are part of a domain will synchronise their time with the domain controllers, but standalone machines (or domain controllers) need to be configured to behave as NTP clients. | |||
The server's NTP config in the registry hive '''<code>HKLM\SYSTEM\CurrentControlSet\Services\W32Time</code>''' needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply. | |||
{|class="vwikitable" | |||
|- | |||
! Key !! Name !! Value !! Notes | |||
|- | |||
| rowspan=2 | Parameters || Type || NTP | |||
|- | |||
| NtpServer || 192.168.206.25,0x1 192.168.206.26,0x1 || Space separated list, each name/IP must have <code>,0x1</code> appended to the end | |||
|- | |||
| TimeProviders \ NtpServer || Enabled || 1 || Only required if you wish other servers to be able to poll your server for time | |||
|- | |||
| TimeProviders \ NtpClient || SpecialPollInterval || 1800 || Secs. Interval between successive NTP polls | |||
|- | |||
| rowspan=4 |Config || AnnounceFlags || 5 | |||
|- | |||
| MaxAllowedPhaseOffset || 30 || Secs. If clock if off by more, its' abruptly set rather than incremented | |||
|- | |||
| MaxPosPhaseCorrection || 5400 || Secs. Maximum positive phase correction allowed (if greater, no change occurs) | |||
|- | |||
| MaxNegPhaseCorrection || 5400 || Secs. Maximum negative phase correction allowed (if greater, no change occurs) | |||
|} | |||
Once completed, restart the Win32 Time service | |||
* <code> net stop w32time </code> | |||
* <code> net start w32time </code> | |||
To locate suitable NTP servers to use, see http://www.pool.ntp.org/ | |||
See http://support.microsoft.com/kb/816042 for further info on setting the above parameters | |||
== Memory Counters == | == Memory Counters == |
Revision as of 15:45, 16 April 2012
Build
Best practice for VMware VMs (take with a pinch of salt, one man's best practice can be another man's gotcha)
Disable ASLR
Address space layout randomisation is a feature which involves randomly arranging the positions of key data areas, in order to mitigate memory snapshot image vulnerabilities (which is generally not a problem). There are suggestions that this can reduce reduce VMware's page sharing between VM's, increasing overall physical memory usage. However, its probably true that whilst memory page locations will be randomised, the VMkernel will still be able to match up identical pages between different OS instances.
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\"MoveImages"=dword:00000000
Procedures
Sysprep
- Start sysprep from
C:\Windows\System32\sysprep\sysprep.exe
- Leave action as Enter System Out-of-Box Experience (OOBE) and tick the poorly spelt Generalize tick-box, then hit OK
- Sysprep will run and reboot the OS
- You'll need to provide a new password, and any hostname and IP details will need updating
NTP Client
Machines that are part of a domain will synchronise their time with the domain controllers, but standalone machines (or domain controllers) need to be configured to behave as NTP clients.
The server's NTP config in the registry hive HKLM\SYSTEM\CurrentControlSet\Services\W32Time
needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply.
Key | Name | Value | Notes |
---|---|---|---|
Parameters | Type | NTP | |
NtpServer | 192.168.206.25,0x1 192.168.206.26,0x1 | Space separated list, each name/IP must have ,0x1 appended to the end
| |
TimeProviders \ NtpServer | Enabled | 1 | Only required if you wish other servers to be able to poll your server for time |
TimeProviders \ NtpClient | SpecialPollInterval | 1800 | Secs. Interval between successive NTP polls |
Config | AnnounceFlags | 5 | |
MaxAllowedPhaseOffset | 30 | Secs. If clock if off by more, its' abruptly set rather than incremented | |
MaxPosPhaseCorrection | 5400 | Secs. Maximum positive phase correction allowed (if greater, no change occurs) | |
MaxNegPhaseCorrection | 5400 | Secs. Maximum negative phase correction allowed (if greater, no change occurs) |
Once completed, restart the Win32 Time service
net stop w32time
net start w32time
To locate suitable NTP servers to use, see http://www.pool.ntp.org/
See http://support.microsoft.com/kb/816042 for further info on setting the above parameters
Memory Counters
Memory management in any OS can be a complex and confusing business, especially as meanings change with time, and the same counter can be called different things in different OS's from the same family.
The first thing to appreciate is that Windows 2008 likes to fill its memory up, in order to improve system performance (Unix like to do this too). For example, it will try to prefetch drivers etc into memory before they're actually required, and cache files that are being accessed.
In the virtual world this can cause concern for Virtual Infrastructure admins, as they see lots of machines, using lots of memory, even when they're not doing anything. But this isn't a problem. The VM's are merely trying make as a good a use of the available system resources as possible. If your ESX becomes congested, then it'll instruct VMTools to start inflating balloon drivers. The first thing that the OS will dump from memory is the unnecessary stuff that's been optimistically loaded into memory but isn't actually providing any worth. This is good, efficient system operation.
Total
Total physical memory available to the OS
Cached
This is data that has been cached into memory to improve IO times. For example, open files that are being read or written to.
Cached memory pages are broadly speaking either...
- Standby - loaded into memory ready for use, and can be immediately dropped if required
- Modified - loaded into memory and since modified, and can be flushed to disk if required
Data in the cache can be written to disk (or dropped) if the memory space is required for something else to make space. Data in the cache does not get paged out to disk, its only in memory in the first place to improve access times, therefore if there's no space for it in physical memory, there's no point writing it to virtual memory.
Available
Physical memory that is immediately available for use. Equal to Free plus Standby Cached.
This is memory that can be immediately written to if required, it may currently contain cache data, but this data can be dropped and overwritten (does not need to written to disk 1st).
If your system has a available memory (more than 100MB or so - but really dependant on the workload its sustaining) then its not experiencing physical memory constraints.
Free
Physical memory space that is completely free, its not been populated with data.
In Use
Found in Resource Monitor
Memory that is populated and can't be immediately used for something else. Equal to Total - Standby
Modified
Found in Resource Monitor
Cached memory that has been modified since it was originally loaded in. It can be freed up on demand, but will need to be written to disk before it can be re-used
Standby
Found in Resource Monitor
Cached memory that has not been modified and can be dropped. It can be immediately freed up on demand.
Commit
Memory that the OS has committed to providing, to an application, normally shown as committed / total
. Total includes both physical and virtual memory.
An application can request an allocation of memory from the OS, for its own use, which the OS will set aside/reserve for it. When that allocation has been completed, that amount of memory has been committed.
Committed memory, needn't actually be populated with data, so needn't contribute to the amount in use. If you have no physical memory available, an application can still start and request an allocation. But that allocation will effectively be provided for by virtual memory.
Just because an application requests a large commit, and then doesn't populate it with data doesn't mean its misbehaving. Certain OS API calls will cause large Commits (eg MapViewOfFile), which means that have a decent amount of page file free is useful to ensure your system keeps running. I'd only consider reducing your page file to a small size on locked-down servers on which only certain thoroughly tested applications run.
Sources...
- http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx
- http://brandonlive.com/2010/02/21/measuring-memory-usage-in-windows-7/
- http://communities.vmware.com/thread/278778
- http://msdn.microsoft.com/en-us/library/windows/desktop/aa965225%28v=vs.85%29.aspx
Network Connectivity Status Indicator (NCSI)
NCSI is the feature that causes the "No Internet Access" alert pop-up that can appear over your network connection.
- An HTTP request for http://www.msftncsi.com/ncsi.txt
- Which returns a single line
Microsoft NCSI
- Which returns a single line
- A DNS request for dns.msftncsi.com
- Which is expected to resolve to 131.107.255.255
To disable NCSI checks
- Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
- Browse through to Internet Communication settings
- Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings
- Set Turn off Windows Network Connectivity Status Indicator active tests to Enabled
- Run
gpupdate
to apply
To disable the "No Internet Access" pop-up
- Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
- Browse through to Network Connections
- Computer Configuration > Administrative Templates > Network > Network Connections
- Set Do not show the “local access only” network icon to Enabled
- Run
gpupdate
to apply
The underlying settings that govern how NCSI operates can be found in the following registry key
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet
Further reading... http://technet.microsoft.com/en-us/library/ee126135%28WS.10%29.aspx http://defaultreasoning.wordpress.com/2010/05/14/disable-%E2%80%9Cno-internet-access%E2%80%9D-notification-on-windows-server-2008-r2/
Troubleshooting
Default Gateway Loss
Known bug in Windows 2008 SP2 causes the default gateway of a machine to disappear on reboot. Resolved by resetting the IP stack and re-entering the IP config
- Record IP details
ipconfig/all > C:\ipconfig.txt
- Reset the IP stack
netsh int ip reset
- Restart server
- Re-enter IP config
- Reboot to confirm its held
There's a bugfix available from http://support.microsoft.com/kb/973243
Scheduled Tasks
- Error 2147943712
- You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO.
- Error 2147943785
- Logon failure: the user has not been granted the requested logon type at this computer. Grant the user log on as a batch job rights in Local Security Policy, User Rights Assignment
Extend Partition Fails
Disk looks to have extended in disk manager, but file manager/windows explorer still show the old size
- Start
diskpart
from a command line - List the volumes, then select the appropriate one
list volume
select volume 2
- Extend the volume
extend filesystem
- If this fails, select the partition and extend
list partition
select partition 1
extend filesystem
- This can sometimes throw up disk errors, in which case you'll need to a check disk on the affected partition (if there are open file handles you'll either need to stop the applications or schedule after a reboot, and reboot)
- EG
chkdisk d: /f
- EG
- Then re-attempt the partition extension