Difference between revisions of "Windows 2008"

Jump to navigation Jump to search

Windows 2008 (view source)

Revision as of 11:52, 7 May 2019

12,858 bytes added ,  11:52, 7 May 2019
m
→‎Scheduled Tasks: Added note to 0x8007010B
(Added "Sysprep")
m (→‎Scheduled Tasks: Added note to 0x8007010B)
 
(18 intermediate revisions by the same user not shown)
Line 1: Line 1:
== Build ==
== Build ==
* Best practice for VMs: http://communities.vmware.com/servlet/JiveServlet/downloadBody/12309-102-4-13348/vFiltered-windows2008best%20practices.pdf
Best practice for VMware VMs (take with a pinch of salt, one man's best practice can be another man's gotcha)
* http://communities.vmware.com/servlet/JiveServlet/downloadBody/12309-102-4-13348/vFiltered-windows2008best%20practices.pdf
 
=== Disable ASLR ===
Address space layout randomisation is a feature which involves randomly arranging the positions of key data areas, in order to mitigate memory snapshot image vulnerabilities (which is generally not a problem).  There are suggestions that this can reduce reduce VMware's page sharing between VM's, increasing overall physical memory usage.  However, its probably true that whilst memory page locations will be randomised, the VMkernel will still be able to match up identical pages between different OS instances.
 
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\"MoveImages"=dword:00000000


== Procedures ==
== Procedures ==
Line 8: Line 14:
# Sysprep will run and reboot the OS
# Sysprep will run and reboot the OS
#* You'll need to provide a ''new'' password, and any hostname and IP details will need updating
#* You'll need to provide a ''new'' password, and any hostname and IP details will need updating
=== NTP Client ===
Machines that are part of a domain will synchronise their time with the domain controllers, but standalone machines (or domain controllers) need to be configured to behave as NTP clients.
The server's NTP config in the registry hive '''<code>HKLM\SYSTEM\CurrentControlSet\Services\W32Time</code>''' needs to be updated as follows to enable the server's system clock to update via NTP.  Restart the NTP service to apply.
{|class="vwikitable"
|-
! Key                      !! Name                  !! Value              !! Notes
|-
| rowspan=2 | Parameters              || Type                  || NTP
|-
| NtpServer            || 192.168.206.25,0x1 192.168.206.26,0x1 || Space separated list, each name/IP must have <code>,0x1</code> appended to the end
|-
| TimeProviders \ NtpServer  || Enabled              || 1                || Only required if you wish other servers to be able to poll your server for time
|-
| TimeProviders \ NtpClient  || SpecialPollInterval  || 1800            || Secs. Interval between successive NTP polls
|-
| rowspan=4 |Config                  || AnnounceFlags        || 5
|-
| MaxAllowedPhaseOffset || 30                || Secs. If clock if off by more, its' abruptly set rather than incremented
|-
| MaxPosPhaseCorrection || 5400              || Secs. Maximum positive phase correction allowed (if greater, no change occurs)
|-
| MaxNegPhaseCorrection || 5400              || Secs. Maximum negative phase correction allowed (if greater, no change occurs)
|}
Once completed, restart the Win32 Time service
* <code> net stop w32time </code>
* <code> net start w32time </code>
To locate suitable NTP servers to use, see http://www.pool.ntp.org/
See http://support.microsoft.com/kb/816042 for further info on setting the above parameters
== Network Connectivity Status Indicator (NCSI) ==
NCSI is the feature that causes the "No Internet Access" alert pop-up that can appear over your network connection.
* An HTTP request for http://www.msftncsi.com/ncsi.txt
** Which returns a single line <code>Microsoft NCSI</code>
* A DNS request for dns.msftncsi.com
** Which is expected to resolve to 131.107.255.255
To disable NCSI checks
# Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
# Browse through to '''Internet Communication settings'''
#* '''Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings'''
# Set '''Turn off Windows Network Connectivity Status Indicator active tests''' to '''Enabled'''
# Run <code> gpupdate </code> to apply
To disable the "No Internet Access" pop-up
# Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc)
# Browse through to '''Network Connections'''
#* '''Computer Configuration > Administrative Templates > Network > Network Connections'''
# Set '''Do not show the “local access only” network icon''' to '''Enabled'''
# Run <code> gpupdate </code> to apply
The underlying settings that govern how NCSI operates can be found in the following registry key
* <code> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet </code>
Further reading...
http://technet.microsoft.com/en-us/library/ee126135%28WS.10%29.aspx
http://defaultreasoning.wordpress.com/2010/05/14/disable-%E2%80%9Cno-internet-access%E2%80%9D-notification-on-windows-server-2008-r2/


== Troubleshooting ==
== Troubleshooting ==
Line 23: Line 92:


=== Scheduled Tasks ===
=== Scheduled Tasks ===
'''Error 2147943712'''
More common scheduled task error codes...
You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO.
{|class="vwikitable"
|-
! Code        !! Constant                || Cause / meaning
|-
| 0x0        ||                        || Success / no error
|-
| 0x1        ||                        || Incorrect function called or unknown function called.  Can also be caused by file permission problems.
|-
| 0x2        ||                        || File not found
|-
| 0xa        ||                        || The environment is incorrect
|-
| 0x41300    || SCHED_S_TASK_READY            || Task is ready to run at its next scheduled time
|-
| 0x41301    || SCHED_S_TASK_RUNNING          || Task is currently running
|-
| 0x41302    || SCHED_S_TASK_DISABLED          || Task is disabled
|-
| 0x41303    || SCHED_S_TASK_HAS_NOT_RUN      || Task has not yet run
|-
| 0x41304    || SCHED_S_TASK_NO_MORE_RUNS      || No more scheduled runs for the task
|-
| 0x41305    || SCHED_S_TASK_NOT_SCHEDULED    || One or more of the config properties needed to run the task on a schedule have not been set
|-
| 0x41306    || SCHED_S_TASK_TERMINATED        || Task was terminated by user
|-
| 0x41307    || SCHED_S_TASK_NO_VALID_TRIGGERS || Task either has no triggers or the existing triggers are disabled or not set
|-
| 0x41308    || SCHED_S_EVENT_TRIGGER          || Event triggers do not have set run times
|-
| 0x4131B    || SCHED_S_SOME_TRIGGERS_FAILED  || Task is registered, but not all specified triggers will start the task
|-
| 0x4131C    || SCHED_S_BATCH_LOGON_PROBLEM    || Task is registered, but may fail to start. Batch logon privilege needs to be enabled for the task principal.
|-
| 0x41325    || SCHED_S_TASK_QUEUED            || Task Scheduler service has asked the task to run
|-
| 0x80041309  || SCHED_E_TRIGGER_NOT_FOUND      || Task's trigger is not found
|-
| 0x8004130A  || SCHED_E_TASK_NOT_READY        || One or more of the properties required to run this task have not been set
|-
| 0x8004130B  || SCHED_E_TASK_NOT_RUNNING      || There is no running instance of the task
|-
| 0x8004130C  || SCHED_E_SERVICE_NOT_INSTALLED  || Task Scheduler service is not installed
|-
| 0x8004130D  || SCHED_E_CANNOT_OPEN_TASK      || Task object could not be opened
|-
| 0x8004130E  || SCHED_E_INVALID_TASK          || The object is either an invalid task object or is not a task object
|-
| 0x8004130F  || SCHED_E_ACCOUNT_INFORMATION_NOT_SET || No account information could be found in the Task Scheduler security database for the task
|-
| 0x80041310  || SCHED_E_ACCOUNT_NAME_NOT_FOUND || Unable to establish existence of the account specified
|-
| 0x80041311  || SCHED_E_ACCOUNT_DBASE_CORRUPT  || Task Scheduler security database has been reset due to detected corruption
|-
| 0x80041312  || SCHED_E_NO_SECURITY_SERVICES  || Task Scheduler security services are available only on Windows NT
|-
| 0x80041313  || SCHED_E_UNKNOWN_OBJECT_VERSION || Task object version is unsupported or invalid
|-
| 0x80041314  || SCHED_E_UNSUPPORTED_ACCOUNT_OPTION || Task has unsupported/conflicting combination of account settings and run time options
|-
| 0x80041315  || SCHED_E_SERVICE_NOT_RUNNING    || Task Scheduler Service is not running
|-
| 0x80041316  || SCHED_E_UNEXPECTEDNODE        || Task's XML contains an unexpected node (corruption?)
|-
| 0x80041317  || SCHED_E_NAMESPACE              || Task's XML contains an element or attribute from an unexpected namespace
|-
| 0x80041318  || SCHED_E_INVALIDVALUE          || Task's XML contains a value which is incorrectly formatted or out of range
|-
| 0x80041319  || SCHED_E_MISSINGNODE            || Task's XML is missing a required element or attribute
|-
| 0x8004131A  || SCHED_E_MALFORMEDXML          || Task's XML is malformed
|-
| 0x8004131D  || SCHED_E_TOO_MANY_NODES        || Task's XML contains too many nodes of the same type
|-
| 0x8004131E  || SCHED_E_PAST_END_BOUNDARY      || Task cannot be started after the trigger end boundary
|-
| 0x8004131F  || SCHED_E_ALREADY_RUNNING        || An instance of this task is already running
|-
| 0x80041320  || SCHED_E_USER_NOT_LOGGED_ON    || Task will not run because the user is not logged on
|-
| 0x80041321  || SCHED_E_INVALID_TASK_HASH      || Task image is corrupt or has been tampered with
|-
| 0x80041322  || SCHED_E_SERVICE_NOT_AVAILABLE  || Task Scheduler service is not available
|-
| 0x80041323  || SCHED_E_SERVICE_TOO_BUSY      || Task Scheduler service is too busy to handle request
|-
| 0x80041324  || SCHED_E_TASK_ATTEMPTED        || Task Scheduler service attempted to run the task, but it did not run due to one of the constraints in the task definition
|-
| 0x80041326  || SCHED_E_TASK_DISABLED          || Task is disabled
|-
| 0x80041327  || SCHED_E_TASK_NOT_V1_COMPAT    || Task has properties that are not compatible with earlier versions of Windows
|-
| 0x80041328  || SCHED_E_START_ON_DEMAND        || Task's settings do not allow the task to start on demand
|-
| 0x8007010B  ||                                || The ''start in'' folder path is invalid.  Note that quotation marks around paths with spaces in are not required, and will cause this error if used.
|-
| 0x800704DD  ||                                || The service is not available (is ''Run only when an user is logged on'' checked?)
|-
| 0xC000013A  ||                                || The task was terminated, user pressed Ctrl+C
|-
| 0xC06D007E  ||                                || Unknown software exception
|}
The above was sourced from...
* http://msdn.microsoft.com/en-us/library/aa383604
* http://ict.ken.be/scheduled-task-exit-result-and-error-codes.aspx
 
Other scheduler errors...
* '''Error 2147943712'''
** You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO.
* '''Error 2147943785'''
** Logon failure: the user has not been granted the requested logon type at this computer.  Grant the user ''log on as a batch job'' rights in Local Security Policy, User Rights Assignment
 
=== Extend Partition Fails ===
Disk looks to have extended in disk manager, but file manager/windows explorer still show the old size
# Start <code> diskpart </code> from a command line
# List the volumes, then select the appropriate one
#* <code> list volume </code>
#* <code> select volume 2 </code>
# Extend the volume
#* <code> extend filesystem </code>
# If this fails, select the partition and extend
#* <code> list partition </code>
#* <code> select partition 1 </code>
#* <code> extend filesystem </code>
# This can sometimes throw up disk errors, in which case you'll need to a check disk on the affected partition (if there are open file handles you'll either need to stop the applications or schedule after a reboot, and reboot)
#* EG <code> chkdisk d: /f </code>
# Then re-attempt the partition extension
 
=== Re-Add Server to Domain ===
Sometimes the domain membership of a server becomes broken, needing the server to be re-added to the domain.  In order to perform you need...
* A domain administrator account
** Or at least a domain account with permissions to add/remove machines from the domain
* A local administrator account
** Or a domain account that has recently logged into the server, that has admin rights over it
 
If you don't have any account that can be a local administrator of the server, you'll need to break into your server.  There are utilities on the web that let you boot to a recovery CD/ISO, and overwrite the admin password.  I haven't used any of these since NT4 days, so can't comment how capable they are today.
 
# Log into the server as a local admin
#* If you don't have the password, but have logged on previously with a domain account that has admin rights over the server
#*# Disconnect the server from the network
#*# Login with the domain account that has admin rights (this forces the server to use locally cached credentials, rather than validating with the domain)
#*# Reconnect to network
#*# Change the local admin password to something you'll remember (you must do this otherwise you'll lose access once the machine is off the domain!)
# Go to '''System Properties''' and record the name of the current domain
# Then change the domain membership to '''Workgroup''' (provide a dummy workgroup name, ''WORKGROUP'' is the defalt for new machines)
# Provide a domain account that has rights to remove a server from the domain
# If successful you should get a pop-up stating ''Welcome to the WORKGROUP workgroup'', and then a prompt to restart
# Go back into '''System Properties''' and change the domain membership to '''Domain''', supplying the original domain name
# Provide a domain account that has rights to add a server to the domain
# If successful you should get a pop-up stating ''Welcome to the <domain> domain'', and then a prompt to restart
 
[[Category:Microsoft]]
[[Category:Windows]]
[[Category:Windows 2008]]
Retrieved from ‘https://vwiki.co.uk/index.php?title=Special:MobileDiff/1055...2712

Navigation menu