2,187
edits
(→Disable ASLR: Updated with argument for and against) |
m (→Scheduled Tasks: Added note to 0x8007010B) |
||
(16 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Build == | == Build == | ||
Best practice for VMs (take with a pinch of salt) | Best practice for VMware VMs (take with a pinch of salt, one man's best practice can be another man's gotcha) | ||
* http://communities.vmware.com/servlet/JiveServlet/downloadBody/12309-102-4-13348/vFiltered-windows2008best%20practices.pdf | * http://communities.vmware.com/servlet/JiveServlet/downloadBody/12309-102-4-13348/vFiltered-windows2008best%20practices.pdf | ||
Line 14: | Line 14: | ||
# Sysprep will run and reboot the OS | # Sysprep will run and reboot the OS | ||
#* You'll need to provide a ''new'' password, and any hostname and IP details will need updating | #* You'll need to provide a ''new'' password, and any hostname and IP details will need updating | ||
=== NTP Client === | |||
Machines that are part of a domain will synchronise their time with the domain controllers, but standalone machines (or domain controllers) need to be configured to behave as NTP clients. | |||
The server's NTP config in the registry hive '''<code>HKLM\SYSTEM\CurrentControlSet\Services\W32Time</code>''' needs to be updated as follows to enable the server's system clock to update via NTP. Restart the NTP service to apply. | |||
{|class="vwikitable" | |||
|- | |||
! Key !! Name !! Value !! Notes | |||
|- | |||
| rowspan=2 | Parameters || Type || NTP | |||
|- | |||
| NtpServer || 192.168.206.25,0x1 192.168.206.26,0x1 || Space separated list, each name/IP must have <code>,0x1</code> appended to the end | |||
|- | |||
| TimeProviders \ NtpServer || Enabled || 1 || Only required if you wish other servers to be able to poll your server for time | |||
|- | |||
| TimeProviders \ NtpClient || SpecialPollInterval || 1800 || Secs. Interval between successive NTP polls | |||
|- | |||
| rowspan=4 |Config || AnnounceFlags || 5 | |||
|- | |||
| MaxAllowedPhaseOffset || 30 || Secs. If clock if off by more, its' abruptly set rather than incremented | |||
|- | |||
| MaxPosPhaseCorrection || 5400 || Secs. Maximum positive phase correction allowed (if greater, no change occurs) | |||
|- | |||
| MaxNegPhaseCorrection || 5400 || Secs. Maximum negative phase correction allowed (if greater, no change occurs) | |||
|} | |||
Once completed, restart the Win32 Time service | |||
* <code> net stop w32time </code> | |||
* <code> net start w32time </code> | |||
To locate suitable NTP servers to use, see http://www.pool.ntp.org/ | |||
See http://support.microsoft.com/kb/816042 for further info on setting the above parameters | |||
== Network Connectivity Status Indicator (NCSI) == | |||
NCSI is the feature that causes the "No Internet Access" alert pop-up that can appear over your network connection. | |||
* An HTTP request for http://www.msftncsi.com/ncsi.txt | |||
** Which returns a single line <code>Microsoft NCSI</code> | |||
* A DNS request for dns.msftncsi.com | |||
** Which is expected to resolve to 131.107.255.255 | |||
To disable NCSI checks | |||
# Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc) | |||
# Browse through to '''Internet Communication settings''' | |||
#* '''Computer Configuration > Administrative Templates > System > Internet Communication Management > Internet Communication settings''' | |||
# Set '''Turn off Windows Network Connectivity Status Indicator active tests''' to '''Enabled''' | |||
# Run <code> gpupdate </code> to apply | |||
To disable the "No Internet Access" pop-up | |||
# Start the relevant Group Policy editor (gpmc.msc or GPEdit.msc) | |||
# Browse through to '''Network Connections''' | |||
#* '''Computer Configuration > Administrative Templates > Network > Network Connections''' | |||
# Set '''Do not show the “local access only” network icon''' to '''Enabled''' | |||
# Run <code> gpupdate </code> to apply | |||
The underlying settings that govern how NCSI operates can be found in the following registry key | |||
* <code> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc\Parameters\Internet </code> | |||
Further reading... | |||
http://technet.microsoft.com/en-us/library/ee126135%28WS.10%29.aspx | |||
http://defaultreasoning.wordpress.com/2010/05/14/disable-%E2%80%9Cno-internet-access%E2%80%9D-notification-on-windows-server-2008-r2/ | |||
== Troubleshooting == | == Troubleshooting == | ||
Line 29: | Line 92: | ||
=== Scheduled Tasks === | === Scheduled Tasks === | ||
'''Error 2147943712''' | More common scheduled task error codes... | ||
You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO. | {|class="vwikitable" | ||
|- | |||
! Code !! Constant || Cause / meaning | |||
|- | |||
| 0x0 || || Success / no error | |||
|- | |||
| 0x1 || || Incorrect function called or unknown function called. Can also be caused by file permission problems. | |||
|- | |||
| 0x2 || || File not found | |||
|- | |||
| 0xa || || The environment is incorrect | |||
|- | |||
| 0x41300 || SCHED_S_TASK_READY || Task is ready to run at its next scheduled time | |||
|- | |||
| 0x41301 || SCHED_S_TASK_RUNNING || Task is currently running | |||
|- | |||
| 0x41302 || SCHED_S_TASK_DISABLED || Task is disabled | |||
|- | |||
| 0x41303 || SCHED_S_TASK_HAS_NOT_RUN || Task has not yet run | |||
|- | |||
| 0x41304 || SCHED_S_TASK_NO_MORE_RUNS || No more scheduled runs for the task | |||
|- | |||
| 0x41305 || SCHED_S_TASK_NOT_SCHEDULED || One or more of the config properties needed to run the task on a schedule have not been set | |||
|- | |||
| 0x41306 || SCHED_S_TASK_TERMINATED || Task was terminated by user | |||
|- | |||
| 0x41307 || SCHED_S_TASK_NO_VALID_TRIGGERS || Task either has no triggers or the existing triggers are disabled or not set | |||
|- | |||
| 0x41308 || SCHED_S_EVENT_TRIGGER || Event triggers do not have set run times | |||
|- | |||
| 0x4131B || SCHED_S_SOME_TRIGGERS_FAILED || Task is registered, but not all specified triggers will start the task | |||
|- | |||
| 0x4131C || SCHED_S_BATCH_LOGON_PROBLEM || Task is registered, but may fail to start. Batch logon privilege needs to be enabled for the task principal. | |||
|- | |||
| 0x41325 || SCHED_S_TASK_QUEUED || Task Scheduler service has asked the task to run | |||
|- | |||
| 0x80041309 || SCHED_E_TRIGGER_NOT_FOUND || Task's trigger is not found | |||
|- | |||
| 0x8004130A || SCHED_E_TASK_NOT_READY || One or more of the properties required to run this task have not been set | |||
|- | |||
| 0x8004130B || SCHED_E_TASK_NOT_RUNNING || There is no running instance of the task | |||
|- | |||
| 0x8004130C || SCHED_E_SERVICE_NOT_INSTALLED || Task Scheduler service is not installed | |||
|- | |||
| 0x8004130D || SCHED_E_CANNOT_OPEN_TASK || Task object could not be opened | |||
|- | |||
| 0x8004130E || SCHED_E_INVALID_TASK || The object is either an invalid task object or is not a task object | |||
|- | |||
| 0x8004130F || SCHED_E_ACCOUNT_INFORMATION_NOT_SET || No account information could be found in the Task Scheduler security database for the task | |||
|- | |||
| 0x80041310 || SCHED_E_ACCOUNT_NAME_NOT_FOUND || Unable to establish existence of the account specified | |||
|- | |||
| 0x80041311 || SCHED_E_ACCOUNT_DBASE_CORRUPT || Task Scheduler security database has been reset due to detected corruption | |||
|- | |||
| 0x80041312 || SCHED_E_NO_SECURITY_SERVICES || Task Scheduler security services are available only on Windows NT | |||
|- | |||
| 0x80041313 || SCHED_E_UNKNOWN_OBJECT_VERSION || Task object version is unsupported or invalid | |||
|- | |||
| 0x80041314 || SCHED_E_UNSUPPORTED_ACCOUNT_OPTION || Task has unsupported/conflicting combination of account settings and run time options | |||
|- | |||
| 0x80041315 || SCHED_E_SERVICE_NOT_RUNNING || Task Scheduler Service is not running | |||
|- | |||
| 0x80041316 || SCHED_E_UNEXPECTEDNODE || Task's XML contains an unexpected node (corruption?) | |||
|- | |||
| 0x80041317 || SCHED_E_NAMESPACE || Task's XML contains an element or attribute from an unexpected namespace | |||
|- | |||
| 0x80041318 || SCHED_E_INVALIDVALUE || Task's XML contains a value which is incorrectly formatted or out of range | |||
|- | |||
| 0x80041319 || SCHED_E_MISSINGNODE || Task's XML is missing a required element or attribute | |||
|- | |||
| 0x8004131A || SCHED_E_MALFORMEDXML || Task's XML is malformed | |||
|- | |||
| 0x8004131D || SCHED_E_TOO_MANY_NODES || Task's XML contains too many nodes of the same type | |||
|- | |||
| 0x8004131E || SCHED_E_PAST_END_BOUNDARY || Task cannot be started after the trigger end boundary | |||
|- | |||
| 0x8004131F || SCHED_E_ALREADY_RUNNING || An instance of this task is already running | |||
|- | |||
| 0x80041320 || SCHED_E_USER_NOT_LOGGED_ON || Task will not run because the user is not logged on | |||
|- | |||
| 0x80041321 || SCHED_E_INVALID_TASK_HASH || Task image is corrupt or has been tampered with | |||
|- | |||
| 0x80041322 || SCHED_E_SERVICE_NOT_AVAILABLE || Task Scheduler service is not available | |||
|- | |||
| 0x80041323 || SCHED_E_SERVICE_TOO_BUSY || Task Scheduler service is too busy to handle request | |||
|- | |||
| 0x80041324 || SCHED_E_TASK_ATTEMPTED || Task Scheduler service attempted to run the task, but it did not run due to one of the constraints in the task definition | |||
|- | |||
| 0x80041326 || SCHED_E_TASK_DISABLED || Task is disabled | |||
|- | |||
| 0x80041327 || SCHED_E_TASK_NOT_V1_COMPAT || Task has properties that are not compatible with earlier versions of Windows | |||
|- | |||
| 0x80041328 || SCHED_E_START_ON_DEMAND || Task's settings do not allow the task to start on demand | |||
|- | |||
| 0x8007010B || || The ''start in'' folder path is invalid. Note that quotation marks around paths with spaces in are not required, and will cause this error if used. | |||
|- | |||
| 0x800704DD || || The service is not available (is ''Run only when an user is logged on'' checked?) | |||
|- | |||
| 0xC000013A || || The task was terminated, user pressed Ctrl+C | |||
|- | |||
| 0xC06D007E || || Unknown software exception | |||
|} | |||
The above was sourced from... | |||
* http://msdn.microsoft.com/en-us/library/aa383604 | |||
* http://ict.ken.be/scheduled-task-exit-result-and-error-codes.aspx | |||
Other scheduler errors... | |||
* '''Error 2147943712''' | |||
** You're trying to save a task that wants to save credentials (maybe because you want the task to run even when the user is logged off), but credential saving has been disabled by a GPO. | |||
* '''Error 2147943785''' | |||
** Logon failure: the user has not been granted the requested logon type at this computer. Grant the user ''log on as a batch job'' rights in Local Security Policy, User Rights Assignment | |||
=== Extend Partition Fails === | |||
Disk looks to have extended in disk manager, but file manager/windows explorer still show the old size | |||
# Start <code> diskpart </code> from a command line | |||
# List the volumes, then select the appropriate one | |||
#* <code> list volume </code> | |||
#* <code> select volume 2 </code> | |||
# Extend the volume | |||
#* <code> extend filesystem </code> | |||
# If this fails, select the partition and extend | |||
#* <code> list partition </code> | |||
#* <code> select partition 1 </code> | |||
#* <code> extend filesystem </code> | |||
# This can sometimes throw up disk errors, in which case you'll need to a check disk on the affected partition (if there are open file handles you'll either need to stop the applications or schedule after a reboot, and reboot) | |||
#* EG <code> chkdisk d: /f </code> | |||
# Then re-attempt the partition extension | |||
=== Re-Add Server to Domain === | |||
Sometimes the domain membership of a server becomes broken, needing the server to be re-added to the domain. In order to perform you need... | |||
* A domain administrator account | |||
** Or at least a domain account with permissions to add/remove machines from the domain | |||
* A local administrator account | |||
** Or a domain account that has recently logged into the server, that has admin rights over it | |||
If you don't have any account that can be a local administrator of the server, you'll need to break into your server. There are utilities on the web that let you boot to a recovery CD/ISO, and overwrite the admin password. I haven't used any of these since NT4 days, so can't comment how capable they are today. | |||
# Log into the server as a local admin | |||
#* If you don't have the password, but have logged on previously with a domain account that has admin rights over the server | |||
#*# Disconnect the server from the network | |||
#*# Login with the domain account that has admin rights (this forces the server to use locally cached credentials, rather than validating with the domain) | |||
#*# Reconnect to network | |||
#*# Change the local admin password to something you'll remember (you must do this otherwise you'll lose access once the machine is off the domain!) | |||
# Go to '''System Properties''' and record the name of the current domain | |||
# Then change the domain membership to '''Workgroup''' (provide a dummy workgroup name, ''WORKGROUP'' is the defalt for new machines) | |||
# Provide a domain account that has rights to remove a server from the domain | |||
# If successful you should get a pop-up stating ''Welcome to the WORKGROUP workgroup'', and then a prompt to restart | |||
# Go back into '''System Properties''' and change the domain membership to '''Domain''', supplying the original domain name | |||
# Provide a domain account that has rights to add a server to the domain | |||
# If successful you should get a pop-up stating ''Welcome to the <domain> domain'', and then a prompt to restart | |||
[[Category:Microsoft]] | |||
[[Category:Windows]] | |||
[[Category:Windows 2008]] |