Ron Williams IT Blog

If you experience a high handle count on a RMS,  apply the steps in http://support.microsoft.com/kb/938626/en-us   and apply KB951979.

If you still experience the problem, create an override to up to 50,000 handles, or create a recovery action to restart the health service.

Microsoft is aware and working on fix.

To measure health service handle count, open perfmon, and add the counter for Process>Handle Count>HealthService.exe

I recently had an issue where a client needed to quickly download and install all windows updates.  They originally had all clients pointed to a non-existent SUS server, so most of their servers and workstations were out of date.

We removed the line from the GPO that pointed the clients to the nonexistent SUS server, meaning that the agents will look on the internet for updates; however, they still didn’t get the updates.

Windows Update logs are located here:  %systemdrive%\windows\SoftwareDistribution

When I opened the log file, I saw several errors that looked like this: Windows Update Client failed to detect with error 0x80072efd.

There errors are due to the fact that windows update uses WINhttp, and the client had a proxy server configured, but did not have a proxy server set using proxcfg.

You can check to see if a proxy server is configured for WINhttp by typing proxycfg at the command prompt.

I wrote a batch script to run on all agents that updates the proxy for WINhttp, stops the windows update service, removes the registry keys that indicate when windows update last ran, restarts the service, then forces an update download.

Here is the script, save as a .bat file, and run at will!:

@echo off
REM ======================================================================
REM
REM Batch File
REM
REM NAME: Force Auto Updates Download
REM
REM AUTHOR: Ron Williams ,
REM DATE  : 4/8/2009
REM COMMENT  : Replace [proxyserverIP]:[proxyserverPort] with the ip and port of
REM              your proxy server in the format 192.168.1.2:8080  (no brackets)
REM ======================================================================

proxycfg -p [proxyserverIP]:[proxyserverPort]
net stop wuauserv
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f
REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f
Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f
net start wuauserv
wuauclt /detectnow

Environment Details: OpsMgr SP1 on Server 2008 Std 64-bit with the following OpsMgr hotfixes applied: KB951256, KB954049, and 954903.  These KB’s are request only, and cant be uninstalled using Programs and Features like a normal OS hotfix.

I had a MonitoringHost.exe application hang error on the RMS which was causing console crashes, high CPU usage, WerFault.exe high CPU usage, and general system instability.  I determined the error might be related to the installation of .NET 1.1 which was installed on the RMS and has known compatibility issues with Server 2008.
Here is the Application Hang error i was getting:
Log Name:      Application
Source:        Application Error
Date:          1/21/2009 9:21:41 AM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      RMS
Description:
Faulting application MonitoringHost.exe, version 6.0.6278.0, time stamp 0x47b71488, faulting module HealthServiceRuntime.dll, version 6.0.6278.0, time stamp 0x47b71484, exception code 0x40000015, fault offset 0x0000000000004321, process id 0xf24, application start time 0x01c97bdb36ec44ea.

My Original Plan For Troubleshooting:

1. Uninstall OpsMgr Console/Command Shell/Web Console (all of the .NET dependent components) using the Programs and Features control panel
2. Uninstall .NET 1.1 using Programs and Features control panel (NEVER TO BE INSTALLED AGAIN)
3. Remove the .NET 3.0 Feature using REMOVE FEATURE
4. Reboot
5. Reinstall only the .NET 3.0 feature using ADD FEATURE
6. Reinstall the OpsMgr Console/Command Shell/Web Console

So I uninstalled .NET 1.1, the OpsMgr console, command shell, and web console.  Then removed the .NET 3.0 feature, rebooted, and added the .NET 3.0 feature.

Then to reinstall the OpsMgr components, I double clicked the mom.msi from the OpsMgrSP1 media, chose Console, Shell, and Web Console and hit OK.  The got a huge glaring error that the installation failed because “The file F_Microsoft.MOM.UI.Console.exe.E6A9F744_14F8_46BE_9DA9_B6BAB981D36E cannot be installed because the file cannot be found in cabinet file Data.Cab.”

The following event was logged in the application log:

Log Name:      Application
Source:        MsiInstaller
Date:          1/21/2009 2:44:32 PM
Event ID:      11334
Task Category: None
Level:         Error
Keywords:      Classic
User:          FS\catapult
Computer:      RMS
Description:
Product: System Center Operations Manager 2007 -- Error 1334.The file F_Microsoft.MOM.UI.Console.exe.E6A9F744_14F8_46BE_9DA9_B6BAB981D36E cannot be installed because the file cannot be found in cabinet file Data.Cab. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.

The components would not reinstall, because the product version was different due to the hotfixes that were installed.  We figured out a way to trick the installer into thinking that this was a base SP1 install by deleting contents the following registry key, after backing up the registry key

HKEY_CLASSES_ROOT\Installer\Products\DF6E5EFF035E66C49971553D96AA0E4D\Patches\
(The long number starting with DF6E5 in the path would be different on another system).  I identified the right key location, because under the long number key name,  there is a value “ProductName” which is equal to “System Center Operations Manager”. 

I copied the current value of the “Patches” value to notepad then deleted the data in the value (E525AFA…), leaving the REG_MULTI_SZ value, but just emptying it.

After clearing this value, I was able to reinstall the console, command shell, and web console.

Then I restored the key’s original value, and have not seen any more application hang errors.

WHEW!!!

The best way to disable POP3 and IMAP monitoring in OpsMgr, is to disable the following monitors using overrides:

1. IMAPConnectivity
2. POPConnectivity

These are the only two monitors that you need to disable.

I accidentally disabled the Aggregate Rollup Monitor, instead of the actual monitor, which was causing me to continually get an unhealthy state on the rollup monitor, even though all the children monitors are healthy:

Here is the procedure for properly disabling POP3 and IMAP Monitoring in Operations Manager 2007

1. Open the OpsMgr console and navigate to Authoring>Management Pack Objects>Monitors
2. Click on Change Scope, and choose “Ex. Client Access”
3. Type “POPConnectivity” in the find box
4. Find the monitor labeled “POPConnectivity” which is located under MOM 2005  Computer Role Health>POP Connectivity>POPConnectivity
5. Make sure you choose the individual state monitor, NOT the aggregate rollup monitor.  The individual monitor is located under the aggregate rollup monitor
6. Right click on the individual state monitor labeled POPConnectivity and choose Overrides>Override the Monitor>For All Objects of type: Ex. Client Access
7. Set the Enabled parameter to FALSE
8. Choose a custom management pack for your override and click save
9. Do the same steps for the monitor labeled IMAPConnectivity

I had a persistent problem on one of my OpsMgr managed agents, who had an incorrect state rollup.  In other words, the parent monitor showed a warning state, even though all child monitors we in a healthy state.

I tried the accepted procedure of putting the health service and health service watcher in maintenance mode, waiting for the agent to show NOT MONITORED, then stopping maintenance mode, but this didnt work.

I resolved the issue by restarting the OpsMgr health service on the agent WHILE it was in maintenance mode, and the issue resolved.

I had email forwarding to my Blackberry from three sources:  My corporate email using a BES, and two online accounts hosted at yahoo and mail.com. 

I was getting an excess of 50 v!4gra and pr0mn spam messages on my blackberry per day, and it was getting really annoying.

I mean, in a perfect world, all email servers would be Exchange, and all would be protected by Forefront for Exchange, and all mobile devices would be windows mobile 6.1… But, at times, we must exist in conditions other than ideal :-)

In a previous position, I worked with Postini, which was acquired by Google about 2 years ago.  I remember that it was a really accurate scanning engine, and that it cut out most of my spam, and had very few false positives.

With that in mind, I signed up for a new Gmail account, forwarded my other two internet email addresses to Gmail, then enrolled the Gmail account on my blackberry.  I deleted email forwarding for the two original accounts.

It has been one week now, and i have only gotten 2 spam messages sent to my blackberry.  So thanks Google!

Maybe someday we can convince Google to use Exchange, but now I'm only dreaming….

My friend, Joe Stocker, the illustrious Director of IT at Catapult Systems, pointed out another way of blocking contextual ads.  I think it's a super cool idea:

From Joe:

Another way to do this is to download a copy of this hosts file which changes most ad companies to 127.0.0.1 (so your computer doesn’t route to their content). Ingenious, eh?

I got this from this MVP site:
http://www.mvps.org/winhelp2002/hosts.htm

I get really annoyed when I’m reading an article on a web site (thank you msnbc) and a contextually sensitive add pops up.  I use my mouse cursor to keep my place when I am reading an article, so it the ads really get in my way.

You can block them in IE7 by going to Tools>Intenet Options>Security> click on Restricted Sites then Sites.  Add the following two sites to Restricted Sites:

1. *.intellitxt.com

2. *.vibrantmedia.com

So you will never see one of these again!

EmailName =

oRecordSet.MoveFirst

FindAnyMDB =

varDestUser =

After upgrading to iTunes 8, my music streaming from iTunes to my stereo stopped working. I was getting the following error:

"An error occurred while connecting to the remote speaker 'speaker_name'. An unknown error occurred (-3256)."

I was running the latest firmware (6.3) on my Airport Express, and running iTunes 8.0 on Windows Vista SP1.  I tried reinstalling iTunes, AirPort Admin Utiliity, turning off AirTunes on the AirPort Admin utility, then turning it back on, but I was still getting the same error.

Finally I found info about the error in the Apple forums here: http://discussions.apple.com/thread.jspa?messageID=8225777 Upon investigation, it looked like that windows firewall was blocking the ports I needed.  But I knew my Windows Firewall Service was disabled (I know, I know, bad me...)

I tried to start the windows firewall service, and it failed with the following error in the System Event Log:

The Windows Firewall service terminated with service-specific error 5 (0x5).

UGH.  Found the following MS article: http://support.microsoft.com/kb/943996  Fixed the registry keys as required and got my firewall service started, and AirTunes worked!

I discovered iTunes 8.0 will not connect to remote speakers (at least on Windows Vista) if the Windows Firewall service is disabled or stopped.  I verified this by disabling the service again, and AirTunes stopped working.  Once I started the service, I was able to stream music.  yay

I know all my fellow OpsMgr peeps are saying they have known about this tool for a while, but I just started using it to enable proxying on a group of agents.  I scoffed at it before, because I prided myself in being able to use command line tools.  But this tool is just too helpful to ignore!

Download it here

from http://blogs.msdn.com/boris_yanushpolsky/archive/2007/08/02/enabling-proxying-for-agents.aspx

I searched the internets high and low to find out how to add ADSIedit to a Server 2008 member server.  In previous versions of Windows, you installed ADSIedit and the other Windows Support Tools from the server installation media.  One of the main benefits of Server 2008 is that you should never have to insert the installation media again after the initial install.  No more being asked to insert the Windows 2003 SP2 CD (did this CD ever really exist?? I didn't think so...)

The Windows Support Tools are now included in the RSAT (Remote Server Administration Tools) and can be installed as features in Server 2008. 

ADSIedit is part of the Active Directory Domain Controller Tools feature, and can be added by following these steps:

1. In Server Manager, click on Features, then Add Features in the right pane
2. Expand Remote Server Administration Tools>Role Administration Tools>Active Directory Domain Services Tools
3. Put a check next to Active Directory Domain Controller Tools
4. Click Next, then Install

Cameron Fuller let me know that these tools are also installed when you add the Active Directory Role to a server.

I installed SQL 2005 Std 64-bit Reporting Services using a default configuration on a clean install of Server 2008.  I followed all the steps in Microsoft’s KB http://support.microsoft.com/kb/938245 entitled “How to install and how to configure SQL Server 2005 Reporting Services on a computer that is running Windows Server 2008” but was still getting an error when browsing to http://localhost/reports or http://servername/reports :

“Error.  Unable to connect to the remote server”

Here is how I fixed it:

1. In IIS 7 Manager, highlight the ReportServer application
2. In right pane click on Handler Mappings
3. Click Edit Feature Permissions in the Actions Pane
4. Enable Script and Execute.
5. Click OK
6. Restart IIS and SQL Reporting Services service

I found the solution here:

http://blog.dastrup.com/?p=48

1. It prompts the user for the SMTP server address, for the name of the RMS, and for the sender's email address. 
2. It creates a shared folder on the RMS for the script and MP xml to reside
3. It copies the script and the xml file to the shared folder
4. It replaces text in the script with the SMTP servername and with the sender address
5. Replaces text in the xml file with the RMS servername
6. Imports the script into OpsMgr (using supercool OpsMgr SDK)

Here are the alert parameters that are sent in the email:

Let me know if you have any questions about it. 

RON DOT WILLIAMS AT MAIL DOT COM

I recently decided installed Server 2008 with Hyper-V on my laptop and migrated all my virtual PC machines. 

If you use a Server 2008 32-bit vhd created in Virtual PC, you may not be able to install and use Hyper-V integration services.  The mouse service will not perform correctly and your network devices will not show up.  The VMbus will show a warning yellow icon in device manager and will say that there aren’t enough IRQ’s to load the bus.

In MSCONFIG, I changed the advanced boot options to check HAL when loading boot.ini and it fixed the problem.

I just realized, after much pre-deployment fretting, that it is very simple to assign multiple action accounts to the Active Directory Management pack.  Domain controllers in different domains need different action accounts for Active Directory monitoring to work.

Here is how you do it:

1. Go to OpsMgr console>Administration>Security>Run As Accounts.

2. Create an new action account for each of the domains that you will be monitoring.  Use “windows” as the type, and be careful typing the password, they are not validated in this field.

3. Go to Administration>Security>Run As Profiles and double click AD MP Account.  Click on the Run As Accounts Tab

4. Associate the account to each domain controller by clicking on New…  You must manually select each domain controller and choose an account on a by-machine basis.

I have a meeting at one of my really large clients, and for some reason I was a little nervous.  I found a some helpful links related to being a better presenter.  Basically they say to not try to avoid nervousness, but to work with it and accept it for what it is:

http://presenting2007.blogspot.com/2007/02/notes-on-being-nervous.html

http://www.professionalspeakers.org/cgi-bin/allegro.pl?article115

http://www.thepublicspeakingsite.com/

http://eirikso.com/2008/06/04/what-to-do-if-you-are-nervous-when-presenting/ 

I had a client who wanted some helpful links to articles about Outlook Anywhere.  Here is what i found:

Configuring Outlook Anywhere

http://exchange-genie.blogspot.com/2008/02/configuring-outlook-anywhere-for.html

How to Configure Outlook Anywhere in Exchange 2007

http://technet.microsoft.com/en-us/library/cc179036(TechNet.10).aspx

Tutorial on Setting Up Outlook Anywhere with ISA (ignore the ISA part)

http://www.msexchange.org/tutorials/Outlook-Anywhere-2007-ISA-Server-2006.html

Configuring an Outlook 2003 Client:

http://www.msexchange.org/tutorials/outlookrpchttp.html

You for any client not running outlook 2007, you will have to manually configure the rpc over http settings.  Outlook 2007 will automatically configure itself using the autodiscover feature

System Center Capacity Planner Download

http://technet.microsoft.com/en-us/sccp/bb969059.aspx

Technet Articles:

http://technet.microsoft.com/en-us/library/bb123741.aspx

http://technet.microsoft.com/en-us/library/7f885b45-cbd4-4349-bdd2-bc1f30fbe1b4.aspx

Last week, I took 70-400 to get my MCTS:Microsoft System Center Operations Manager 2007, Configuring.
The test was harder than I thought; I got an 860 but had expected I would do better than that.

Here is what I remember about the test:

· 47 total questions, 2 hours long

· All multiple choice with four answers

· There weren’t any “All of These” or “None of these” answer possibilities

· About 5 questions that allow multiple answers, but all specify the total number of answers that you choose, ie “choose two of the following.”

· There weren’t any definition questions

· All the questions were task-based and follow the format: You would like to <do something>.  In order to accomplish this you must <choose answer>.

· Several questions related to backup/restore.  Study different backup/restore scenarios, especially related to the loss of an RMS

· Know how to replicate an environment in a lab by copying the databases and restoring the encryption key

· Know which roles to which restore the encryption key

· Study SecureStorageBackup.exe syntax

· Study ManagementServerConfigTool.exe PromoteRMS syntax

· Study the export-managementpack cmdlet syntax

·  Know how to install a Gateway server to monitor servers in a DMZ

· Know how to authenticate agents using certificates in a DMZ, and how to use MOMcertimport.exe

· Study Audit Collection Services know how to turn it on and off on agents, and how to install on the server.  Also remember that you cant install on a server that is clustered.

· Study Agentless Exception Monitoring, know how to filter the results so not all exceptions are sent to MS

· Know how to use overrides to target a MP to a specific type of target (like all Server 2003 domain controllers for example)

· Remember that to discover cluster resources, you have to turn on agent proxying on the physical nodes

· Remember that to see reports related to specific MP’s, you have to import the MP’s

· Know the basic steps for creating a distributed application

· Know how to monitor a web site using synthetic transactions, and remember what situations would be appropriate for monitoring a site using synthetic transactions

· Know when to create a diagnostic task vs. a recovery task

· Know the difference between a console task an agent task