I’d like to share some of the things I look at while do a health check on a server. Its funny how few resources there are out there on the Internet. I believe people keep this kind of stuff to them self because they are scared they are going to miss something and they will never live it down. My response to that is, So What! Heck, I don’t claim to know it all but why not share what I do know and maybe others can share via the Comments!!!
When I’m troubleshooting I like to compartmentalize what I'm looking for. With that my health checks are set up the same way. I also believe health checks are quick snapshots of the health of a server. Sure there are tools that you can use to analyze systems further but in this case we are doing a quick health check. Not all of these need to be done but some should, you get to decide.
CPU
Occasional high CPU spikes are ok as long as you are aware of the process causing this. A server should maintain 80% CPU utilization for an extended period of time. If it does it may be time to upgrade. Its a good idea to keep Task Manager open during the duration of your troubleshooting to see trends.
Check CPU Usage
-
Open Task Manager
-
Check the Processes tab, ensure there are no processes consuming excessive CPU
-
Check the Performance tab, ensure there are no single CPU’s that have excessive CPU usage
Check CPU HW
-
Open Device Manager (right click computer –> Manage)
-
Ensure that no CPU’s have red X or yellow ! underneath the Processors
Processes
This is one area that you may not want to do for quick health checks but is something you should be familiar with. Task Manager only gives you basic info on processes and you will find that you may need to dig a bit deeper. For that I recommend Process Monitor from the great SysInternal tools. Process Explorer can also be used. In fact download and play with all these tools…they will save your bacon, I guarantee it.
In-Depth Check
SysInternals:
Copy Process Monitor locally, then launch it.
- Analyze each process and watch what operations open the reg keys, file etc.
Copy Process Explorer locally, then launch it.
- Analyze each process based upon the number of threads, handles, loaded DLL’s, etc.
Two great webcasts can be viewed here to see these types of tools in action.
Memory
General rule of thumb is to make sure the general memory utilization does not exceed 80%within a given period of time.
Check Memory Availability
- Open Task Manager
-
Select the Performance tab
-
Look at the Physical memory box, and multiply the total memory by .2
-
If the total available memory is less than this number then the box is currently utilizing more than 80 percent of the memory.
Current utilization by process
-
Select the Process tab
-
Check the ‘show processes from all users’ box in the bottom left corner
-
Click the column header ‘Mem Usage’ to sort the processes by memory utilization, highest to lowest. This will help you determine what processes are currently utilizing the memory on the box and can help you narrow your search for memory intensive processes.
Network
Check NIC HW
-
Verify both ends of the network cable are securely seated in the port
-
On the back of the server verify you have a green blinking link light on the NIC port
-
Verify NIC HW is working properly by using Device Manager and ensure the active NICs are showing green
-
Verify gateway, IP, subnet mask, DNS, DNS suffixes, etc. are properly configured.
-
If everything is properly configured and HW is working, you should be able to get a ping response from the gateway.
Check Network Connections
Here are some other checks you should perform to ensure proper network connectivity:
-
ipconfig /all will display all you TCP/IP settings including you MAC address
-
ipconfig /flushdns will flush your dns resolver cache
-
ipconfig/displaydns will display what is in your dns name cache
-
Netstat -an command will show all the connections & ports from a machine
-
Nbtstat command will show net bios tcp/ip connection stats
-
Tracert <IP or DNS Name> command will show you the path the packet takes, the routers, and the response time for each hop.
-
pathping <IP or DNS Name> command combines ping and tracert to the 100th degree. It pings each hop 100 times and is great for testing wan connectivity
Disk Space
All kinds of bad stuff can happen when your disk space is filling up. The best way to alleviate this is to write a script to notify you when you reach a certain threshold. In a future post I'll share a method for you to do just that…however if there is a problem and you need to perform a health check then here is how you check the space the old fashion way.
To check disk space manually:
-
Right Click on My Computer
-
Select Manage
-
Select Disk Management
-
Validate each disk more than 10 percent free space
Event Logs
Event logs can reveal a more historical perspective on what is going on with the system and applications. Things to look for when troubleshooting event logs is to query either the system or the application logs and look for the presence of events that have a timestamp near the time of the issue you are troubleshooting.
Events have 3 categories in the event viewer:
-
Warning: Noted with a yellow icon and exclamation point. These usually are looked up as they serve as predictive future failure indicators, such as disk space running low, dhcp ip address lease renewal failures, etc.
-
Error: Noted with a red circle icon and ‘x’. These are indications that something has failed outright and are a good starting point for troubleshooting.
When looking at event logs, use the information to determine the following:
Also make sure you take a look at eventcombmt from Microsoft. This tool allows you to search the logs of multiple machines. The benefit to this is to see if a specific error or warning message is also occurring on other systems. This can help rule out issues.
Services
Troubleshooting services should be limited to the specific that is affected by the problem being troubleshot. Each server will have specific services varying upon the types of applications running. You should document how your servers services are configured to and compare that to the server in question to see if anything is not configured correctly.
Cluster
Servers that host applications and services that require high availability should be clustered so that if one node fails the other can pick up the workload. Clustered servers need the same type of health checks as stand-alone systems except you will want to check on the health of the cluster.
Check Cluster Resource Status
-
Open Cluster Administrator: Log onto server, select Start –> Run –> cluadmin
-
Check the Resources and ensure all are Online
-
If Cluster Administrator does not open, ensure that the Cluster Service is running on the node.
-
Cluster resource status can also be checked from a remote server. From a command prompt, just type - cluster res <cluster name>
Client Side Health
-
Right click on My Computer, select Manage
-
Open Device Manage
-
Drill down to SCSI and RAID Controllers, verify that the HBA HW is visible and does not show any errors
-
If it does not show up in Device Manager, you may need to re-scan for the HW, re-seat the fiber card, or re-install the driver.
-
If the HBA is showing healthy in Device Manager, open the tool that you use to view configuration and settings for the fiber card and verify there aren’t any transmit/receive errors on link statistics or counters
Switch Health
-
Make sure fiber is properly connected to each switch
-
Make sure switch has no errors
-
If you’re using zoning verify it is properly configured
Check Fiber and SAN Connectivity
-
Log onto san appliance and verify that the SAN is in general good health and no major errors are present for the controllers, loops, switches, or ports.
-
Ensure that the LUNs are presented to the servers in the cluster
NLBS
Some applications will require you to spread the load across multiple servers. Web servers are a very popular choice to network load balance. As with clusters we will need to check the status of the load balancing.
Check NLBS Status CMD Line
-
From a command prompt on the local system, run ‘wlbs query’. This will give you the convergence status of the local node with the nlbs cluster.
-
Other useful NLBS commands: wlbs stop (stops nlbs), wlbs start (starts nlbs), wlbs drainstop (drains node)
Check NLBS Configurations
-
Open up the network properties –> Network Load Balancing, right click & select Properties
-
On the Cluster Parameters tab, verify that the IP address is configured for the shared NLBS IP and that the subnet mask, domain, and operation mode are configured correct1y.
-
On the Host Paramters tab, make sure each node of the cluster has a unique host identifier. Also verify the IP and subnet mask are configured for the local values.
-
Also make sure that your switch has a static ARP entry if using multi-cast NLBS. The entry should be that of the virtual MAC of the cluster. To get the virtual MAC of the cluster, you can run the following command: WLBS IP2MAC <virtual IP address>
Name Resolution
To healthcheck name resolution, open a command prompt and enter the following
Verify that the servername is correctly entered in DNS
If a record does not show up in the DNS query, or maps to a different name, perform a reverse lookup by IP address to see what name is associated with the IP address * nslookup <IP address>
If no name shows up associated with the IP address, log into the domain controller and check the DNS records for this particular name/ip address
-
From a Domain Controller go to start–>run–>dnsmgmt.msc
-
Expand the Forward Lookup Zones
-
Expand the zone for you primary zone that holds the records for the system/s you are troubleshooting
Validate that the record exists. If it does not exist manually enter the record name and IP address by right clicking on this same zone,
-
Select new host (a)
-
Enter the name and IP address
-
Check the box next to Create associated pointer (PTR) record
-
Click add Host
Additionally log back into the node that you manually entered the record for and ensure that DNS is registering in DNS
-
Right click on the My Network Places icon on the desktop and select Properties
-
Double click on the primary adapter
-
Select properties
-
Highlight internet protocol (TCP/IP) and select properties
-
Validate the IP addresses of the DNS servers are correct
-
Select Advanced
-
Select DNS tab
-
Make sure the box is checked next to Register this connection’s address in DNS
As I wrap this up I realize there is so much more that can be done. Each application type of server needs its own set off health checks. For example web servers, terminal servers and database servers. Remember this is just the baseline for each server and that other components can and should be layered on top of it. Again I would love to hear from others so please feel free to add you comments below.
If you have been playing with the the AD PowerShell cmdlets you know that it requires a few things to run, first Windows Server 2008 R2 or Windows 7, the .NET Framework 3.5.1 and of course if you want to manage an AD domain you need Active Directory Web Services (ADWS) installed on at least one domain controller.
By the way ADWS requires TCP port 9389
So how in the world does a Windows 7 system know how to find a DC running ADWS? Well your client running PowerShell will use the normal DC locator process. First the client will determine which site it is in nltest /dsgetsite and then it will determine the closest DC nltest /dsgetdc:<FQDN Domain>. It is looking at the DC for the following flag:
DS_WEB_SERVICE_REQUIRED
More info on that flag can be found here.
Now what if you don’t have Server 2008 R2 DCs? With Server 2003 and Server 2008 a problem occurs because the Net Logon service of those domain controllers does not recognize the DS_WEB_SERVICE_REQUIRED flag. There are two hotfixes (one for what ever version of AD you are running) available to fix that in those environments. Server 2003 and Server 2008
After you install this hotfix the AD PowerShell module and Active Directory Administrative Center will be able to locate DCs that have Active Directory Management Gateway Service installed, similar to Active Directory Web Services (ADWS) on a Windows Server 2008 R2-based computer.
UPDATE - Microsoft appears to have taken this download down. No word why or when it will be back up.
Looks like Microsoft just make the Windows 7 LDS (Lightweight Directory Services) client available. You can find both 32 and 64 bit clients here.
For those that aren't familiar with LDS, it is the Server 2008 replacement for ADAM, otherwise known as Active Directory Application Mode. While i'm no developer LDS is a good platform that applications that require directory storage and access. Have most of the components of Active Directory without the complete infrastructure needed for Active Directory.
For the last several years I've worked in a team that is spread all across the world. The following ramblings are the items I've picked up from working in a virtual team as well as from books that I've read on the subject. One thing is key, leadership is leadership. It doesn’t matter if you are there local or remote. Enjoy.
Trust is an important aspect in all levels of leadership. The degree in which trust is used across virtual teams is usually much deeper than what level is used with a local team. Trust is the key to getting performance from a team that is distributed geographically. Trust must be gained:
- In you as a virtual leader
- In the virtual project or virtual organization
- In all virtual team members across distance
Building Relationships and Trust
Since virtual teams have limited interaction and limited knowledge of each other in their isolation, the virtual team must establish ways to help team members learn about each other quickly and frequently.
- Establish ways for the team to learn more about each other professionally and personally so they will collaborate even when distant
- Establish a short meeting for the team to talk with one another to troubleshoot and discuss current issues
- Pair off people to work together on parts of the project
- Acknowledge all types of recognitions including, birthdays, academic success, and other personal achievements
Virtual Team Alignment
People who work across distance tend to lose focus after any single meeting. Therefore, it is critical that the virtual team create:
- A clear vision so every team member knows exactly where the team is headed
- A clear emotional link so each remote team member stays motivated when distant
- A published roadmap that is used as each person does work remotely to align work and efforts
Virtual Team Equality
Be extremely fair in treating all team members, near and far, equally. Even appearances or suggestions of favoritism break trust.
- Avoid the temptation to rely more on those on-site with you than those at a distance
- Take culture differences into consideration
- Give every team member an equal opportunity to excel and contribute to the result
- Confront nonperformance in a constructive manner
- Be consistent and fair in holding everyone accountable for every factor needed to insure team success
Communication
Miscommunication and unequal access to information are trust-breakers.
Keep communications flowing to counteract the out of sight out of mind phenomenon on distributed teams.
- Be extremely clear when making decisions
- Frequency of communication should be increased compared to a team that is only local
- Understand that members will have different communication preferences
- E-mail, forum, phone, face-to-face, instant messaging, etc
- What isn’t said matters too
- Check for understanding or ask for clarification
Again these are items I've picked up over the years and through books. Please feel to share you thoughts if you have anything good to add to the conversation.
Did I say free? You bet I did. Microsoft has done this for quite some time now and is something everyone should take advantage of. Especially in today’s economy where training budgets are getting slashed.
Here are three great labs that you can use to learn all about Server 2008 R2’s Active Directory.
Windows Server 2008 R2: What's New in Active Directory
Windows Server 2008 R2: Active Directory and Server Manager Remoting
Windows Server 2008 R2: Active Directory Recycle Bin, PowerShell V2, and Remoting
Do you have any cool free training resources?
With PowerShell 2.0 being released with Windows 7 and Server 2008 R2 there are plenty of fun stuff to do. Although what I'm about to show you is not specific to PoSh 2.0 but it a great way to pull info from the Event Viewer.
When I’m presented with a problem on a server one of the first place I go is the Event Viewer. Sure there are ways to filter it but I’d always wanted a way to dump that filter into another file to review later on another system. PowerShell gives you a great method for displaying events as well as saving those results to a file.
The Event Log has several cmdlets available which can be seen here:
Get-EventLog
Clear-EventLog
Write-EventLog
Limit-EventLog
Show-EventLog
New-EventLog
Remove-EventLog
As you can see you can read an write to the Event Viewer here. The Get-EventLog cmdlet is a favorite of mine. With it you specify which Event Log to view and off you go. Below is an example of using that command and showing how to only list the first 20 events.
Get-Eventlog -Logname System -Newest 20
Now if you want to save that you have several options. You can save it as a text, htm or csv file. Realize it may take awhile to build the whole file. Below show the commands needed to output the files.
Get-Eventlog System | Out-file c:\Temp\system.txt
Get-Eventlog System | ConvertTo-html | Out-file c:\Temp\system.htm
Get-Eventlog System | ConvertTo-csv| Out-file c:\Temp\system.csv
The great thing is you don’t have to show everything. If you want you can filter by the Event ID by using the –instanceid switch. Below is an example.
Get-Eventlog System -instanceid 4 | Out-file c:\Temp\EventID4.txt
As you can see PowerShell is really handy when it comes to EventLog management. The best part is I haven’t even talked about Remoting. You can use PowerShell to remote into other machines in your environment running PowerShell 2. But that is another story…
I know, all AD admins have trust issues…not just literal ones but we also think about the trusts we have in our Active Directory environment. As you all know I'm a fan of quick easy ways to get info. Today’s tidbit is how to use nltest to verify your trusts.
The following command and switches can be used to view all of your trusts. You can perform them from any system in your domain, just specify the DC in the command.
nltest /server:dc_name /domain_trusts /all_trusts
Just replace the dc_name with your domain controllers name and it will list all of your trusts to the domain that the DC resides in.
Another tidbit I like to do is filter it by name if you have multiple namespaces.
nltest /server:dc_name /domain_trusts /all_trusts | find /i “name”
Here you would replace name with the name of a domain or part of the namespace you are looking for.
Unless you’ve been living under a rock for the last year, I’m sure you’ve heard that Microsoft has released its new client operating system Windows 7. Not only have they released Windows 7 but they have done so with great fanfare. I haven’t heard and read this much good news about a Microsoft operating system in…well to be honest never. Sure Microsoft has had success in the past but they really seem to have hit the mark with this one. In this article I’d like to discuss some of the new features from Windows XP & Vista.
Being a member of the Windows 7 TAP (Technology Adoption Program) and Beta I’ve been using Windows 7 at home and work for over 9 months now. Although there have been some issues (most of my experience has been with beta and release candidate software) my overall impression has been very positive. Right off the bat Windows 7 feels like a modern operating system. You can tell that Microsoft spent a lot of time making things easier for users. In fact if you have experience using Windows Vista you won’t find Windows 7’s navigation that much different. I’m not saying Windows 7 is like Windows Vista, for one it is much more responsive than its predecessor. Microsoft has fine-tuned the kernel of Windows 7 to deal with memory much better than Vista and has limited the number of background services to help reduce the resource footprint needed to run the operating system.
With every new operating system come new advancements within the capability set delivered, and Windows 7 delivers. I’m going to be spending most of my time comparing Windows 7 to Windows XP. The biggest change you will see is what you see. Windows 7’s interface is different than Windows XP but not so much that you will be lost. First you will no longer find the comforting Start Button in the bottom left hand corner as it has been replaced by a Windows logo that performs the same function. Once clicked on you will see a much improved menu over the Windows XP start menu. Directly over the Windows logo is a search box that can be used to type in not only names of applications but also locally stored files. The menu will start to auto-populate with your results and is a great shortcut to open applications that you would normally have to search all over for. This search field also can be used as a replacement for the Run Dialog but although it is not a replacement and the Run option can be added back using the advanced settings. Directly above the search box is where you will find the All Programs option. Once clicked on it will display your installed applications much like previous versions of Windows did. Windows 7 is all about shortcuts to common tasks and you will find the most commonly used applications will also be listed on this menu screen. You will find shortcuts to common areas like My Computer or Control Panel on the right of this menu. I really like the feel of the new Menu as it allows me to access the apps and data I need much quicker and easier.
Speaking of making things easier, there are four features I’d like to share with you that are really cool and designed to make your life easier.
1. Windows Taskbar – The Windows Taskbar has been improved to allow for easy navigation between open windows and quick easy access to commonly used applications. First you have the ability to right click an application and “Pin to Taskbar”. This will give you quick access to that application or Explorer Windows (perhaps My Videos). Once you do that you can hover your mouse over the item and if the windows or application is open it will show you a preview of the open window. It even shows the video while it is playing!
I can tell you this is a life saver when you have multiple emails or Word documents open. Instead of Alt-Tab’ing through them I can now just hover over the icon on the task bar and view all the open windows.
2. Jump Lists – Jump lists are quick easy ways to open a recent document, picture, song or website. All you have to do is right click on the icon that is either opened on the task bar (picture below) or some apps will expand this out via the Start Menu.
3. Snap – Snap is a nifty little way to resize open windows by dragging them to the edges of your screen. All you do is drag an open window to the left of your screen and it will Snap to that side and take up half the screen. You can take another open window and Snap it to the right to be able to view both those windows side-by-side. Here is a look at the before and after when using Snap.
Another option I like in snap is to drag a window to the top of the screen and it will open in full screen.
4. Windows Search – Windows 7 has several ways to make finding what you’re looking for much easier. On any folder that you open up you have the ability to perform a search by typing in the name of the item you are looking for. It actually starts displaying results as you type in information. You even have the ability to filter by other attributes such as size, author, date etc…
Windows 7 is going to be a big change for people adopting from XP. The interface is drastically different than some people are used to using. However Microsoft has done an excellent job in its design to make it more user friendly. Microsoft has also included a ton of new features that are intended to make common tasks very simply
I’m sure a lot of you have been playing with PowerShell. If not you better get on it!!! I’m not as far along as I wish I was but there is help out there. One great place is to see what others have done. Microsoft’s TechNet Scripting Center has a place where you can upload your own scripts and search what others have done. This is great for a community of learning developers…did I just say developers…ewwwww. :)
This link provides a shortcut to filter just the Active Directory related scripts. From here you can find scripts on Computer Accounts, Domains, Groups, Monitoring, OUs, Searching Active Directory, Sites and Subnets and User Accounts!
If you want to just view all the PowerShell scripts just hit this URL - http://gallery.technet.microsoft.com/ScriptCenter/en-us. Here you will scripts on Active Directory, Applications, Backup and System Restore, Databases, Desktop Management, Group Policy, Hardware, Interoperability and Migration, Local Account Management, Logs and monitoring, Messaging & Communication, Multimedia, Networking, Office, Operating System, Other Directory Services, Printing, Remote Desktop Services, Scripting Techniques, Security, Servers, Storage, System Center, Using the Internet and Windows Update. WOW that is a wealth of info.
Enjoy and please share if you have any cool ones yourself.
There are a ton of methods to backup Active Directory. I’m not going to get into each method with this post. What I am going to do is share another little command that can be run to check to see if your Active Directory was backed up and when.
Before I discuss that command one point I would like to make is to be very careful about who you let backup and restore your Active Directory DB. From a security standpoint this could be a major violation of your company’s security policy. Think it about for a minute. Let’s say I work in a support group in your company that provides backup and restore services for all systems, including Domain Controllers. I could take that backup of Active Directory and restore it to a private system that I have. Now I could use a number of tools to help try to crack into it. Sure it may take a bit of time but I've got plenty of time.
If you have a group that is responsible for backups and restores on Domain Controllers then I believe you need to put some really good policies and guidelines in place to protect your most important asset…Active Directory. I actually don’t like anyone backing up Active Directory that isn’t an Administrator and I always select the option that only and Administrator can restore the backup. I understand that a rouge admin could do harm but at least there was some mitigation put in place.
Now, finally to the point. Is my Active Directory backed up? For this one we are going to run another Repadmin command.
repadmin /showbackup
This will show you when your last backup of Active Directory ran. You don’t need to run it against a specific DC because Active Directory doesn’t care. If you have child domains in your environment and want to run this against them all just put a * at the end of the command and it will check all the domains.
Now go out there and make sure your Active Directory is backed up!!!
It seems I'm always trying to remember this little command and its about time I put here where I can always access it in the future. This isn’t a new command but it is a nifty little one that will initiate replication across your environment.
Repadmin /syncall /APed
I prefer to run it from the DC (thus the reason DC_name is taken out after /syncall) and from the command line to pipe it out to a text file.
A couple years ago I bought a Hauppauge 1600 to go into my Home Theater room. It worked great with Vista, but like many IT Pros after many tweaks and configuration changes I decided to reinstall. Well little did I know that I had lost my drivers CD and could never download the software for my TV tuner card. It was a real bummer because although the monitor I bought could display 1080P it was not a TV, it was a monitor and I needed my TV tuner card to work to be able to watch TV.
I was so pleased that after my install of Windows 7 Ultimate that Windows detected my Hauppauge TV Tuner and I was able to watch and record TV again, especially The Office!!! By the way, the only reason I needed this was because Sami and I had two other shows that we recorded on our DVR during that time, Supernatural and Fringe. Seriously, why can’t good shows air on days other than Thursday?
Kudos to Windows 7 for having drivers for a device that I thought I would never use again!
Not sure how many people modify the size of the Windows Event Logs but it is something that I like to do simply because the default sizes of most them is just not enough. For example you may remember the default for your System and Application log files was a measly 512kb. That logged all of about a day of a really busy application server.
The problem with Server 2003 was the recommended maximum size for a log file was only around 300mb and the maximum total size for all Event Log files was around 400mb. You do the math and you can see that realistically you aren’t going be able to realize the benefits of having larger Event Log file sizes.
This has to do with Windows storing the logs in memory. As you can tell a 32bit system would run into some serious memory issues if you wanted to expand the size of several of these. Thankfully in Server 2008 this has changed. Microsoft has increased the recommended maximum size of a log file up to 4gb and all of them up to 16gb. Of course you will want to make sure you’re running the x64 flavor of Server 2008 to really see this advantage.
Take a look at the following knowledgebase from Microsoft for more info.
I’ve read a few articles this morning concerning Microsoft’s move to release a web version of its upcoming Office 2010 product. This is a direct fire toward Google’s application suite and I think Microsoft is going to this help their dominance in this market. Microsoft really isn’t going to lose any major businesses to this free online version. Corporations are going to continue on with using the thick client because of the full rich suite of integrated components that Office has always given them. This is going to be take market share from places like Google because now the folks that wouldn’t pay for office will be able to benefit from it using this online version.
In the long run I hope to see Microsoft move away from the thick client. I think Microsoft now needs to come up with an online version that can be hosted within companies. Some companies won’t move this mode of operation because of the inherit security risks of hosting you data on Microsoft servers. So I bet the next version of office will have some new internal online flavor for companies looking to move more toward thin clients and thin apps.
I ran into a weird issue the other day when configuring permissions on a Share that was clustered. I couldn’t find much online about this, and the one similar issue from Russ was not the issue here.
Here is a little background info to help set the stage. An admin changes the permission on the Shared Folder (not the File Share Cluster Resource) that is clustered from Read to Full Control. This works when connecting to the node explicitly but not with the cluster name. So he fails over the resource to the other node and notices that the permissions had reset to Read. This is where I get called in. I’m thinking this is going to be a very easy 30 second fix (which it ended up being…but more on that later). I had the admin explain to me what process was followed to change the permission. Right away I knew that changing the permission on the Shared Folder and not the File Share resource was an issue.
I went into to Cluster Administrator (cluadmin.msc) and went to alter the permissions from Read to Full Control for the group in question and I was presented with the following error:
An error occurred validating the cluster security descriptor
The RPC server is unavailable
Error ID -2147023174 (800706ba)
As most of you know this is a very generic error. In fact if there is one error I can’t stand from Microsoft it is “The RPC server is unavailable” error. After doing some research and testing we found that we couldn’t even add a new Security Principal to the permissions of this cluster. It mentioned that the Computer was not part of the domain. In hind sight I wish I would have got the entire error for you but I forgot to grab the screen cap for that one. The name it was referencing was the clustered name. Well the cluster name is not going to have an Active Directory account so I went to check in DNS and sure enough there was no record for this cluster name in DNS. After adding the record into DNS we were able to immediately change the permission.
There I go again assuming things were set up correctly initially. I really need to break that wall down and start from the very beginning when I’m troubleshooting. Ah the things we take for granted when looking at a problem.
Just saw over on the Server Core blog that Andrew posted some links to a couple excellent resources. The first one is what I consider to be the Server Core Bible. It has just about everything you can think of when it comes to configuring Server Core. The next link is to a couple job aids that give you a quick look at some common commands.
These job aids actually gives me some ideas on some things I’d like to create…now if I only had more time.
There are quite a few ways to view what your FSMO roles are. You can use the GUI tools or even the following netdom command that I've shared in the past – netdom query fsmo
However if you are working in a trusted multi-domain environment the following command can help you view the FSMO role holders remotely.
netdom query /domain:%domainname% fsmo
This is just a huge time saver and hopefully you can add it to your tool belt of commands.
I admit it…I have issues with email. So much so that I think I may have OCD. I’m not trying to make fun of anyone that really has that disorder but I sure feel like I’m obsessed with unread email. I can’t stand it in fact. When a new mail arrives in my inbox I seem to stop what I'm doing and read it. This is not helpful for someone that gets hundreds of emails a day. Yes most are from monitors and alerts that technically I don’t need to read right away but I can’t stand having those little emails be bolded like they are in Outlook. I have rules set up to move them into different folders…perhaps I should have rules to mark them as read. It gets distracting too…like when I’m writing I see an email pops in and jump over to it and read it. Ohhh and something that just drives me nuts is when I see someone else's Inbox and it looks like this – Inbox (313). What are you people thinking…how can you have that many unread messages??? I know you just aren’t as compulsive as me and I'm just extremely jealous.
Tonight I go to my first therapy session – Must Read Email Anonymous…crap I guess its not so anonymous now! :)
If you’ve got time on such short notice try to check out the webcast O’Reilly is hosting on What’s New in Active Directory for Server 2008 R2. It is going to be hosted by two other Directory Services MVPs Brian Desmond and Laura Hunter.
This is a free event and is scheduled for 90 mins.
Date: Friday, April 24, 2009
Time: 10am San Francisco | 6pm London | 1pm - New York | Sat, Apr 25th at 3am - Sydney | Sat, Apr 25th at 2am - Tokyo | Sat, Apr 25th at 1am - Beijing | 10:30pm – Mumbai
Registration Link - http://www.oreillynet.com/pub/e/1326
Everyone has there own reason for loving or hating April Fools Day. For the last 4 years it has been a day of great joy for me. I got the email shortly from Microsoft that I was re-awarded my MVP for Directory Services! I really think this blog has a lot to do with it and that means that i’m especially grateful to all 17 people (12 of which are probably family) that read it too!!! Thanks to all of you for engaging me on through the comments and I hope that you will continue.
Here's to another great year of technical discovery in the Life of Brian.
More Posts
Next page »