Search This Blog

Friday, December 14, 2007

Mcirosoft Hyper-V

Microsoft has released a public beta for its hypervisor-based server virtualization technology known as Hyper-V, which will be included in three versions of Windows Server 2008 when it ships early next year.

Wednesday, December 5, 2007

Thursday, November 29, 2007

Microsoft IAS uses Global catalog

We had a case when users could not use wireless when WAN link to HQ was down. The reason is that Cisco wireless authentication (WPA2-Enteprise EAP) is done on the local DC with IAS, but Global catalog was not enabled on the DC. Since the WAN link to HQ Global catalog was not available users could not connect to wireless. Error message:

Event Type: Error
Event Source: IAS
Event Category: None
Event ID: 3
Date: 11/27/2007
Time: 5:25:18 PM
User: N/A
Computer: xxx
Access request for user host/xxx was discarded.
Fully-Qualified-User-Name =
NAS-IP-Address = xxx
NAS-Identifier = xxx
Called-Station-Identifier = xxx
Calling-Station-Identifier = xxx
Client-Friendly-Name = xxx
Client-IP-Address = xxx
NAS-Port-Type = Wireless - IEEE 802.11
NAS-Port = 215
Proxy-Policy-Name = Use Windows authentication for all users
Authentication-Provider = Windows
Authentication-Server =
Reason-Code = 4
Reason = The Active Directory global catalog cannot be accessed.

For more information, see Help and Support Center at
0000: 00 00 00 00 ....

The workaround - enable GC on all DCs used for wireless.

Thursday, November 15, 2007

Windows Desktop Search

WDS found itself in the midst of a controversy on October 25, 2007 when WDS 3.01 was automatically pushed out and installed to Windows systems when they updated themselves via WSUS. Microsoft hasn't yet responded on the situation.

Tuesday, November 13, 2007

HP UPS R5500 XR firmware

Latest firmware for UPS is 2.04, during the upgrade UPS may switch off the segment, althought in theory it should not.

Cisco ASA new releases

Cisco released ASA 8.0(3), Secure Desktop and AnyConnect 2.1.0148 around Nov 7 2007

Cisco ASA WebVPN cifs "Error contacting host."

There is a bug CSCsk29306 in ver. 8.0(2) and it looks like in 8.0(3) it still not solved. Workaround - reload.

Friday, October 26, 2007


There was an issue when some PCs could not perform a specific (mmbe,f8) operation in SAP and produced error "connection reset by peer".

The problem was fixed by addding MTU parameter (1300) into WXP registry, it was missing for some reason. Refer to the SAP note 155147

Friday, October 12, 2007

Disable services you do not need in Windows XP

Windows XP virtual PC SID change

As you know it's easy to clone Virtual machines, but two clones must have different SID to work correctly simultaneously in the network, such as Active Directory. There is a MS tool called "newsid" that allows to change SID and PC name. The tool can assign random or predefined SID to the system. Clones also need different MAC address.

Thursday, October 11, 2007

Cisco Secure Desktop and Vista

Cisco Secure Desktop release. 3.2 does not support Secure Session in Vista. It will perform only cache clean.


Table 1 Operating Systems Supported by Cisco Secure Desktop

Operating Systems1

Prelogin Assessment

Host Scan

Secure Session

Cache Cleaner2

Microsoft Windows Vista





Microsoft Windows XP





Microsoft Windows 2000





Apple Macintosh OS X 10.4 (PowerPC or Intel)











1 Includes both English and non-English support for 32-bit Microsoft operating systems. Cisco Secure Desktop does not support the 64-bit versions.

2 Cache Cleaner also supports WebLaunch of Cisco AnyConnect on a PC running Windows 2000 or XP.


Thursday, October 4, 2007

Exchange cluster error id 1146

The error described earlier is back again:

0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] SymInitialize failed, GLE=-1073741819.
0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] Failed to initialize Dbghelp.dll.
0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] Active Resource = 000A4778
0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] Resource State is 12, "ResourceTypeControl"
0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] Resource name is TR_Mailbox
0000130c.00001324::2007/10/04-02:47:25.190 ERR [RM] Resource type is Volume Manager Disk Group
00000af4.00001320::2007/10/04-02:47:25.299 ERR [FM] NotifyChanges got an RPC failure, 1726.
00000af4.00001320::2007/10/04-02:47:25.299 WARN [FM] Resource monitor 130c NotifyChanges returned failure.
00000af4.00001320::2007/10/04-02:47:25.299 WARN [FM] Last resource monitor state: 12, resource 673656.

The error definitely is in Disk resource. We use Veritas Software Foundation, so this error might needs to be escalated to Symantec.

Wednesday, October 3, 2007

HP DL360G4 HDtach

I'm trying to measure the disk performance of the HP DL360G4,G5, DL380G4 servers.
I have configuration with two disks 72GB 15K in mirror (RAID 1+0 in ACU settings)

HDtach 3.0 gives me burst speed 145 MB/s, which is twice lower than shown SCSI Ultra320. Is it normal? Is it possible to improve the performance without changing from mirror to stripe?

MXtreme borderware reporting error

MXtreme 6.5 update 4 (we use it as SMTP gateway for Exchange)- in the monthly reports the calculations gone really bad. It shows negative! number of clean messages. Then obviously in the pie chart you can not see them.

I had the same issue a year ago, but no solution was provided by Borderware at that time. Now it seems that new version 7.1 has improved reporting engine.

Tuesday, October 2, 2007

Green address bar in Vista IE7 - Extended Validation Certificate

Some https sites now have this new type of certificates - EV

IE7 in Vista will highlight EV site with green colour and will show the Certification Authority who certified the site. Example:

Read about EV:

Monday, October 1, 2007

Vista roaming user profiles

Roaming profiles have different structure in Vista and XP. If you have profiles defined as
\\fileserver\profiles$\%username% in the ADUC for a user, then XP will use this path for roaming profile, but Vista will be looking for the same folder but with .V2 extention. So, add second folder with the samename.V2 for those who use both XP and Vista

Desktop wallpaper for servers

Microsoft has a nice free tool - backinfo (and bginfo). It allows to show tech info about the server in the Desktop background. Very useful for the servers that you access with Remote Desktop Connection (RDP).

Tuesday, September 18, 2007

Memory leak

Investigating memory leak on on of the W2003 servers.

1) Server gives error once a week since 1 month now.

Event Type: Error
Event Source: Srv
Event Category: None
Event ID: 2019
Date: 8/20/2007
Time: 5:53:20 PM
User: N/A
Computer: SCHGVAIT003
The server was unable to allocate from the system nonpaged pool because the pool was empty.

For more information, see Help and Support Center at
0000: 00 00 04 00 01 00 54 00 ......T.
0008: 00 00 00 00 e3 07 00 c0 ....ã..À
0010: 00 00 00 00 9a 00 00 c0 ....š..À
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........
0028: 02 00 00 00 ....

Nonpaged pool is limited to 256K on that server.

2) Poolmon utility from Windows support tool was used to identify leaking driver:

start poolmon.exe, then press B key to sort by bytes allocated.

Driver with tag "Ddk" allocated 51820464 bytes in 3 days.

3) Identify driver
poolmon.exe /c - will create drivers tags in localtag.txt

4) Suspect- CPQCISSE.sys ver

5) Looking if newer driver is available at HP - no, I have latest one

6) Suspect Trend Micro firewall - unistalled, memory leak stopped.

Friday, September 14, 2007

ITIL Foundation free test

ZIP gets corrupted in Sharepoint

This is how to fix the problem:

change MIME type to octet stream for .zip files

Wednesday, August 29, 2007

youtube video workaround for Bluecoat

Youtube streaming is not supported by Bluecoat ProxyAV, therefore you need to add exception and skip antivirus scanning for youtube.

Thursday, July 26, 2007

Cisco ASA and WebVPN

Cisco released new firmware for ASA - 8.0(2).

WebVPN significantly improved: provides RDP, Citrix, VNC access, AnyConnect - SSL VPN client, better Cisco Security Desktop. If you use WebVPN I suggest you to update ASAP. The admin interface is somewhat different, sometimes confusing. But it gives all you need to get stable WebVPN.

Unfortunately there are some known bugs in this version, as example:
CSCsj00288 CSD - Keystroke Logger check fails when HP Quick Launch app is running

I just discovered new release of CSD -, let's try...

Wednesday, July 25, 2007

Exchange cluster error id 1146

On a Exchange 2003 SP2, W2003SP2, Veritas Software Foundation 4.3 MP2, Scanmail 7.0
we have an error: ClusSvc Warning Failover Mgr 1146 N/A SCHGVAEX001 The cluster resource monitor died unexpectedly, an attempt will be made to restart it.

The cluster gets restarted causing about 3 minutes downtime for users. It repeats few times during a month. The Ms KB does not apply in our case. The problem started after Windows Server 2003 SP2.

MS recommends to run non-MS cluster resources in separate monitors - option option “Run this resource in a separate Resource Monitor” of the cluster admin console. I applied this to Veritas volumes and Scanmail

Let's wait and see what it will bring.

update: problem is gone!!!
update: not really, error is back again. I hope it will not be so often.

Monday, July 16, 2007

How to set ACL in Cisco ASA VPN from IAS

Cisco ASA can work with access lists from IAS Radius. Add to the IAS policy the attribute 'Cisco-AV-Pair' as example:
ip:inacl#1=permit ip host any
ip:inacl#2=permit ip any host
This will limit IP traffic only to/from this host.

Friday, June 29, 2007

Script for Windows updates remote installation


if you are using WSUS for workstations it is more or less easy, you set GPO to automatically download and install. Then you approve/reject updates in WSUS console. However for server it's better to setup automatically download. The installation itself should be manual. To automate the manual patch installation use this script:

Put this script on the file share, together with follwing cmd

c:\windows\system32\cscript.exe \\server\UpdateHF\updatehf.vbs action:install mode:silent restart:1

Then you can use GUI for psexec or LANGuard Network Security Scanner or other tools to run this command remotely.

Monday, June 25, 2007

HP Version control agent bug

HP VCA shows drivers with old version, but can not install new ones. For example in my HP DL360G4 it was showing "HP ProLiant Smart Array SAS/SATA Controller Driver for Windows Server 2003" version, but when I try to install update to version, the system would tell that
"The software will not be installed on this system because the required
hardware is not present in the system or the software/firmware doesn't
apply to this system."

Workaround is to rename folder Discovery in C:\hp\hpsmh\data\cgi-bin\vcagent.

I believe definitive solution will come with VCA patch soon.

Tuesday, June 19, 2007

Sharepoint HTTP compression

as you know, you can enable IIS compresion to improve Sharepoint performance over WAN (

However, when you open documents from Sharepoint using Office (Excel or Word), then compression does not work. It looks like it's because Windows WebDav client does not support header "Accept-Encoding:"(gzip or deflate). Without this header compression will not work.

Monday, May 21, 2007

Friday, May 18, 2007

Sharepoint default timeout on the forms - 30 minutes

(From Sharepoint Help)

About Web Page Security Validation

Web Page Security Validation enhances security by imposing a time limit on pages when the user is submitting information to the server. This feature ensures that the connection between the browser and the server is more secure, and that data is not altered on a user's behalf without his or her knowledge. When users take too long before submitting changes to the server, they receive a message informing them that they must go back to the previous page and retry the operation.

In most installations, a setting of 30 minutes is usually appropriate. If site users experience frequent time-outs because of long data transfer times, consider increasing the interval. However, you should not turn off Web Page Security Validation, as it helps to maintain the security of your server.

Debuging logs in Windows

ActiveDirectory and Windows command line one liners

Friday, May 11, 2007

Microsoft Support tools

Some MS prodcut support tools can give a lot of useful info for yourself!

Thursday, May 10, 2007


An IT replacement for notepad

Thursday, April 12, 2007

Microsoft Switzerland TechDays 2007

You can download presentations from Microsoft Switzerland TechDays 2007 from here:

The agenda is in French, but all presentations are in English!

Wednesday, April 11, 2007

Event Type: Error
Event Source: EXOLEDB
Event Category: General
Event ID: 111
Date: 4/10/2007
Time: 5:44:40 PM
User: N/A
Computer: SCHGVAEX002
Microsoft Exchange OLEDB was unable to do Schema propagation on MDB startup HRESULT = 0x80040e19.

If you have this event on Exchange server - go to system manager - Administrative groups - ..- folders

Right click and select view system folders

see if you have two schema-root folders - this may be cause of this error. Microsoft suggest to delete one (make sure you have backup!).

LAN Bridging in Cisco

One of the ways to create bridge between two networks is DLSW (and DLSW+ of Cisco)

Do not forget about DLSW vulnerabilities:

Tuesday, April 3, 2007

Spoolsv.exe memory leak (again ?!)

Memory leak in spoolsv.exe if you use HP standard TCP/IP port for printers. Non-paged memory pool keeps growing when you print. Solution is to change HP standard TCP/IP port to Microsoft Standard TCP/IP port

Solution was found here:

Case was escalated to HP who confirmed that they recommend to change to Microsoft port driver.

Thursday, March 15, 2007

How to install Microsoft XPS printer

High CPU untilisation of spoolsv.exe

Check if there are documents pending in the printers spool. Recreate all printers.
It helped me.

This effect was on several PCs after February MS patch.

Vista and computer only wireless 802.1X authentication

AuthMode in XP was a registry setting, in Vista is is slightly more complex:

Friday, February 23, 2007

.NET runtime error Event Id 0

If you have this bug in your evenviewer: unable to open shim database version registry key-v2.0.50727.00000 - try to install a patch

Note you will need to be registered on Go there and subscribe to any Beta testing and then you will be able to download the patch.


A quick and easy way to collect inventory from a remote Windows PC:

run under domain admin account: winmsd /computer PC_name /nfo PC_name

This will create a file in curent directory with all PC HW/SW details.

Thursday, February 22, 2007

Email security guideline (from US NIST)

Tuesday, February 20, 2007

Add RAM to HP nc6000

Amazing, but there are video guides on youtube on how to change RAM for quite old PC model HP nc6000:

Thanks to yourtube poster and shame to HP that I could not find the same info on when I needed it.

Tuesday, February 13, 2007

Ticker from HP Insight Manager

Last few days I was trying to get some systems health information from HP SIM on intranet. Finally it works (with spagetti of scripts).
mxquery.cmd script on HPSIM server:
mxquery -e "Critical Systems"|find "DeviceName:"|perl -pe s/DeviceName://|sort

on another server (with IIS):

- installed OpenSSH (from HP) and created password-less connection for local user s-chssh.
- perl script connects to the HPSIM using Net::SSH and calls mxquery.cmd script

Now it should be easy to call this script from Web application. Do not forget to impersonate IIS to act as user s-chssh.

HPSIM also provides reports - call mxreport -e report_name.

All above can be simplified if there is IIS (or other web) on HPSIM server. If I can get PerlEx to work with ssh. If I can get ASP to work with ssh.

Cisco VPN proxy settings and firefox

Cisco ASA firmware 7.2(2) can set proxy for client. It works fine with IE, but unfortunately, does not work for firefox (at least for version 2.0).

Wednesday, February 7, 2007

Simple, but nice PerlEx report for WAN status

<%use CGI;
use Net::Ping;
my $cgi = new CGI;
#print "Content-type: text/html\n\n";
print "<html><head>\n";
print "<title>WAN health</title></head>\n";
print "<body bgcolor=\"#FFFFFF\" text=\"#000000\" link=\"#FFFFFF\"
#print "WAN status...";
$p = Net::Ping->new(); %>
<TABLE border="1"><TR><TH>Site<TH>Status
if ($p->ping("")) { print "<a
href=\"WAN_detail.aspl\"><img src=\"images/ok.png\"></a>";}
else { print "<a href=\"WAN_detail.aspl\"><img
if ($p->ping("")) { print "<a
href=\"WAN_detail.aspl\"><img src=\"images/ok.png\"></a>";}
else { print "<a href=\"WAN_detail.aspl\"><img
if ($p->ping("")) { print "<a
href=\"WAN_detail.aspl\"><img src=\"images/ok.png\"></a>";}
else { print "<a href=\"WAN_detail.aspl\"><img
if ($p->ping("")) { print "<a
href=\"WAN_detail.aspl\"><img src=\"images/ok.png\"></a>";}
else { print "<a href=\"WAN_detail.aspl\"><img

Deal with Interruptions

Very interesting skill for IT personnel:

SAP GUI 7.10

Two days ago SAP released new SAP GUI version 7.10 - it supports Ofice 2007 and Vista

WSS 2.0 and alerts on folders

It is very confusing for users to discover that in Sharepoint when they put alert on whole folder they do not receive alerts when there are new files or files have changed in that folder. In WSS 2.0 alert will be sent only if folder itself changes (let's say name of the folder changes). It looks like it was fixed in WSS 3.0. Bad news: upgrade to WSS 3.0 is not just several clicks.

correction: it is not fixed, but slightly improved. You will receive updates if you place new files, but not when a file is updated.

Tuesday, January 30, 2007

SPF record

What is SPF record? It's a nice feature that helps to fight mail spoofing.
By adding TXT field to your domain DNS let's say "v=spf1 mx -all" you can explain to other email systems that only authorised MX hosts can send email for this domain. If you are not sure you can start with SOFTFAIL "v=spf1 mx ~all"

Read more

Client proxy settings in Cisco ASA

New firmware 7.2(2) for Cisco ASA allows to set Internet proxy for VPN clients. Very useful feature!

Thursday, January 25, 2007

Checkpoint authentication with Microsoft Radius (IAS)

For some reasons Checkpoint VPN (R60) does not send NAS-Port-Type in authentication request. Microsoft IAS wizard by default creates policy that expects that NAS-Port-Type = Virtual. Remove this field from IAS policy and add other like NAS-IP-Address etc, to identify the VPN component

Cisco ASA bug

If your Cisco ASA WebVPN disconnects with error "Idle timeout" after few seconds then there is a solution for you: the bug has been fixed in firmware 7.2(2) - available since November 2006 from Cisco. It is quite nasty bug, because it appears only after 40+ days uptime of ASA.
Bug Id CSCse29700:

How to show SCL rating (Junk Mail decision) of the message in Microsoft Outlook

The following is an Outlook configuration file provided by Paul Bowden that will allow you to configure Outlook to expose the SCL property. Copy the SCL.CFG text and save it as SCL.CFG (in the same location as the .ICO files, usually program files\...\office 11\forms\language ID), then follow the instructions below to install it.


;**********The CFG file**********
DisplayName=SCL Extension Form
Comment=This forms allows the SCL to be viewed as a column
Owner=Microsoft Corporation
Contact=Your Name
;**********END CFG

1. Go into Tools Options Other Advanced Options Custom Forms Manage Forms
2. Hit the Install button, and choose SCL.CFG …install into your Personal Forms Library
3. Hit OK several times to return to the main Outlook screen
4. Right-click on the Column headings in your Inbox (other any other folder) and choose "Field Chooser"
5. Pull-down the scroll-bar and choose "Forms…"
6. Set focus to your Personal Forms, choose the SCL Extension Form, then click Add
7. Drag and drop the SCL property into your column headings …and voila!

- James Webster

Published Wednesday, May 26, 2004


Thursday, January 18, 2007


I hope you know that you can test your famous antivirus by using test virus signature. Read on

Troubleshoot slow login and profiles in Windows XP

To create a detailed log file for user profiles:
• Start regedit and locate the following path: HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon
• Create a new value called UserEnvDebugLevel as a REG_DWORD, and set the value to 30002 in hexadecimal format.

Read on

4GB RAM in Windows 2003 and /PAE switch

I was surprised to see 3.5GB instead of installed 4GB in the "My Computer" properties. Where the memory gets lost?

Hopefully, by adding option /PAE into boot.ini I could increase the reported RAM size to 3.93 GB.

Read on at

Microsoft Exchange

Cool blog related to Microsoft Exchange

Friday, January 5, 2007

HP racks

Warning: HP racks have standard keys, it means that anybody who has HP
rack can open any other HP rack. Nice security feature from HP!

Thursday, January 4, 2007

SMTP to SMS gateway

# (c) Daniyar, 2007
# mySMTP2SMS gateway prototype
# it uses GSMLIB to send SMS via GSM modem
# install it as the service
# instsrv mySMTP2SMS "C:\Program Files\gsmlib\srvany.exe"
# then add registry keys as explained in the srvany.wri
# usage:
# blat -serverSMTP -port 8025 -f -to
0796574016 -body "this is a test sms"

use Win32::EventLog::Carp;
use Net::SMTP::Server;
use Net::SMTP::Server::Client;
use Net::SMTP::Server::Relay;

print "mysmtp2sms:start...";

# create a server on IP servers external address
$server = new Net::SMTP::Server('', 8025)
croak("mysmtp2sms: Unable to create server: $!\n"); # write to event

while($conn = $server->accept()) {

my $client = new Net::SMTP::Server::Client($conn)
croak("mysmtp2sms: Unable to handle client connection: $!\n");

# Process the client. This command will block until
# the connecting client completes the SMTP transaction.
$client->process next;


$strTo=$to[0][0]; # get only 1 recepient, we do not do a lot of
check here, but you can certainly do some, suc as strip domain name,
$strTo=~ s/[<>]//g; # remove <> symbols globally
#print "$strTo\n";
#print $client->{MSG};
#print "\n";
@msg = split(/\n/, $client->{MSG}); # split message to lines in
order to cut the header
$l=scalar(@msg); # length
#print "l=$l\n";
$c= ord($msg[$i]);
while (($c!=13) && ($i<$l)) # look for the first empty line that
must be begining of the message body
{$c= ord($msg[++$i]);}
#print "i=$i\n";

$strMsg= join("",@msg[$i+1..$l]); # make a string from message body
without header
$strMsg=~ s/\n//g; # strip new line symbols

#print "$strMsg\n";

# call gsmlib

@arg= ("c:\\program

system(@arg) == 0
or carp "mysmtp: system @args failed: $?"


print "mysmtp2sms:quit...";