Thursday, April 29, 2010

"DHCP...." followed by "PXE-E53: No boot filename received"

SYMPTOM

When being started, the PXE client comes up with the PXE copyright message, then displays

DHCP....

After a while, the following error message is displayed:

PXE-E53: No boot filename received

Depending on the PXE client's system setup boot device list configuration, the PC then either stops or tries to boot from the next boot device in the system setup boot device list.

CAUSE

The "PXE-E53" error indicates that the PXE client received a reply to its DHCPDISCOVER message, but the "boot filename" information was missing in this reply.

RESOLUTION

Make sure that the "boot filename" option is present on your DHCP or BOOTP server, and that its value is set to the filename of the boot loader.

When using Microsoft DHCP server, add option 067 (Bootfile Name) to your scope. When using a Unix/Linux based (ISC) DHCP server, use the "filename" parameter for this purpose.

In the context of the BootManage Administrator, the boot loader filename is "pxboot" for PXE clients and "bpboot" for TCP/IP BOOT-PROM clients. So, if you have exclusively PXE clients, set the boot filename option to the value "pxboot". If you have exclusively TCP/IP BOOT-PROM clients, set the boot filename option to the value "bpboot". In a mixed PXE and TCP/IP BOOT-PROM client environment, you must configure your DHCP or BOOTP server so that it provides the PXE clients with the "pxboot" boot loader, and the TCP/IP BOOT-PROM clients with the "bpboot" boot loader.

____ IMPORTANT Thing to note:

We were trying to troubleshoot the above issue with the recommendation above, however, make sure you can see the dhcp server leasing out the ips to the machine you are trying to pxe boot.
Secondly and most important, if they are 64 bit client, run the command below on the server.
WDSUTIL /set-server /architecturediscovery:yes


Hope you dont have to struggle after that..

Cheers

Saturday, April 24, 2010

Group Membership script

Hi All,

Below script will fetch you the membership details of the AD group you pass it as a parameter.
it Returns SAMACCOUNTNAME...

_________________________________________________________

groupname = Wscript.Arguments(0)
'groupName = inputbox("Please enter the name of the group:")
'dim FileName = Groupname
if groupName = "" then
wscript.quit
end if

groupPath = getgrouppath(groupName)

if groupPath = "" then
wscript.echo "Unable to find the specified group in the domain"
wscript.quit
end if
set objGroup = getobject(grouppath)
set objFSO = createobject("scripting.filesystemobject")
set objFile = objFSO.createtextfile(groupname)
q = """"
objFile.WriteLine("sAMAccountName")
for each objMember in objGroup.Members
objFile.WriteLine(objmember.samaccountname)
next
'***** Users who's primary group is set to the given group need to be enumerated seperatly.*****
getprimarygroupmembers groupname
objFile.Close
wscript.echo "Completed"
function getGroupPath(byval GroupName)
set cmd=createobject("ADODB.Command")
set cn=createobject("ADODB.Connection")
set rs=createobject("ADODB.Recordset")
cn.open "Provider=ADsDSOObject;"
cmd.commandtext = "SELECT adspath from 'LDAP://" & getnc & _
"' WHERE objectCategory = 'Group' and sAMAccountName = '" & groupname & "'"
cmd.activeconnection = cn
set rs = cmd.execute
if rs.bof <> true and rs.eof<>true then
getgrouppath=rs(0)
else
getgrouppath = ""
end if
cn.close
end function
function getNC
set objRoot=getobject("LDAP://RootDSE")
getNC=objRoot.get("defaultNamingContext")
end function
function getPrimaryGroupMembers(byval GroupName)
set cn = createobject("ADODB.Connection")
set cmd = createobject("ADODB.Command")
set rs = createobject("ADODB.Recordset")
cn.open "Provider=ADsDSOObject;"
cmd.activeconnection=cn
'***** Change the Page Size to overcome the 1000 record limitation *****
cmd.properties("page size")=1000
cmd.commandtext = "SELECT PrimaryGroupToken FROM 'LDAP://" & getnc & _
"' WHERE sAMAccountName = '" & GroupName & "'"
set rs = cmd.execute
if rs.eof<>true and rs.bof<>true then
PrimaryGroupID = rs(0)
else
Err.Raise 5000, "getPrimaryGroupMembers", "Unable to find PrimaryGroupToken property"
end if
cmd.commandtext = "SELECT samaccountname, sn, givenName FROM 'LDAP://" & getNC & _
"' WHERE PrimaryGroupID = '" & PrimaryGroupID & "'"
set rs = cmd.execute
while rs.eof<>true and rs.bof<>true
objFile.WriteLine(q & rs("samaccountname") & q & "," & q & rs("sn") & q & _
"," & q & rs("givenName") & q)
rs.movenext
wend
cn.close
end function
______________________________________________xxxxxxxxxxxxxx____________________________________

Tuesday, April 20, 2010

Backup NTFS permissions

Reference : _h_t_t_p_://ochoco.blogspot.com/2009/02/quick-tip-back-up-your-ntfs-security.html

_________Adding a security group to a folder and maintain inheritance_________
C:\Program Files\Support Tools>icacls D:\data$\NTFS_PermTEST /Grant "domainname\
DLGTestGroup":(OI)(CI)F
(Be mindful of security group names... has to be prewindows 2000 name for groups)
__________________________________________________________________________

Subinacl.exe

http://www.microsoft.com/downloads/details.aspx?FamilyID=E8BA3E56-D8FE-4A91-93CF-ED6985E3927B&displaylang=en

Here is example syntax that you can use to proactively back up your NTFS permissions:

Subinacl /noverbose /output=c:\ntfs_perms.txt /subdirectories "Path to the Folder of NTFS permissions we have to Backup"

To backup the permissions of the folder, subfolders and files on folder called Data\IT on the D: drive:

subinacl /noverbose /output=c:\ntfs_perms_TEST.txt /subdirectories D:\data\IT

If you wanted to just backup the NTFS permissions for the entire drive, the command would look like this:

subinacl /noverbose /output=c:\ntfs_D_drive_perms.txt /subdirectories D:\*.*

Most of you will probably not be concerned with backing up down to the file level, and are satisfied with just backing up the permissions at the directory level. Backing up the permissions for just the directories can be achieved with the following syntax:

subinacl /noverbose /output=c:\D_drive_NTFSperms.txt /subdirectories=directoriesonly D:\*.*

The output of the command while have something like this:
Elapsed Time: 00 00:00:00
Done: 5, Modified 5, Failed 0, Syntax errors 0
Last Done : D:\data$\IT\NTFS_PermTEST\TestA\Test_A_2\Inherit_notAllowed

The contents of the file created by subinacl are viewable in any text editor and the output is similar to this:
===================================
+File D:\data$\NTFS_PermTEST\TestA
===================================
/control=0x400
/owner =builtin\administrators
/primary group =domainname\domainname users
/audit ace count =0
/perm. ace count =5
/pace =domainname\A.B Type=0x0 Flags=0x13 AccessMask=0x1301bf
/pace =domainname\domainname admins Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\gav Type=0x0 Flags=0x13 AccessMask=0x1200a9
/pace =domainname\gsg-information technology Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\rahul Type=0x0 Flags=0x13 AccessMask=0x1f01ff

===================================
+File D:\data$\NTFS_PermTEST\TestB
===================================
/control=0x400
/owner =builtin\administrators
/primary group =domainname\domainname users
/audit ace count =0
/perm. ace count =5
/pace =domainname\A.B Type=0x0 Flags=0x13 AccessMask=0x1301bf
/pace =domainname\domainname admins Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\gav Type=0x0 Flags=0x13 AccessMask=0x1200a9
/pace =domainname\gsg-information technology Type=0x0 Flags=0x13 AccessMask=0x1f01ff
/pace =domainname\rahul Type=0x0 Flags=0x13 AccessMask=0x1f01ff
=======================================


To restore the permissions on the drive using the file that you backed them up to:

Subinacl /playfile c:\D_drive_NTFS_perms.txt

Monday, April 19, 2010

Simple explanation to Win2003 AD groups

Reference: _h_t_t_p_://www.computerperformance.co.uk/Litmus/universal_groups.htm

Amateurs: Use only Universal Groups and never Global or Domain Local

What are the two TYPES of Groups in Windows Server 2003? Hang on Guy, I thought there were three, Global, Domain Local, and Universal? Microsoft are playing games with words, the two TYPES of groups are Security and Distribution (as in Distribution List).

Microsoft have introduced the Scope attribute to explain the capabilities of groups. If you are brand new to groups it makes sense, but for old timers it takes a while to get your head around the scope concept.

Active Directory Training

As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training. In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material. You can either take one module, for example Active Directory or go for a combination of modules. See more about Active Directory training
Domain Local Groups (These used to be plain Local groups).

Think of domain local groups as great hosts, literally anyone can be a member, users, Global groups, Universal groups, even computers can join a domain local group. Local groups are bad travellers and only operate in their own domain.

Best practice is to use local groups to assign permissions to resources like databases and printers.

Global Groups

These are great travellers, they can wander the entire Forest. The key point is that global groups are poor hosts and can only contain members from their own domain.

Best practice is to make global group your default group, and for starters, make a group to represent each of your departments.

Universal Groups

Another question for you, why is it sometimes the radio button against create Universal group is greyed out? The answer is when the Domain is in mixed mode you cannot create universal groups (NT 4.0 BDC's would not understand them). You need to 'raise domain level to Windows 2000 native before you benefit from universal groups. Think of universal groups as the ultimate container for nesting groups. They are good hosts and great travellers.

Best practice is make it rule to only include global groups inside Universal groups, no individual groups.

Global Catalog Implications

As you would expect, domain local and global groups are listed in the global catalog, however the individual members are not listed. So changes in global group membership have zero impact on global catalog replication traffic.

Universal groups on the other hand, not only are listed in the global catalog but also the individual users or nested groups are also listed. Now you can see that adding users to a universal group will generate replication traffic. That is why Guy says only put global groups inside universal groups, the individual members inside the global groups are not replicated.

In Windows 2000 the situation is that one change of membership to a universal group causes the whole list to be replicated, thankfully that changed in Server 2003, now only incremental changes are replicated not the whole list.

Thursday, April 15, 2010

My & my lovely wife's baby

http://www.youtube.com/watch?v=RjoCHCoO_qo

20 weeks.......

Monday, April 12, 2010

connect to windows share from ESX Server

you need to be in the 'bin' directory to run this

First you need to enable samba services on your ESX server’s firewall:

(from the ESX server console)

esxcfg-firewall -e smbClient

Create location on the esx server to mount the share to.

for e.g. mkdir /home/test

enable netfs – netfs is a file system interface to the networking stack of the ESX OS

chkconfig netfs on
service netfs start


mount -t smbfs -o username=,password= //servername/sharename /vmimages/iso

user domain\username format if need be.

Saturday, April 3, 2010

Open two excel sheets and split them across two monitors

Thanks to...
http://blog.drewery.net/2006/08/29/utilising-dual-monitors-with-microsoft-excel-2003/

Folder options -> File types tab ->
Select XLS -> Advanced -> Select OPEN -> add space and "%1" at the end of the string in
'Application used to perform action' field.
UNSelect USE DDE.... ok out of everything.

The above steps should enable you to split excel files across two monitors.

WIN 7 does not have FILE Types tab..... Win 7... this was not my idea... ;-)

Cheers