Find service pack levels for Windows using powershell

Compile a list of servers, may be using another powershell script querying your AD container for servers.







The script below also does a ping test. To be honest, ping test doesn't really tell me if wmi query is going to work.

#$erroractionpreference = "SilentlyContinue"
$serverlist = Get-content 'C:\temp\Serverslist.txt.txt'

Foreach ($server in $serverlist)
{
    if((test-connection -computername $server -count 1 -ea 0 -quiet) -eq $true)

    {
    $serveros = Get-wmiobject -class win32_operatingsystem -computername $server
        foreach ($objserver in $serveros)
    {
        $server + "; " +$objserver.caption + "; " + $objserver.ServicePackMajorVersion
    }
   
    }
}

Time settings on Windows machines and Domain Controllers

To check windows time settings use the command below

check config using the command

w32tm /query /configuration
AND
w32tm /dumpreg /subkey:parameters



Recommend to use the following structure for windows time settings with in a Windows Domain.

Set the Domain controller with the PDC emulator to get the time from a reliable NTP source.
for e.g. 1.au.pool.ntp.org
Run the command below to set the settings for the above
w32tm /config /syncfromflags:manual /manualpeerlist:1.au.pool.ntp.org /update

If you cant get to the internet via port UDP 123 from the PDC emulator, then i recommend pointing the ntp server to a router or a esx host or a xenhost or a proxy server. You would need to then set the time source on the proxy to be a reliable source.

FOR Member servers, other DCs and Workstations on the Domain

RUN the commands below as bat if you like

@echo off
w32tm /config /syncfromflags:DOMHIER /update
w32tm /resync
@echo on

You can apply the above bat as a startup policy on workstations.

Have fun.

Hope it helps.

RDP issue rdpcorekmts.dll Application error Event id 1000, Windows Server 2008 R2

One of the Win2k8R2 running client access Exchange as upgraded to SP1. Did the same for other servers. Only one came up with issue. Checked the version of rdpcorekmts.dll version on the server with issue
with issue: version 6.1.7600.16952
without issue with sp1 version: 6.1.7601.17514

Followed the solution from here:

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/f5855b60-f29c-4c90-b364-e364589e5267

Just a quick note the file is update by Windows Update KB2667402 not KB2621440. Please see http://support.microsoft.com/kb/2667402 for more details.
1) Connect remotely to affected server using the Computer Management Console
2) Stop the Remote Desktop Services
3) Take Ownership of file C:\Windows\System32\rdpcorekmts.dll and assign full NTFS permissions to your account
4) Rename file to rdpcorekmts.old
5) Copy file rdpcorekmts.dll from a non-patched server. I used another one of our domain controllers just to be safe.
6) Start the Remote Desktop Services
7) Test RDP login to server

WORKED FINE.

Trying to restore folders and files from Tape backup using Netbackup

Trying to restore folders and files from Tape backup using Netbackup causes the file server to hang or crash when the restore folders contain Enterprise Vault placeholder files.

Every time we try to do a restore of a folder that contains Enterprise vault Placeholder files, the file server was  crashing.

Came across this link.

http://www.symantec.com/business/support/index?page=content&id=TECH62001

File server running the File System Archiving (FSA) Agent for Enterprise Vault 2007 can hang during NetBackup Restore operations.

Problem

File server running the File System Archiving (FSA) Agent for Enterprise Vault 2007 can hang during NetBackup Restore operations.

Solution

Legacy placeholders (7.0 SP1, 7.0 and 6.0 SP4 and earlier) for files smaller than 4kb can cause system hangs due to an issue with the Master File Table in NTFS.

Workaround:
This issue can be worked around by unloading the evfilter driver with the fltmc command during the restore operation. (See Related Documents article 293389)

This issue can be avoided by recalling all placeholders created with older versions of Enterprise Vault (7.0 SP1, 7.0 and 6.0 SP4 and earlier), then allowing Enterprise Vault to re-archive and create new placeholders. Additionally, such small files can be excluded from being archived at all with a policy rule based on file size.

Symantec is planning on enhancing the evupdateplaceholder.exe tool to rectify legacy placeholders in the next major release for Enterprise Vault 2007.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

THE FIX is.. NOTE: this will make archived files inaccessible during the restore.

http://www.symantec.com/business/support/index?page=content&id=TECH54993

How to use FLTMC.exe to load and unload the evfilter mini-filter driver for Enterprise Vault (EV) for File System Archiving (FSA)

Problem

How to use FLTMC.exe to load and unload the evfilter mini-filter driver for Enterprise Vault (EV) for File System Archiving (FSA).

Solution

The FLTMC.exe command is run from a cmd prompt on the Windows file server.  The syntax is as follows:

To unload the EvFilter driver:

Fltmc unload EvFilter 
 

To load the EvFilter driver:

Fltmc load EvFilter 

To view all instances of loaded drivers:

Fltmc instances
 

To attach the driver to a specific volume:

Fltmc attach EvFilter C:
 

To detach the driver from a specific volume:

Fltmc detach EvFilter C:
 

NOTE:   The EV services on the file server should be restarted after unloading and reloading the filter driver.
For troubleshooting purposes the results can be saved to a text file. The syntax would be the same as above but adding > [File name and path]
ie: Fltmc instances > C:\FilterInstance.log           


ONS Failed to Start. ONS.exe keeps crashing, Oracle ONS not starting in Windows

Oracle node error. When trying to add a node to Oracle RAC

CRS-0215 / ONS Failed to Start. Pingwait Exited With Exit Status 2 

Extract from Oracle KB Article

Applies to:

Oracle Server - Enterprise Edition - Version: 10.1.0.2 to 11.1.0.7 - Release: 10.1 to 11.1 Information in this document applies to any platform.

Symptoms

Problem can occur during an installation of CRS or while adding a new node.

*             ONS fails to startup on one or both the nodes during a new install.

*             When adding nodes, the ONS on the new node fails to start.

srvctl start nodeapps -n node2

CRS-0215: Could not start resource 'ora.node2.ons'.

$RDBMS_HOME/opmn/logs/ons.log does not have any updates.

Cause

The problem is that the remote port for ONS is used or not available.

Solution

Set up debugging :

srvctl stop nodeapps -n node2

crsctl debug log res 'ora.node2.ons:5'

srvctl start nodeapps -n nodename

- $ORA_CRS_HOME/log//racg/ora.node2.ons

Oracle Database 11g CRS Release 11.1.0.6.0 - Production Copyright 1996, 2007 Oracle. All rights reserved.

2008-12-05 13:13:11.296: [RACG][3184] [3144][3184][ora.node2.ons]: ons failed to start. pingwait exited with exit status 2

Test:

ons.config :

localport=6150

useocr=on

allowgroup=true

usesharedinstall=true

onsctl ping on node 2 :

onsctl ping

Number of onsconfiguration retrieved, numcfg = 2

onscfg[0]

{node = node1, port = 6251}

Adding remote host node1:6251

onscfg[1]

{node = node2, port = 6251}

Adding remote host node2:6251

ons is NOT running . . .

onsctl start on node2 :

onsctl start

Number of onsconfiguration retrieved, numcfg = 2

onscfg[0]

{node = node1, port = 6251}

Adding remote host node1:6251

onscfg[1]

{node = node2, port = 6251}

Adding remote host node2:6251

Number of onsconfiguration retrieved, numcfg = 2

onscfg[0]

{node = dbserver01, port = 6251}

Adding remote host node1:6251

onscfg[1]

{node = dbserver02, port = 6251}

Adding remote host node2:6251

ons failed to start. pingwait exited with exit status 2

OCRDUMP

[DATABASE.ONS_HOSTS.node1]

ORATEXT : node1

SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ,

OTHER_PERMISSION : PROCR_READ, USER_NAME : administrator, GROUP_NAME : }

[DATABASE.ONS_HOSTS.node1.PORT]

ORATEXT : 6251

SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ,

OTHER_PERMISSION : PROCR_READ, USER_NAME : administrator, GROUP_NAME : }

[DATABASE.ONS_HOSTS.node2]

ORATEXT : node2

SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ,

OTHER_PERMISSION : PROCR_READ, USER_NAME : administrator, GROUP_NAME : }

[DATABASE.ONS_HOSTS.node2.PORT]

ORATEXT : 6251

SECURITY : {USER_PERMISSION : PROCR_ALL_ACCESS, GROUP_PERMISSION : PROCR_READ,

OTHER_PERMISSION : PROCR_READ, USER_NAME : administrator

Note: Remote port is registered in the ocrdump. You do not need to have the RemortPort in the ons.conf file.

Solution :

The key issue is that the remote port that we see in the ocrdump is used/unavailable

Ran netstat and found that the node did not have a free port 6251.

Reconfigured ons to use a different free port. In this case we used 2200

srvctl stop nodeapps -n node2

racgons remove_config node2:6251

racgons add_config node2:2200

The two nodes can be configured with different ports. However in this case we made the same modification to both the nodes.

ocrdump will now reflect the new PORT.

- srvctl start nodeapps -n node2 and it started successfully.

Variation of this problem :

The problem can manifest when adding a node on windows and perhaps on other platforms as well.

 From our documentation :

Oracle? Database Release Notes

11g Release 1 (11.1) for Microsoft Windows

Part Number B32005-06

4 Installation, Configuration, and Upgrade Issues

4.7 Incorrect Port Number Registered for the New Node

When you run the crssetup.add.bat batch file to add another node, incorrect

port number is registered for the new node.

Workaround: Complete the following procedure to resolve this issue:

After running the crssetup.add.bat batch file, ignore the error messages

similar to the following error message:

Starting ONS application resource on (*) nodes1:CRS-0215: Could not start

resource 'ora.*.ons'

Use the following command to stop the nodeapps service on all the newly added

nodes:

srvctl stop nodeapps -n node

Use the following command to delete the existing ONS port number registration:

racgons remove_config node:4948

Use the following command to add an ONS port number:

racgons add_config node:remote_port

Use the following command to start the nodeapps service on all the newly added

nodes:

srcvtl start nodeapps -n node

*********************SOLUTION  FOR WINDOWS ********************

The issue in windows in my case wasnt the port being used. The issue was due to the fact that the port being configured with the hostname was in the wrong case.

Get the  hostname via Command prompt windows and 'Hostname'. In my case the hostname we were trying to get ONS to run was node003 and it kept failing.

Looking up the hostname showed the hostname as NODE003 instead. So doing the below with the correct CASE resolved the issue. 

D:\oracle\product\11.1.0\crs\BIN>srvctl stop nodeapps -n node003

D:\oracle\product\11.1.0\crs\BIN>racgons remove_config node003:2300

racgons: Existing key value on node003 = 2300.

racgons: node003:2300 removed from OCR.

D:\oracle\product\11.1.0\crs\BIN>racgons add_config NODE003:6251

D:\oracle\product\11.1.0\crs\BIN>srvctl start nodeapps -n NODE003

D:\oracle\product\11.1.0\crs\BIN>srvctl status nodeapps -n node003 VIP is running on node: node003 GSD is running on node: node003 Listener is running on node: node003 ONS daemon is running on node: node003

Wrong Time/Date on files showing up on Citrix sessions ICA and local computer

Files created on a server via RDP show different time stamp when checked via ICA.

Time zone policy settings issue.

You need this  http://support.citrix.com/article/CTX127926
and


• Disable - Windows Components

/Terminal Services/Client/Server data redirection/Allow Time Zone in a GPO
• Copy Hotfix tzuser.dll to C:\Program Files\Citrix\System32
• Created a Citrix Police to Enable "Do not estimate local time for legacy clients" and Enable "Do not use Clients local time"

http://forums.citrix.com/message.jspa?messageID=1362140

Enabled SA account on SQL Express when access is denied

I was unable to enable SA account or enabled Mixed mode authentication. Keep getting access denied errors when trying to do so using a local admin account on the box. Win 7 pro. SQL Express 2008

The steps below helped.

First Attemp:
(NOTE: This didnt work, the mode did change to Mixed but still access denied on SQL to enable SA or add another sysadmin account)

Force SQL server to support mixed-mode authentication.
1. Run REGEDIT
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQLServer
NOTE: This key may vary slightly based on the installed version and instance name.
3. Set "LoginMode" to 2.
4. Restart SQL Server.
(Source: http://support.microsoft.com/kb/285097 )

Second Attempt:
(note: Magic, worked fine.)
Force SQL server to let you in temporarily
1. Go to services.
2. Stop SQL Server.
3. Grab the SQL server command-line (right click the service - properties).  Mine is:
"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
4. Open an administrative command prompt.
5. Run the command-line from step 3, but add -m -c for single-user maintenance mode command-line.
6. Open another administrative command prompt.
7. Run "sqlcmd -S localhost\SQLEXPRESS" from that same directory (replace with your server and instance name)
8. Now you can do all the stuff everyone told you to do that didn't work.  For example, to create a hero user with administrative accss:

CREATE LOGIN TheBoss WITH PASSWORD='123', DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
EXEC sys.sp_addsrvrolemember 'theBoss','sysadmin'
GO

9. QUIT and close the command-prompt
10. Go to the SQL Server command-line window and hit ctrl+C.  It will prompt "Do you wish to shutdown SQL Server (Y/N)?" and enter Y.
11. Close the command-prompt
(Source: http://msdn.microsoft.com/en-us/library/dd207004.aspx )

III. Finally, login using your hero:
1. Restart the SQL Server service
2. Login using SQL Server authentication as the user "theBoss" with password "123"
Yewheww...

thanks to MobyDisk on http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/60b888bf-30dc-4eaf-bea8-5fd55181f8e5

Group Policy Work with Citrix Published Applications - HOW TO

I came across an issue, whereby I needed to publish an app, which was basically launching an Intranet URL within IE from the Citrix servers for External citrix users.

The issue i was facing was that the trusted sites list from within IE specified USER GPO would not get applied.
Hence, users would not be able to access the intranet url.

After searching on the issue, it turns out to be a Microsoft Feature/Citrix Feature.

This link provides the solution and explanation:

https://www.conetrix.com/Blog/post/How-to-Make-Group-Policy-Work-with-Citrix-Published-Applications.aspx

Below is the extract from that post:

When a user with an empty roaming profile (new user) has their profile created as the result of running a published application, the user portion of the registry hive (ntuser.dat) is not created in its entirety. The users' hive can be loaded and a number of noticeable differences exist between it and the default user registry hive. If the user profile is created by logging on locally (console), via RDP to the same machine, or via Citrix published desktop on the same machine, the profile that is created is complete. I was unable to find any noticeable differences between the default user registry hive and that of the newly created roaming user profile when the profile was created in this way. Additionally, once an incomplete profile had been created via published application session, the profile could NOT be "fixed" by logging on via RDP or published desktop. Once the registry hive was created in an incomplete fashion, it seemed to be affected from then on. So why are we talking profiles...I thought this was about group policy? Well, it is...I'm getting there.
We found that users running published applications did not have group policy correctly applied. We were trying to set policies on Internet Explorer using Internet Control Panel settings in the user portion of the GPO. Specifically, IE security zone settings such as trusted and intranet sites would not apply. We also noticed that each security zone seemed to be locked. In the Security tab of the Internet Options dialog box, all the icons were the same....blue IE symbol with a lock next to it. The "Sites" button and the "Custom Level" button were also grayed out. So, here is the where the profile problem merges with the group policy problem. I found that by manually exporting certain keys from the default user profile registry hive under \Software\Microsoft\Windows\CurrentVersion\Internet Settings\ and importing them into in a incomplete user registry hive, I could fix the problem. That is, once the keys existed in the user registry hive that pertained to the settings I was trying to set via group policy, the policy was applied correctly...no issues. Makes sense right....if the group policy is setting registry keys in order to apply certain policies, it’s not going to work if the keys don't exist in the first place.
So things have come full circle. Group policy isn't working because the user profile is messed up. So why is the user profile not getting created correctly? Well, this is actually a Microsoft problem --> http://support.microsoft.com/kb/899270. And the script they provide doesn’t work…we tried it. Actually, there is more to the problem than that, but here is a summary of the information that we gathered. By design, Citrix published applications, remote applications in Windows 2008, and the "start this application on connection" functionality of RDP (mstsc.exe) running against Windows 2003 servers implement limited logon functionality so that the session footprint is smaller than a normal desktop session. Part of the "limited functionality" is that the user session does not start explorer.exe. So, any application that depends wholly or in part on explorer.exe could have issues. Some of the important pieces of functionality that explorer.exe implements are the following:

1. The run registry entry
2. The RunOne registry entry
3. Startup applications 

If you have ever noticed the small gray box that is displayed the first time you log on as a new user, you have seen the effects of explorer.exe running at session logon. It goes by fast, but it says something like "applying internet explorer customizations", "setting up windows media player..."...stuff like that. That little box is normally initiated by explorer.exe. It is called runonce.exe. What we found was that if we initiated runonce.exe in a logon script, the user was created correctly when running published application; thus, group policy was applied correctly as well. Testing also showed that this process could also fix a previously created broken user registry hive (ntuser.dat). All we had to do is add the following to our logon.bat file
start /MIN %windir%\system32\runonce.exe /AlternateShellStartup
Citrix has documented this problem in a support article (http://support.citrix.com/article/CTX104374) and they refer back to the previous MS KB listed above. Numerous forums threads exist on this issue and we were unable to find a resolution elsewhere that did not include scripting registry imports to the user profile at logon. This workaround seems to be a more flexible and reliable.


Eventually, for me. i  had to create a GPO with user loopback processing - merge, setup IE trusted list, and run the cmd in bat file at logon. apply the gpo to the citrix servers ou and filter it via Global groups.

Cheers

Rahul