Tales from the Datacenter

Disable Hibernation

If you’re in need of disabling hibernation on your 2008 servers (or your Vista desktop, as the case may be), open a command line and type this:

powercfg.exe /hibernate off

To turn it back on, replace “off” with “on”.

This will do away with that annoying file (hiberfil.sys) at the root of C:\ (or whatever your system volume’s drive letter may be) that is the size of your physical RAM – thus freeing up much space.

Keep in mind, however, that hybernation cannot be turned on if you have Hyper-V installed.  I’m curious, though, why would you hybernate a server?  And before those of you that use 2008 as a workstation complain, why would hybernation be enabled by default?

Create a Service in Windows

There are only a few things I hate more than SPAM.  Only a few.

Anyway, I’ve been migrating to my new server and with that comes email.  And, of course, with email comes SPAM filtering.  So, I’ve been trying to run SpamAssassin.  Luckily, someone ported SA to Windows.  But, in this case, you have to run the executable or the filtering doesn’t happen.

Now, any self-respecting admin won’t stay logged into his server 24 hours a day, seven days a week.  That’s where services come in.  Here’s a nice little (easy) write up for creating your own service in Windows.  Best of all, it was written by Microsoft.

A note: this article says it’s for 2003 and below (and does mention anything about 64-bit).  I’ve just finished installing spamd.exe as a service on my machine and it works fine.  That said, I offer no warranties or gaurantees this will work for everyone.  Alternatively, there is this from Microsoft’s K nowledgebase – I just didn’t have access to the resource kit at the time.  Happy spamming.

MyISAM vs. InnoDB

So, recently, I’ve switched my blog (and the whole domain, consequently) to IIS.  I used to have my domain hosted over at Host Gator (highly recommended if you don’t have the resources to host your own content), but recently have switched to IIS running 2008 x64 on a virtual guest at work.  So far, I like it.

However, I was disappointed to find that WordPress performed poorly at first.  Then, in my tinkering, I figured out (dumb luck, eh?) that if I switch the tables in the WP database from InnoDB to MyISAM, performance increased noticeably.  I’m not sure if this was the “real” reason WordPress was sucking it up, but it seemed to fix it immediately.

Edit March 10, 2008:

I’m not sure how much of a performance boost this gave me.  I’m noticing a slowdown again, so I’m not sure if this did anything at all.  It looked like it was helping when I first made the change, but now I can’t be so sure.  Anyway… Read the rest of this entry »

Microcode Levels

I was configuring our twelfth virtual host this afternoon and ran across a weird issue.  You see, we buy IBM Blade servers that go through integration, which means someone else configures the hardware for us.  Unfortunately, I don’t think they turn the hardware on and check things.  Case in point: we had Blades with processors running two different microcode levels (think firmware for a processor).

Little did I know anything was wrong when I got a big fat blue STOP error.  MULTIPROCESSOR_CONFIGURATION_NOT_SUPPORTED was staring me in the face.

Remember, check your microcode levels if you see STOP 0x0000003E.  It could save your life.

WDS’s Service Control Point

Today I was alerted to an issue in Operations Manager on one of my WDS servers:

Log Name: System/Application
Source: BINLSVC
Date: Date
Time: Time
Event ID: 1803
Description: An error occurred while attempting to locate the Service Control Point object for this Windows Deployment Services server in Active Directory Domain Services. There was an error reading the ‘netbootSCPBL’ attribute from the Computer object.

Research ensued, and a quick Googling (sorry Google) revealed the following:

When the computer starts, BINLSVC queries for the information that is contained in the Service Control Point (SCP), this operation is performed before the creation of the SCP, and then BINLSVC logs an error message in the Application log or the System log. This error message states that the server’s SCP is missing. This is expected behavior on new WDS servers and in other instances where the SCP has not yet been created for the server. In this case, you can safely ignore the error that is logged in the Application log or the System log.

However, the problem here is that this is not a new WDS server.  So, I came across this from another Google result.  It doesn’t really apply to my situation (as I was not moving the Computer object to a different OU), but it fixed the error and restored the SCP.

For posterity:

To resolve this problem, reinitialize the WDS server after you move the WDS server to a different organizational unit. To do this, follow these steps:

1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type wdsutil /uninitialize-server, and then press ENTER.
3. Move the WDS account to Active Directory in the new organizational unit.
4. To reinitialize the WDS service, type wdsutil /initialize-server /reminst:{RemoteInstallFolder} at a command prompt, and then press ENTER.

Visio Shapes

Just to vent some frustration: I can’t find Visio shapes for APC.  More specifically, I can’t find a complete collection of APC products that’s NOT several hundred dollars (see something called NetZoom).  Thanks a lot APC.

I guess I’m off to make my own.

Edit: Oh, and I can’t find an IBM x330.  Wonderful.

Shift+F10

For future reference, you can press Shift+F10 to reach a command line while PXE booted to a WDS boot image.

This is useful to inject one-time drivers or see ipconfig information.  At least for me.

Go figure.

Injecting NIC Drivers into a WDS Boot Image

We’re switching to a new laptop here at the office, and this new laptop uses a NIC driver that is not included in Server 2008 Standard’s boot.wim.  Naturally, instead of rebuilding the entire WIM (and reinventing the wheel), I decided it would be best to inject the new driver(s).

The link:  http://support.microsoft.com/kb/923834/en-us.

Now, the problem description isn’t exactly the issue we were experiencing, so the part that applied to us:

3. Update the WDS boot image to include the new third-party network driver. To do this, follow these steps.

Note The following procedure assumes that the Windows Automated Installation Kit (AIK) is installed on the WDS server. If the Windows AIK is not installed on the WDS server, you can perform the same procedure on another computer that does have the Windows AIK installed. Then, map a network drive to the WDS server.

a. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then press OK.
b. Under your WDS server, double-click Boot images.
c. Right-click the boot image that you want, and then click Disable.
d. Right-click the same boot image, click Properties, and then click General.
e. Note the name and location of the boot image that is displayed in the File name box.
f. At a command prompt, type the following:

C:\Program Files\Windows\aiktools\petools\copype.cmd x86 c:\windowspe-x86
Note Keep this command prompt window open for the next step.
Imagex /info Drive:\remoteinstall\bootx86\images\boot.wim

Notes
• Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.
• Boot.wim is the name of the boot image.

g. Note the boot index number of the bootable image that is displayed. To identify the boot index number, locate the line that contains “boot index: X.”

Note X is the boot index number. The number indicates that image number X is marked as bootable and that the image is to be updated. The second image is the default image that you would typically modify. However, always verify which image is marked as bootable.

h. At a command prompt, type the following:

Imagex /mountrw Drive:\remoteinstall\bootx86\images\boot.wim 2 mount
peimg /inf=driver.inf mount\Windows
imagex /unmount /commit mount

Notes
• Drive:\remoteinstall represents the path at which the Remoteinstall folder is installed.
• Driver.inf is the name of the third-party driver.
• The Imagex /mountrw command mounts the specified image, with read/write permissions, to the specified directory.

4. Enable the boot image on the WDS server. To do this, follow these steps:
a. On the WDS server, click Start, click Run, type wdsmgmt.msc, and then click OK.
b. Under WDS server, double-click Boot images.
c. Right-click the boot image that you want, and then click Enable.

It would be useful the note at this point that we use Server 2008 Standard x64 (not x86) and these steps worked just fine.

Lock Your Computer

We are all professionals here – well, most of us.  We all know that one should lock his or her computer before leaving their desk.  Blah, blah.

The keyboard I use at work has programmable keys – I can make them do all sorts of things, like run a batch file.  So, I was looking for a way to lock my computer via one of the larger buttons on my keyboard (sometimes I forget, so I’ll come back and instead of walking around my desk, I’ll try to do it over the top of the monitors).  I know that you can press the Windows Logo+L, Ctrl+Alt+Del and Enter, and a number of other assorted keystrokes, but a large button seems to be the ticket.  So, without further babbling, I’ll share the command to put into your batch file:

rundll32.exe user32.dll, LockWorkStation

That’s it.  Pretty cool if you ask me.  Now I’ll I need is a huge, red USB PANIC button to slap when I get up from my desk.  That would be awesome.

A connection will not be made…

First of all, don’t tell me what you will and will not do, young lady.

I was receiving the error below when trying to connect to a VM through Hyper-V Manager:

The fix was easily found in the TechNet Forums (in case that link isn’t active in the future, I’ve documented the fix for posterity below).

The fix:

Copy and paste the following into a text file and save it as a *.reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentials]
“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowDefaultCredentialsDomain]
“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentials]

“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsDomain]

“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnly]

“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowFreshCredentialsWhenNTLMOnlyDomain]

“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentials]

“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsDomain]
“Hyper-V”=”Microsoft Virtual Console Service/*”

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Credssp\PolicyDefaults\AllowSavedCredentialsWhenNTLMOnly]
“Hyper-V”=”Microsoft Virtual Console Service/*”

Now import it into your registry and enjoy your new Credssp configuration.