Begin()

Hey All, Today is Earth Day! We can do something to help save our mother nature.

It has come to my knowledge that the new feature of network protocol offload capability which Microsoft introduce in Windows Server 2003 causes problem including the following:

• 1. If it is an Exchange server, Exchange Queues become clogged in the MAPI delivery queue. Messages get stuck in this queue and cannot be delivered properly.
• 2. ActiveSync may not work on the Exchange Server 2003.
• 3. For the IIS server, browsing the Public and/or Default Website in IIS results in error “Page cannot be displayed”.
• 4. Non-Paged Pool (KERNEL) memory becomes exhausted.
• 5. For a printer server, the printing job may be partially missing.
• 6. For a SQL server, if you have an application that connects to SQL Server by using TCP/IP, you may intermittently receive one of the following error messages:
  Error message 1:
  [Microsoft][ODBC SQL Server Driver][DBNETLIB] General Network error. Check your network documentation
  Error message 2:
  ERROR [08S01] [Microsoft][SQL Native Client]Communication link failure
  Error message 3:
  System.Data.SqlClient.SqlException: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - An existing connection was forcibly closed by the remote host.)

This new option on Windows Server 2003 is enabled once you apply Service Pack 2. To have this option disabled, issue the following command:

Netsh int ip set chimney DISABLED

So, should you face any of the above problem/symptom, you might want to use Network Shell command as mentioned. On top of that, this work-around maybe useful as well:

From Regedit under this hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
• ‘EnableTCPChimney’
  Type: REG_DWORD
  Values: 1 (enabled) 0 (disabled)
• ‘EnableRSS’
  Type: REG_DWORD
  Values: 1 (enabled) 0 (disabled)
• ‘EnableTCPA’
  Type: REG_DWORD
  Values: 1 (enabled) 0 (disabled)

For more info, refer to MS KB 945977

I just found out today that Cimb Wealth Advisors site has been hacked! If you browse to their site www.cimb-wealthadvisors.com, you’ll not see CIMB’s UTMC corporate site, instead you’ll be presented with the controversial man of the year, Geet Wilders
(…and I’m not saying this with any respect for this guy…) among other landing pages.

Has anyone from CIMB acknowledged this? Good thing the Assist website or CIMB portal is not the target, ya?

If you read MOW’s comment on my previous entry you would likely be linked to his PowerShell WMI explorer. This WMI browser I must say is very handy. I love it so much because I just need to run this cool tool and I can find the classes that I would want to use. But you must know what namespace you’re looking for.

If you have downloaded this WMI browser, extract it and from PowerShell you need to change your execution policy first before you can run this great tool (by issuing “./WmiExplorer.ps1” from you PowerShell window). By default, the Execution Policy is set to Restricted. Check to see your execution policy by typing this command “Get-ExecutionPolicy“. You need to allow execution of scripts by issuing command “set-executionpolicy ” for example running “Set-ExecutionPolicy AllSigned“.

Here are the Execution Policies available:

Restricted
- Default execution policy.
- Permits individual commands, but scripts cannot run.

AllSigned
- Scripts can run.
- Requires a digital signature from a trusted publisher on all scripts
and configuration files, including scripts that you write on the
local computer.
- Prompts you before running scripts from trusted publishers.
- Risks running signed, but malicious, scripts.

RemoteSigned
- Scripts can run.
- Requires a digital signature from a trusted publisher on scripts and
configuration files that are downloaded from the Internet (including
e-mail and instant messaging programs).
- Does not require digital signatures on scripts run from the
local computer.
- Does not prompt you before running scripts from trusted publishers.
- Risks running signed, but malicious, scripts.

Unrestricted
- Unsigned scripts can run.
- Scripts and configuration files that are downloaded from the Internet
(including Microsoft Outlook, Outlook Express and Windows Messenger)
run after warning you that the file originated from the Internet.
- Risks running malicious scripts.

Once you have allowed script execution, then only can you execute this “./WmiExplorer.ps1”

I recommend using this WMI browser. Thanks Marc

This is an important link for reference on Windows Management Instrumentation (WMI) Classes. According to Microsoft WMI is the Microsoft implementation of Web-based Enterprise Management (WBEM), which is an industry initiative to develop a standard technology for accessing management information in an enterprise environment. In another words, WMI provides an interface to Windows whereby the components would allow us to extract information and provides notification.

WMI allows scripting language like VBScript and Windows PowerShell, though currently I’m familiar with VBScript only, well I guess that’s cool enough…

So here’s the suggested link that we can bookmark for easy reference:

• WMI Classes (Windows)

If you have any other reference link, do drop a comment, ok? Thanks

How do you tell the difference between Checked Build Windows or sometime called Debug Build and Free Build or commonly known as Retail Build? Here’s the distinction of the two:

The checked build (or debug build)
The purpose of the checked build of Microsoft Windows is to make identifying and diagnosing operating-system-level problems easier. The checked build differs from the free build in the following ways:
Many compiler optimizations (such as stack frame elimination) are disabled in the checked build. Disabling such optimizations makes it easier to understand disassembled machine instructions, and therefore it is easier to trace the cause of problems in system software.
The checked build enables a large number of debugging checks in the operating system code and system-provided drivers. This helps the checked build identify internal inconsistencies and problems as soon as they occur.

The free build (or retail build)
The free build of Microsoft Windows is used in production environments. The free build of the operating system is built with full compiler optimizations. When the free build discovers correctable problems, it continues to run.
Distribution media containing the free build of the operating system do not have any special labels — in other words, the CD containing the free build will just be labeled with the Windows version name, and no reference to the type of build.

To read more, click on this link:

http://msdn2.microsoft.com/en-us/library/ms792442.aspx

A great weblog on Microsoft Advanced Windows Debugging and Troubleshooting by hardcores of Microsoft’s CPR team. Escalation Engineers from Microsoft’s Platform Critical Problem Resolution (CPR) team has been so kind enough to share their knowledge on advance debugging.
There are a lot of debugging techniques discuss here along with detail info up to the very detail of what’s really going on when Windows boot and lots more. To get started, they recommend a hefty list of tools:

The following tools are part of the “Debugging Tools for Windows” – you’ll definitely need these

http://www.microsoft.com/whdc/devtools/debugging/

• windbg
• cdb
• ntsd
• tlist
• gflags
• adplus
• UMDH
• symcheck

Sysinternals provides some great tools that we’ll be discussing

http://www.sysinternals.com

• Process Explorer
• Process Monitor
• Regmon
• Filemon
• DbgView
• Handle.exe
• Tcpview
• LiveKD
• AutoRuns
• WinObj

There are many tools contained in “MPS Reports” (MPSRPT_SETUPPerf.EXE), but I’m listing it here specifically for Checksym

http://www.microsoft.com/downloads/details.aspx?FamilyID=CEBF3C7C-7CA5-408F-88B7-F9C79B7306C0&displaylang=en

• Checksym

“Windows Server 2003 Resource Kit Tools” is another great set of tools. In particular Kernrate is a part of that package

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9D467A69-57FF-4AE7-96EE-B18C4790CFFD

• Kernrate

Windows XP SP2 Support Tools

http://www.microsoft.com/downloads/details.aspx?FamilyID=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en

• netcap
• poolmon
• memsnap
• tracefmt
• tracelog
• tracepdb
• depends
• pstat

“Visual Studio “ – in addition to the compilers and IDE, the following tools come in handy:

• SPY++
• dumpbin

Perfwiz (Performance Monitor Wizard)

http://www.microsoft.com/downloads/details.aspx?FamilyID=31fccd98-c3a1-4644-9622-faa046d69214&DisplayLang=en

DebugDiag

http://www.iis.net/handlers/895/ItemPermaLink.ashx

Userdump (User Mode Process Dumper)

http://www.microsoft.com/downloads/details.aspx?FamilyID=E089CA41-6A87-40C8-BF69-28AC08570B7E&displaylang=en

Dheapmon (Desktop Heap Monitor)

http://www.microsoft.com/downloads/details.aspx?familyid=5CFC9B74-97AA-4510-B4B9-B2DC98C8ED8B&displaylang=en

Netmon 3.0

1. Go to http://connect.microsoft.com/
2. Sign in with your passport account
3. Choose “Available Connections” on the left
4. Choose “Apply for Network Monitor 3.0” (once you’ve finished with the application, the selection appears in your “My Participation” page)
5. Go to the Downloads page (On the left side), and select the appropriate build 32 or 64 bit build.

Some articles you may find useful:

Debugging Tools and Symbols: Getting Started

http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx

Boot Parameters to Enable Debugging

http://msdn2.microsoft.com/en-us/library/ms791527.aspx

How to Generate a Memory Dump File When a Server Stops Responding (Hangs)

http://support.microsoft.com/kb/303021/

I have not seen, what I can consider a good design of notebook from DELL, until I had the chance to hold one of Dell new XPS notebook. I’m referring to DELL XPS M1330, cause this model is what was displayed during their road-tour recently. This XPS M1330 is so slim, elegant, extremely light and still packed with powerful spec for a price lower than most HP or Compaq notebook.

This notebook that wins the “Editor’s Choice Award & 4.5 Stars Award” from

• HardwareZone

is bundled with Intel® Centrino® Duo Processor Technology - Intel® Core™2 Duo Processor T5450, 1GB DDR2 SDRAM, 160GB HDD and a thin 13.3” UltraSharp™ WXGA Display with TrueLife™ and 2.0MP integrated webcam.

With a selection of colors to dress up your notebook, from Alpine White, Crimson Red or Tuxedo Black that gives the high-gloss appearance, this notebook really distinguish itself.

What I like about this notebook other than its sexy design, is that although it is very thin and light (about 1.79kg), it is still packed with integrated DVD burner and such an amazing all-in-a-bundled spec like Stadard Wi-Fi Catcher to enable searching of WiFi hotspot without having to power up the notebook, HDMI connection (cool thing), and infrared remote control to control your music, videos and photos. Love it! …and don’t forget those easy-to-access MediaDirect button with Instant Office to instantly access select Office applications, photos, videos, music and more without booting Windows.

…I just got to have this..

Just received email from Microsoft Learning that the 2 exams supporting upgrade path to Windows Server 2003 will retire on March 31, 2008. So, for those certified MCSE on Windows 2000 should take the 2 upgrade exams before it’s too late:

• Exam 70-292 (Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000)
• Exam 70-296( Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE Certified on Windows 2000)

After March 31 this year, MCSE on Windows 2000 can still get certified on Windows Server 2003 but needs to go thru’ all the paper. According to Microsoft Learning, there’s no direct certification from MCSE or MCSA on Windows 2000 to Windows Server 2008. So in order to be certified on Windows Server 2008, you must get certified on Windows Server 2003 first. 

Must grab this before it ends..

Another real-life experience when I encountered missing GC due to corrupt DC. This was suspected to happen because before the corrupt DC went offline, replication to other GC has not taken place, and this has caused Exchange Server could not find any valid GC (…yes, Exchange Server 2000 involved in this scenario). Here’s what can be done to those who have encounter the same incident. After a lot of google taken place, here’s what I can share:

Use NTDSUTIL, a command-line tool to manage AD, and in this case, we’re using this tool to perform metadata cleanup.
Check DNS to see any entry of GC and make sure that the primary DNS zone(s) is set to AD-Integrated and all other online server(s) DNS properties (under NIC TCP/IP properties) is set to register in DNS.

Point the 2nd DC (or other DCs) to the primary DNS and restart their Netlogon service. You may change this DNS setting later to point at itself for those DCs but make sure that its DNS is set to AD-Integrated. Give it some time before repointing DNS.

Hope that would help on missing GC… Leave a comment if you have more better solution