Friday, December 25, 2009

Facing very high traffic from DNS Server to Firewall ?

Did you Observe high traffic from Specific DNS Server to Firewall which may cause hanging of Firewall ?

Do below.

1. Enable DNS Debugging logs from DNS Server properties (dnsmgmt.msc)
2. Configure detailed logs for few hours & observe in the logs
3. Check , what kind of query & which is the destination.
4. Verify all queries are getting forwarded to root hints ?
5. Else check at client level & DNS Server level for Virus ,
6. If all directing to Roothints - do below steps to block same.
7. Disable Recursion ( will disable Forwarders Also ) or Enable standard forwarding to another DNS Server.

Wednesday, July 15, 2009

Enabling SPN delegation for AD users.

Enabling SPN delegation for AD users.
By default delegation of SPN ( Service principle Name) won't be enabled in Windows 2003 native mode. if its in win2000 mixed mode we can find it in Account tab .
If its in Win2003 native mode & if need to enable delegation we can use below Win2K3 Support tool
----setspn -A service/computer domain\username
It will delegate user specified to mentioned service on system.
Eg: SetSpn -A DNS/ADC-01 Testdom\testuser

Same command execution will enable a delegation tab in user properties.
we can apply delegation to same service for other users by enabling delegation tab & resolving service through this userID.

this helps in providing Service level delegation to AD Users.

Friday, May 29, 2009

How do we restore deleted Group Policy Object files on Windows Server?

How do we restore deleted Group Policy Object files on Windows Server?
A GPO is a container for policies that are applied to your domain. Each GPO is assigned a GUID and is stored at %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies.
If you delete a GPO, the GUID folder is removed from the Sysvol.
To recover a deleted GPO:
01. Restart you computer and Press F8 to select Directory Services Restore

02. Logon as Administrator, using the Directory Services Restore Mode password.
03. Create a temporary folder on the root of %SystemDrive%.
04. Start /run / ntbackup / OK.
05. Select the Restore tab.
06. Select the proper backup media.
07. Check the System State box.
08. In the Restore Files to box, select Alternate location.
09. Press Browse and select the temporary folder from step 03.
10. Press OK.
11. Press Start Restore.
12. When the restore finishes, restart you server normally.
13. Start /run / dsa.msc / OK.
14. Right-click the appropriate domain name and press Properties.
15. Select the Group Policy tab.
16. Press New to create a new GPO.
17. Rename the new GPO and open its' Properties to write down the GUID.
18. Press OK and Close.
19. Close the Active Directory Users and Computers snap-in.
20. Open the temporary folder (step 03) that contains the restored System State data and navigate to:
21. Locate the GUID of the GPO you want to restore.
22. Delete all the files in %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies\GUID from step 17.
23. Copy all the policy files from the old GPO (step 21) to %SystemRoot%\Sysvol\Sysvol\DomainDirectory\Policies\GUID from step 17.
24. Restart your server normally.

DHCP Server provided IP & DNS properly to clients, but later only DNS IP gets changing to someother IP

Problem: DHCP Server provided IP & DNS properly to clients, but later only DNS IP gets changing to someother IP


1. Use a network Analyzer, DHCPfind tool,Network Analyzer Tool (WIRESHARK) & find out, is there any other DHCP servers exist in Network with that DNS IP.

2. Else it will be virus,
3. Verify the logs in DHCP Server too ( C:\WINDOWS\SYSTEM32\DHCP)

Reset security policies on system.

You are facing issues after OS hardening and you want to revert the security policies back,

Eg: OWA issue on mailbox server after OS hardening or server accessibility issues after hardening.
below is the command which is useful
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose

Monday, March 23, 2009

Replications Issues

Question : How to troubleshoot replication issues between ADC & RDC

Diagnosing Tools :use Dcdiag, netdiag, eventlogs,replmon,repadmin
Possible reasons :
DNS issues, verify DNS from problematic ADC, verify SRV records, verify name resolution from ADC & RDC
Network Link issues: verify network connection is proper ,
AD site & services configuration problems: verify AD site configuration parameters with other sites
Services:Verify FRS Services & other dependancy services are running properly
Network Ports : 135 should be open , RPC dynamically uses ports above 1024, so none of those ports blocked in both direction ( RDC to ADC / ADC to RDC )

Friday, March 20, 2009


Microsoft has announced the availability of its new Web browser, Internet Explorer 8. It was available for download in Internet Explorer 8 page from March 19 night.
The new Web browser is touted to be easier to use, faster and offers improved security features that were badly needed in order to offer better online safety.

Thursday, March 19, 2009

Closing a process handle - Unable to delete files due to Application or process handle

Problem & Symptom : Are you facing a problem like unable to delete a folder due to a process handle Eg: NBU_VSP_CACHE ( This is created by Veritas Netbackup becoz VSP was configured as snapshot provider )
Cause : Such files are in use by a process which is active - which prevents deleting same.

Solution :
Use Process Explorer tool ( from sysinternals - Microsoft )
Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

You can navigate & find the specific file which is handling by some process. right click on same and close the handle.then you will be able to delete the file.

Are you unable to update Windows Service pack due to WMI Issues ???

Problem : Are you unable to update Windows Service pack due to WMI Issues ???

Symptoms :
1. As per ‘ svcpack log’, Service pack installation failed while updating with “mof ” files(wlbsprov.mof, cimwin32.mof).
2. “Interface; class not registered “error on most of the service’s dependency tab & WMI control properties.

Cause : above symptoms Indicates a possible WMI repository corruption.

Below are the steps to try out.
1. Run WMIDiag utility & get the detailed report to analyze (available from Microsoft to diagnose WMI problems) - CPU utilization could be more while running it.

2. Recompile all problematic mof & mfl files under” %windir%\System32\Wbem” using Mofcomp.exe - If necessary all such files with those extension using a loop command.

3. If above step is not successful, we have to try repair/rebuild of repository – but that may affect installed applications.
-----a) -Repair of Repository option by using below commands – minimal data lose
rundll32 wbemupgd, CheckWMISetup
rundll32 wbemupgd, RepairWMISetup
-----b)-Rebuild by stopping WMI service & Deleting the existing Repository then starting the WMI service again to create a fresh Repository ( might cause application malfunction if application specific objects were existing earlier in repository )

Try installing Service Pack again once WMI functioning properly