I'm embarrassed to event admit to this, but I rebuilt my Win 7 machine yesterday and then lost the password. Although in fairness I *know* what the password was, but suspect that I bumped the touchpad while creating it (normally I have the touchpad disabled, but obviously had not done so during install) so who knows what the pc thought I'd typed...
Anyway, I ended up using the 'Offline NT Password & Registry editor from http://pogostick.net/~pnh/ntpasswd/ . Looks to be mal/spy/virus free and worked well, just burnt the iso and ran through the options. Since I'm a little paranoid, I've run all kinds of mal/spy/virus scans since and everything still looks kosher, so all in all, a useful little tool to have about.
Showing posts with label Windows. Show all posts
Showing posts with label Windows. Show all posts
Friday, December 11, 2009
Thursday, November 26, 2009
I want a unique document
I've recently needed to compare some data in two text documents. Unfortunately while there are some great diff tools like WinMerge available, I also discovered that the files had duplicate lines of data which a) was a mistake and b) made the diff results a great deal larger / more complex.
While some linux distro's have sort or unique commands, windows doesn't seem to have an equivalent CLI utility - so I was going to either go hunting or write a q&d vbscript... Then I remembered Powershell.
It turns out that PowerShell has a handy cmd-let called 'get-unique' - it needs a sorted list (so if it's critical your file remain in original order this example won't help). But a simple one liner resolved the duplicate problem for me:
Very quick, easy, one line fix...
While some linux distro's have sort or unique commands, windows doesn't seem to have an equivalent CLI utility - so I was going to either go hunting or write a q&d vbscript... Then I remembered Powershell.
It turns out that PowerShell has a handy cmd-let called 'get-unique' - it needs a sorted list (so if it's critical your file remain in original order this example won't help). But a simple one liner resolved the duplicate problem for me:
get-content .\filename | sort | get-unique > .\outfile.txt
OR
get-content .\filename | sort -unique > .\outfile.txtThe above command gets the file, pipes to the sort cmd-let to sort the file, then passes the sorted results to the get-unique cmd-let, then passes the output to outfile.txt. The second version is an alternative that uses the unique flag of the sort cmd-let to unique-ify the output in one...
Very quick, easy, one line fix...
Friday, November 13, 2009
ArcServe Backup Errors - EC=-2005
Recently began to receive errors from Arcserve (11.5) - it would complete a backup, then all future backups would fail with error:
Failed to login to database.(EC=-2005)
At this point, even the Server manager would fail (just hung on startup) - the only resolution was a reboot, but this would only last for the first backup.
Some googling turned up the fault - a corruption with the database that Arcserve uses.
There are a few tools you can use to correct the errors (run from the Arcserve installation directory): dbdiag.exe and dbfix.exe.
The format is:
dbcheck -a -L casdb;admin;secret DBNAME
or
dbfix -a -L casdb;admin;secret DBNAME
where DBNAME is one of the following: asjob, asmedia, asobject, asrhost, astape, astpdrv or astpsdat .
Confusingly, the servername, username (admin) and password (secret) don't actually appear to be customisable - they look like they're hardcoded values for every installation - I'll admit to spending a while trying to use our specific server details :P
Our faults were primarily in the astpsdat and asobject databases - the fix took around 30 mins to complete (the astpsdat db seemed *really* bad).
Failed to login to database.(EC=-2005)
At this point, even the Server manager would fail (just hung on startup) - the only resolution was a reboot, but this would only last for the first backup.
Some googling turned up the fault - a corruption with the database that Arcserve uses.
There are a few tools you can use to correct the errors (run from the Arcserve installation directory): dbdiag.exe and dbfix.exe.
The format is:
dbcheck -a -L casdb;admin;secret DBNAME
or
dbfix -a -L casdb;admin;secret DBNAME
where DBNAME is one of the following: asjob, asmedia, asobject, asrhost, astape, astpdrv or astpsdat .
Confusingly, the servername, username (admin) and password (secret) don't actually appear to be customisable - they look like they're hardcoded values for every installation - I'll admit to spending a while trying to use our specific server details :P
Our faults were primarily in the astpsdat and asobject databases - the fix took around 30 mins to complete (the astpsdat db seemed *really* bad).
Monday, November 9, 2009
Tracking down Windows license Keys
I had the unfortunate requirement the other day to track down the license keys for some Windows servers we administer (long story, don't ask). The OEM keys were (as per usual these days) stuck to the machines - but the machines are located in a co-lo across town.
So Magical Jelly Bean keyfinder to the rescue - we were able to track down all the keys and save the hassle of a trip across town... Nice.
Note that you need an earlier version 1.x if you need NT keys (tragically, we *still* have some NT machines hanging around)...
So Magical Jelly Bean keyfinder to the rescue - we were able to track down all the keys and save the hassle of a trip across town... Nice.
Note that you need an earlier version 1.x if you need NT keys (tragically, we *still* have some NT machines hanging around)...
Wednesday, October 21, 2009
Joining Ubuntu to a Windows 2003 Domain
Tripped over the following post on joining Ubuntu to a Windows 2003 Domain:
http://ubuntu-virginia.ubuntuforums.org/showpost.php?p=5712234&postcount=6
I'll re-post the item below in case the original goes missing, but credit to Abhishek (abhi300) on the Ubuntu forums.
********************* SNIP *******************
Step 1. Installing
I assume that Ubuntu has been installed with no erros.
Make sure that following packages are installed, if not, install the following packages with the Synaptic Package Manager. You may need to specify “universe” as an extra source for packages.
* Samba (version 3):
o samba
o samba-common (installed by default)
o smbclient (installed by default)
o winbind
* Kerberos:
o krb5-config
o krb5-user
Step 2. Edit configuration files
Edit the following configuration files. I assume the following:
* The local DNS domain is example.com
* The Windows 2003 server is server.example.com
Open this file "/etc/samba/smb.conf" for editing either in GUI mode or by gedit.
You will need to edit this file to look like following -
[global]
security = ADS
realm = EXAMPLE.COM
workgroup = example
password server = server.example.com
wins support = no
wins server = 10.0.20.202
invalid users = root
# Winbind settings
idmap uid = 10000-20000
idmap gid = 10000-20000
# For testing
debuglevel = 2
# A shared folder for testing purposes
[SharedFolder]
path = /home/onno2/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
Make sure the path (/home/onno2/Shared_Folder or whatever you choose) exists and that the rights are set properly (chmod 777 or something similar)
Open this file "/etc/krb5conf" for editing to make it like this
[libdefaults]
default_realm = EXAMPLE.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
EXAMPLE.COM = {
kdc = SERVER.EXAMPLE.COM
admin_server = SERVER.EXAMPLE.COM
}
[domain_realm]
.server.com = SERVER.EXAMPLE.COM
server.com = SERVER.EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = true
Now open "/etc/nsswitch.conf" for editing.
The only change we have to do here is to add winbind twice.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Now when you have done with editing the files...take a breath.
Step 3. Start or restart services
/etc/init.d/samba restart
/etc/init.d/winbind restart
Step 4. Join domain
type in terminal - "net ads join -U administrator" without quotes. Needless to mention that you will need to give administrator password here
If this doesn’t work, check the logs in Linux (/var/log/samba/*) and in Windows - Event Viewer.
Step 5. Test your setup
Type in terminal (without quotes)-
"testparm" to check if your smb.conf has a correct syntax.
"kinit" onno@EXAMPLE.COM test if kerberos works properly.
"wbinfo -u" should give a list of users of domain.
"wbinfo -g" should give a list of groups of domain.
"getent passwd" should give a list of users in the passwd style.
"getent group" should give a list of groups.
"ls -ltr /var/log/samba" gives a list of log files, sorted by time of last change.
"smbclient -L -U onno" should give you a list of available shares.
If this all works properly, try to access the share (/home/onno2/Shared_Folder) from any Windows machine in the domain by using network neighborhood /My Network Places.
http://ubuntu-virginia.ubuntuforums.org/showpost.php?p=5712234&postcount=6
I'll re-post the item below in case the original goes missing, but credit to Abhishek (abhi300) on the Ubuntu forums.
********************* SNIP *******************
Step 1. Installing
I assume that Ubuntu has been installed with no erros.
Make sure that following packages are installed, if not, install the following packages with the Synaptic Package Manager. You may need to specify “universe” as an extra source for packages.
* Samba (version 3):
o samba
o samba-common (installed by default)
o smbclient (installed by default)
o winbind
* Kerberos:
o krb5-config
o krb5-user
Step 2. Edit configuration files
Edit the following configuration files. I assume the following:
* The local DNS domain is example.com
* The Windows 2003 server is server.example.com
Open this file "/etc/samba/smb.conf" for editing either in GUI mode or by gedit.
You will need to edit this file to look like following -
[global]
security = ADS
realm = EXAMPLE.COM
workgroup = example
password server = server.example.com
wins support = no
wins server = 10.0.20.202
invalid users = root
# Winbind settings
idmap uid = 10000-20000
idmap gid = 10000-20000
# For testing
debuglevel = 2
# A shared folder for testing purposes
[SharedFolder]
path = /home/onno2/Shared_Folder
available = yes
public = yes
writable = yes
force create mode = 0666
force directory mode = 0777
Make sure the path (/home/onno2/Shared_Folder or whatever you choose) exists and that the rights are set properly (chmod 777
Open this file "/etc/krb5conf" for editing to make it like this
[libdefaults]
default_realm = EXAMPLE.COM
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
# The following libdefaults parameters are only for Heimdal Kerberos.
v4_instance_resolve = false
v4_name_convert = {
host = {
rcmd = host
ftp = ftp
}
plain = {
something = something-else
}
}
[realms]
EXAMPLE.COM = {
kdc = SERVER.EXAMPLE.COM
admin_server = SERVER.EXAMPLE.COM
}
[domain_realm]
.server.com = SERVER.EXAMPLE.COM
server.com = SERVER.EXAMPLE.COM
[login]
krb4_convert = true
krb4_get_tickets = true
Now open "/etc/nsswitch.conf" for editing.
The only change we have to do here is to add winbind twice.
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
Now when you have done with editing the files...take a breath.
Step 3. Start or restart services
/etc/init.d/samba restart
/etc/init.d/winbind restart
Step 4. Join domain
type in terminal - "net ads join -U administrator" without quotes. Needless to mention that you will need to give administrator password here
If this doesn’t work, check the logs in Linux (/var/log/samba/*) and in Windows - Event Viewer.
Step 5. Test your setup
Type in terminal (without quotes)-
"testparm" to check if your smb.conf has a correct syntax.
"kinit" onno@EXAMPLE.COM test if kerberos works properly.
"wbinfo -u" should give a list of users of domain.
"wbinfo -g" should give a list of groups of domain.
"getent passwd" should give a list of users in the passwd style.
"getent group" should give a list of groups.
"ls -ltr /var/log/samba" gives a list of log files, sorted by time of last change.
"smbclient -L
If this all works properly, try to access the share (/home/onno2/Shared_Folder) from any Windows machine in the domain by using network neighborhood /My Network Places.
Friday, September 11, 2009
ASP & IIS - When good numbers go bad....
Not long after the deployment of an updated ASP (IIS 6) web-site within a new environment (and we're talking hours), the sites began to fail. Weirdly, it wasn't all pages, or pages leveraging some custom COM objects or even consistent - some would still happily work 'post-cataclysm', while others were terminal - always presenting the following:
30 minutes later - it's back (and where was this error in UAT!?). Another IISRESET and things are happy once more. Some further investigation of a failing page showed that it was crashing while calculating the number of rows needed to return some data (e.g. RecordRows = NumRecords / RecordsPerRow). No divide by zero's or conspicuous problems here either.... Re-create the app_pool and site, check the settings are sane - but it all looks good.
10 minutes later - its gone again. Starting to get worried now, I check some more failed pages. Again failing at points where it is doing calcs.... I strip out the calculation and the page loads further... until the next calc. Changing the calc to be something basic like '1 / 0.2' still causes failure. In fact a page with just:
Dim myNum
myNum=(1 / 0.2)
still causes failure... Oddness.
Some rummaging around the 'net showed a few others with a similar errors, but not a solution (most errors seemed to be coding bugs or people suggesting coding solutions). One site eventually made mention of dragging out a MS engineer to investigate a similar issue.... Apparently there was a bug with ASP (vbscript) on II6 (Windows 2003) and the C run-time checking for errors in a floating point register, but never actually resetting the error condition - meaning one floating point error takes down the site (!) Apparently the engineer wrote some code to address their issue - and because the engineer was able to resolve it on-site, MS wasn't going to make it a mainstream patch...
Some further searching of the Microsoft site for variants of ASP, IIS, Window 2003, floating point etc, eventually lead to KB955536 ( http://support.microsoft.com/kb/955536 ) - a hotfix.
After a few deep breaths, I installed the hotfix on one of our servers (thank god for redundant servers) and crossed my fingers.....
A week later, the unpatched server had been iisreset many, many times (ended up writing a powershell script to do this), but the patched server had been rock-solid, with no side-effects shown. So the hotfix was put onto the second server.
Two months on, both servers are still completely happy and very solid - it has actually made the upgrade from Windows 2000 worthwhile... But I would have preferred a smoother upgrade :/
Microsoft VBScript runtime error '800a0006'
OverflowSo with some pages still happily banging away (including pages with ADO etc), I was forced to conclude it wasn't a complete ASP / IIS meltdown, but something specific. Anyway, an IISRESET later, everything was cruising nicely once more.
30 minutes later - it's back (and where was this error in UAT!?). Another IISRESET and things are happy once more. Some further investigation of a failing page showed that it was crashing while calculating the number of rows needed to return some data (e.g. RecordRows = NumRecords / RecordsPerRow). No divide by zero's or conspicuous problems here either.... Re-create the app_pool and site, check the settings are sane - but it all looks good.
10 minutes later - its gone again. Starting to get worried now, I check some more failed pages. Again failing at points where it is doing calcs.... I strip out the calculation and the page loads further... until the next calc. Changing the calc to be something basic like '1 / 0.2' still causes failure. In fact a page with just:
Dim myNum
myNum=(1 / 0.2)
still causes failure... Oddness.
Some rummaging around the 'net showed a few others with a similar errors, but not a solution (most errors seemed to be coding bugs or people suggesting coding solutions). One site eventually made mention of dragging out a MS engineer to investigate a similar issue.... Apparently there was a bug with ASP (vbscript) on II6 (Windows 2003) and the C run-time checking for errors in a floating point register, but never actually resetting the error condition - meaning one floating point error takes down the site (!) Apparently the engineer wrote some code to address their issue - and because the engineer was able to resolve it on-site, MS wasn't going to make it a mainstream patch...
Some further searching of the Microsoft site for variants of ASP, IIS, Window 2003, floating point etc, eventually lead to KB955536 ( http://support.microsoft.com/kb/955536 ) - a hotfix.
After a few deep breaths, I installed the hotfix on one of our servers (thank god for redundant servers) and crossed my fingers.....
A week later, the unpatched server had been iisreset many, many times (ended up writing a powershell script to do this), but the patched server had been rock-solid, with no side-effects shown. So the hotfix was put onto the second server.
Two months on, both servers are still completely happy and very solid - it has actually made the upgrade from Windows 2000 worthwhile... But I would have preferred a smoother upgrade :/
Adobe Flash upgrades & Citrix - entertainment for all...
Ah Citrix.
And Flash.
And a locked down user environment that prevents Active-X installs.
It all adds up to a recipe for entertainment when upgrading Flash ( in this case Flash 9 to 10) on Citrix 4.5.
As it turns out, an upgrade as administrator was enough for things to kick on happily enough for admin users, but not clients. Post 'upgrade' clients effectively had no flash at all - a nice backwards step.
The trick with this one was registry permissions - administrators had them on the updated registry keys, but everyone else missed out. I tracked down some assistance at: http://www.brianmadden.com/forums/t/32557.aspx .
Admittedly I skipped most of the instructions - the critical ones (for me) were the registry permissions - namely:
1. Find the key HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000} (on 64-bit Windows this one is located under HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}) and grant READ permissions (include child keys) to the appropriate groups (usually everyone).
2. Rinse and repeat the permissions change for HKCR\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000} .
This was pretty much a instant fix, restart IE as a user and everything was happy once more.
And Flash.
And a locked down user environment that prevents Active-X installs.
It all adds up to a recipe for entertainment when upgrading Flash ( in this case Flash 9 to 10) on Citrix 4.5.
As it turns out, an upgrade as administrator was enough for things to kick on happily enough for admin users, but not clients. Post 'upgrade' clients effectively had no flash at all - a nice backwards step.
The trick with this one was registry permissions - administrators had them on the updated registry keys, but everyone else missed out. I tracked down some assistance at: http://www.brianmadden.com/forums/t/32557.aspx .
Admittedly I skipped most of the instructions - the critical ones (for me) were the registry permissions - namely:
1. Find the key HKCR\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000} (on 64-bit Windows this one is located under HKCR\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}) and grant READ permissions (include child keys) to the appropriate groups (usually everyone).
2. Rinse and repeat the permissions change for HKCR\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000} .
This was pretty much a instant fix, restart IE as a user and everything was happy once more.
Subscribe to:
Posts (Atom)