12.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
This part came while working in Windows server 2008 R2 edition. Features page in Server manager started throwing up this error with hexadecimal code 0x800706BE. Notice there could be several reasons to this issue, hence the parts (-I) to this blog. If ever I found another cause, I would come up with next part (II). For now, lets stick to what happened on my box.
Every time I clicked on Server manager Features page, it gave ‘Error’. click on ‘Error details’ would bring up a dialog box shown in the screenshot below. The error reads:
Unexpected error refreshing Server Manager: The remote procedure call failed. (Exception from HRESULT: 0x800706BE)
Click on the image enlarge
Troubleshooting:
Download and install Microsoft System Update Readiness Tool(CheckSUR) for Windows 2008 R2 (As mentioned in beginning I error came on Windows 2008 R2 but you can try on other OS as well)
CheckSUR is 315MB tool to download, once you install it, it generates a CheckSUR.LOG log file at %windir%\Logs\CBS\ location.
In my case, I log read:
----------------------------------------------------------------------------------------------------
Unavailable repair files:
servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.mum
servicing\packages\Package_for_KB2564958_RTM~31bf3856ad364e35~amd64~~6.1.1.1.cat
(w) Unable to get system disk properties 0x0000045D IOCTL_STORAGE_QUERY_PROPERTY Disk Cache
--------------------------------------------------------------------------------------------------
The log file show that the one of the file related to KB 2564958 is either corrupt or missing, most likely the latter one. So, the next to download update KB 2564958 from Microsoft support site.
Download the update from http://support.microsoft.com/kb/2564958 site. When I downloaded and tried to install, it gave me another error at installation with code: 0x80240009
Extracted the fix KB2564958 by following command: EXPAND Windows6.1-KB2564958-x64.msu –F:* C:\Temp
It will extract the CAB files. Identify the files mentioned in the log files and copy them over to the location mentioned in the log file, that is: %Windir%\Servicing\Packages\
Started the Server Manager Features page again, this time it came up just fine!
Hope this blog is informative, I would write another part soon.
Write me your feedback at inbox at gusac.net
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Just had an issue when I noticed that Windows Automatic updates service was missing in Service Console. The service registry was also missing:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv
One of solution known to is to reinstall the component from its configuration file. The command used:
%windir%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %windir%\inf\au.inf
Hope it helps!
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Issue: A RemoteApp application does not retain settings when users have roaming profile.
To reproduce the issue: Start the application, make changes and exit out. Next time you start it, it will not retain the settings.
Solution: Remoteapp default setting is to disconnect the session whenever a user closes out the application by click on the X at top right corner. The best thing is to exit the Remoteapp program from its menu (Ex: File > Exit)
Or, Group Policy can be configured to change the default behaviour of Remoteapp.
Enabled the following policy on your Windows 2008 Terminal Server:
Computer configuration > Administrative templates > Windows component > Terminal
Services > Terminal server > Session Time Limit = ‘Immediately’
Set the value to 'Immediately'
Explanation:
This policy setting allows you to specify how long a user's RemoteApp session will remain in a disconnected state before the session is logged off from the terminal server. By default, if a user closes a RemoteApp program, the session is disconnected from the terminal server. If you enable this policy setting, when a user closes a RemoteApp program, the RemoteApp session will remain in a disconnected state until the time limit that you specify is reached. When the time limit specified is reached, the RemoteApp session will be logged off from the terminal server. If the user starts a RemoteApp program before the time limit is reached, the user will reconnect to the disconnected session on the terminal server.
If you disable or do not configure this policy setting, when a user closes a RemoteApp program, the session will be disconnected from the terminal server.
11.Dec.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
In Windows 2008 R2 server, Shell Hardware Detection service stops starts and stops automatically on its own gracefully. If you check the event logs, it registers the information logs showing no issues.
Reason:
In Windows 2008 R2 server system, the behavior of this service was changed to to stop automatically after sometime a user logs off and starts when a users logs in. This was done to prevent minimize surface attacks. This is by design.
18.Nov.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
There could be several reason for a printer to show the status as OFFLINE. But the most common that I have come around is due to the SNMP option in its properties.
It is quite possible that printer does not support SNMP or SNMP is not enable/installed on the print server and yet SNMP option is enabled. Now due to this the print server tries to communicate with print device over SNMP. The server never gets the response and shows the printer status as offline.
The simple solution is to disable the SNMP feature in printer properties. It does not have any affect on printing functionality of the printer.
Open Printer and Faxes or Devices and Printers
Right click on the problem printer and go to Printer properties
In Printer properties window, go to the Ports tab
On Ports tab, click on the button that says Configure Port…
In the new page, clear the checkbox that says SNMP Status Enabled and click OK to exit.
Refresh the page, it should show status as Read now.
7.Oct.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Here are few of the issues related to service failures on Windows 2008 R2 servers. The most likely solutions and methods are provided below.
1. Diagnostic Policy Service fails with Access Denied
Solution:
· Navigate to the following key: HKLM\System\CurrentControlSet\Control\WDI\Config
· Grant full permission to the ‘NT Service\DPS’ account on the key.
Note: This is a Local account and not on domain. You need to change the location from domain to local while searching for the accounts.
2. Firewall service fail to start with Error Code 5
Run Procmon.exe and you would notice access denied logs on the following keys:
HKLM\System\CurrentControlSet\Services\SharedAccess\Epoch
HKLM\System\CurrentControlSet\Services\SharedAccess\Epoch2
Solution:
· Navigate to the keys and grant full permission to the following accounts:
NT Service\MPSSVC and NT Authority\Network Service
Note: These are Local accounts and not on domain. You need to change the location from domain to local while searching for the accounts.
· Start the Firewall Service. It should start successfully.
3. Windows Event Log service fail to start with Access Denied error
Again, Procmon.exe shows that we have access denied on C:\Windows\System32\WinEvt folder.
Solution:
· Navigate to the above mention folder and edit permissions
· Grant full permission to the local account NT Service\EventLog
Note: These are Local accounts and not on domain. You need to change the location from domain to local while searching for the accounts.
4. Multiple Services fail to start with dependency failure error
or Access denied while starting Base Filtering Service
Multiple Services on Windows 2008 R2 fail to start with dependency failure error. The following services fail to start:
IPsec Policy Agent (PolicyAgent) Windows Firewall IKE and AuthIP IPsec Keying Modules Internet Connection Sharing (ICS) Routing and Remote Access
Reason: These services are directly or indirectly dependent on Base Filterning Agent service, which is failing with Access Denied Error. We need to fix Base Filtering Agent first.
Solution:
· Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\BFE
· Grant full permission to the NT Service\BFE account on the above mentioned key.
· Also ensure that the following subkey is inheriting permission for BFE account:
HKLM\System\CurrentControlSet\Services\BFE\Parameters\Policy\Persistent
19.Sep.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Although, Performance Logs and Alerts service aka ‘Perfmon service’ is an on-demand service, meaning it starts when it is needed; you would get a generic message whenever you try to start it. The message simply says that the service started and stopped because it has nothing to do.
However, you do get error while starting Perfmon service, like I did. Here is the error description:
The Performance Logs and Alerts service terminated with service-specific error 2003 (0x7D3).
If you go ahead and use ERR.exe utility to understand the the Hex code 0x7D3, you would get the description: ERROR_METAFILE_NOT_SUPPORTED
The solution: Incorrect permission on the registry.
Registry: HKLM\system\CCS\Services\SysmonLog\Log Queries.
Simply add the Network Service account on the above mentioned registry location and give write access.
Try again, service should start or at least give you the generic message.
28.Jul.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Symptoms: On Windows 2008 R2 server, Base Filtering Engine service fails to start and throws error code 5.
Following services which are directly or indirectly dependent on BFE also fail. They are:
IPsec Policy Agent (PolicyAgent) Windows Firewall IKE and AuthIP IPsec Keying Modules Internet Connection Sharing (ICS) Routing and Remote Access
You cannot ping the server and when you ping from inside, it gives error Transmit Failed
Solution:
Navigate to the following registry key: HKLM\System\CurrentControlSet\Services\BFE
Grant full permission to the NT Service\BFE account on the above mentioned key.
Also ensure that the following subkey inherits permission for BFE account:
\BFE\Parameters\Policy\Persistent
18.Jul.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Event ID 333 basically occurs when system registry fails to flush operation to the disk. In most of the cases, Event ID 333 is more of a byproduct rather than an issue itself.
Event id 333 occurs when there is some performance issue or when memory/disk is not keeping up with the load. Generally when the issue occurs, you would see other Event IDs as well pointing towards the actual cause that triggered Event ID 333.
There are 4 likely causes for getting 333:
· Memory pressure- Physical or Virtual memory bottleneck, low System PTEs, Working set trimming etc.
· Disk pressure – Bottleneck, performance issue etc.
· Filter driver – Bad driver keeping registry from being flushed.
· Lock Pages In Memory – This behaviour can result if the SQL service account is given the user right ‘Lock Pages in Memory’
Troubleshooting
The following are the troubleshooting steps for this issue. Please note, all the steps do not fit in all scenarios and should not be applied as silver bullets.
Event Log
First this is to check for the Event IDs. Look for any other Event id related to disk, memory, server (SRV) in System log. Key event ids are: 2019, 2020, 51, 55, 52, 58
Perfmon
· Look for key counters:
- Memory\%Committed Bytes in Use
- Memory\Available Mbytes
- Memory\Cache Bytes
- Memory\Commit Limit
- Free System Page Table Entries
- Memory\Pool Nonpaged Bytes
- Memory\Pool Paged Bytes
Physical disk or Logical Disk
- %disk Time
- Avg. Disk Bytes/Transfer (Read and Write)
- Avg. Disk Queue Length
- Avg Disk sec/Transfer
- Disk bytes/sec
- Split IO/sec
Paging File\%Usage
System\%Registry Quota in use
Disk
· Enable disk write cache
Enable disk write cache to increase disk performance. (Refer to KB 324446)
- This would enable the caching of data in memory instead of immediate write to disk. This reduces the load (queue length) on the disk and system can schedule flush the data to disk later.
· Perfmon
Monitor disk sec/transfer, idle time, split I/O, Data byes/sec
- Split I/O counter represent how fragment the drive is. It is best to defrag the drive as it has a major hit on the disk performance.
- Sec/Transfer represents the time it takes to transfer data. It gives the disk throughput
· Configure RegistryLazyFlushInterval to 60 secs. (Reference: KB317357 and KB324446)
- Setting value to 60, tells system to write registry changes to disk after 60 seconds. The more the number of writes, the more disk I/O. The value 60 is recommended by Microsoft.
· Event logs
Check for any disk related event ids. Most common sources are fdisk, disk. Common causes are corrupt/bad sector, controller issue or driver issues.
- Upgrade firmware drivers for controller,
- Run chkdsk if required if we have event if pointing to corrupt sector/cluster on the disk.
Memory
There could be contention in either physical or virtual memory on the system. The causes can be several and they do not have straight forward troubleshooting. It is recommended to have an understanding of memory concept before making changes as it can easily make the system unstable.
· Boot.ini
- On Windows 2003 x86 server, check Boot.ini, if we have /3GB switch in place and also keep the role of the server in mind. Try to modify the switch by adding /USERVA so that we can give more room to kernel memory. Visit the link to understand /3GB and /UserVA switches: http://technet.microsoft.com/fr-fr/library/cc784475(WS.10).aspx
- On windows 2008, we don’t have boot.ini
- Use of /PAE and /3GB is not recommended as it has adverse effect on system performance.
· SQL Server Consideration
- Configure SQL to use less memory for the buffer pool.
- SQL Server has it own memory manager (MM) and it doesn’t use windows MM. IT can be set to reserve X amount of memory, which windows cannot use.
- Configure Perfmon with SQL object and monitor the memory specific counters. This is when we have low physical memory issue on Windows system.
- 918483 How to reduce paging of buffer pool memory in the 64-bit version of SQL Server 2005 You can enable the lock pages in memory permissions to prevent SQL Server 2005 64-bit buffer pool memory from being paged out of physical memory http://support.microsoft.com/?id=918483
· Disable Hot Add memory
- When the Hot Add Memory feature is enabled, the operating system pre-allocates kernel resources to handle any future memory that may be added to the computer. Kernel resources are allocated based on the capabilities of the computer instead of on the RAM that is actually installed. The kernel may allocate significant resources to RAM that may never be installed. Therefore, the Hot Add Memory feature may cause the maximum size of the paged pool to be much smaller than expected.
- To disable the feature: http://support.microsoft.com/?id=913568
· Pool memory leak
Look for Event id 2020 or 2019 for paged-pool or nonpaged-pool exhaustion. Configure poolmon.exe with appropriate interval and monitor the tag which has highest consumption at the time of issue.
- There are few articles for pool memory exhaustion but it is not recommended to apply without getting the poolmon data. KB 312362 is for maximizing the Paged-Pool limit on the box in case of Event ID 2020. But this is helpful when we have high memory consumption and not memory leak.
· Increase page file
- Again this is helpful if we have perfmon data to confirm the need.
· Apply patch
- For NTOSKRNL.EXE, as memory manager is implemented in windows kernel and ntoskrnl.exe is the executable.
[KB 935926: A Windows Server 2003-based computer stops responding when the registry is in heavy use]
· Free system PTEs.
- Look for perfmon counter value Free System Page Table Entries
Filter driver
Check for 3rd party drivers on the box which are outdated. You can use msinfo32 or Microsoft MPS utility to list out the drivers.
Last Resort – Complete memory dump
If the above troubleshooting does not help, configure the box for generating manual complete memory dump and trigger it when issue occurs. Send the dump to Microsoft for analysis.
Reference:
Troubleshooting Event ID 333 Errors
http://blogs.technet.com/b/askperf/archive/2007/10/30/troubleshooting-event-id-333-errors.aspx
How to generate a kernel dump file or a complete memory dump file in Windows Server 2003
http://support.microsoft.com/kb/972110
177415 How to Use Memory Pool Monitor (Poolmon.exe) to Troubleshoot Kernel Mode Memory Leaks
http://support.microsoft.com/?id=177415
298102 How to find pool tags that are used by third-party drivers
http://support.microsoft.com/?id=298102
248345 How to create a log using System Monitor in Windows
http://support.microsoft.com/?id=248345
244139 Windows feature lets you generate a memory dump file by using the keyboard
http://support.microsoft.com/?id=244139
315263 How to read the small memory dump files that Windows creates for debugging
http://support.microsoft.com/?id=315263
12.Jun.2011 |
by Gusac |
Filed in: Articles, Troubleshoot
Issue: Windows 2008 Server, SQL server 2005. When you start the service SQL FullText Search, it throws error 1075: The dependency service does not exist or has been marked for deletion
If you check the dependency in the service properties, it shows only RPC service which is started.
More Information: SQL FullText Search service is also dependent on NTLMSSP (NTLM Security Support Provider) which has been deprecated in Windows 2008 server.
If you navigate to the following registry:
HKLM\System\CurrentControlSet\Services\msftesql
If you check the DependOnService value, it has two entries: RPCSS and NTLSSM
Solution:
Remove the entry NTLMSSP as this does not exist on Windows 2008 server. However, the full-text search service depends on the NTLMSSP service.
Install the SQL Server service pack 3 as a workaround. This is what Microsoft recommends.
