Category Archives: IT Blog

Netdiag Failed (DNS test, Redir and Browser test, DC list test, Kerberos test)

Although Windows Server 2003 has been with us a while I can across this issue recently. This only because most of the 2003 domain controller installations I had seen were 32bit. But recently I found a domain that had a mixture of 32bit and 64bit domain controllers.

You run netdiag on your Windows 2003 64bit domain controller and get many failures like the ones bellow:

DNS test . . . . . . . . . . . . . : Failed
[FATAL] Could not open file C:WINDOWSsystem32confignetlogon.dns for reading.
[FATAL] No DNS servers have the DNS records for this DC registered.

Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir

Continue reading Netdiag Failed (DNS test, Redir and Browser test, DC list test, Kerberos test)

IIS Admin service would not start with error -2146893809

In the event viewer you should see error with Event ID 7024.
The IIS Admin Service service terminated with service-specific error %%-2146893809.

Here is a possible fix. For the service to start it needs RSA MachineKey and access to it. The Key is stored in C:UsersAll UsersApplication DataMicrosoftCryptoRSAMachineKeys(for Server 2008)  you should see some files in that location with the size of 2 or 3 Kbytes. Look for the file name that starts with ‘C23’. This is the key that is used by Microsoft Internet Information Server. Check the permissions on that key and make sure that ‘System’ and ‘Administrators’ have full control on this key. Once the permissions are set try starting IIS Admin service.

How to point a client to different domain controller

Here is a useful command that I’ve discovered.
Imagine a situation where you have a domain called domain.local with multiple domain controllers DC0, DC1 etc.
For some reason some clients are not working as expected or working slower. In my case it was when I tried to run gpresult /r on some clients it was taking ages to provide full details. To find out if any of the domain controllers is having problems I wanted quickly to change the domain controller that the affected client is using.
Back in the day when Windows NT 4 ruled the world there was a command called setprfdc (set preferred domain controller) nltest does something similar.

So first I wanted to find out what DC the client is using. Now there are many different ways but here is a command that I’ve used:
nltest /dsgetdc:domain.local
Continue reading How to point a client to different domain controller

dns.exe high memory usage in Server 2008 R2

Here is an interesting problem with DNS service. I have a new domain with domain controller running Server 2008 R2. I’ve noticed that the server is using more memory than expected. The DNS service is using 605MB of RAM which way too much.

I’ve checked on the other domain which have Server 2003 R2 domain controller and DNS service on these domain contoller are using ~20MB. Continue reading dns.exe high memory usage in Server 2008 R2

LED stair lighting based on Arduino, Part 6

This project has been frozen for some time but I’ve picked it up again, not much progress has been done mainly because I don’t have the electronic components. Buying them in Ireland is a bit expensive so I mainly use Ebay to get them form UK or Asia. The problem with Ebay is that it takes time for the components to arrive.
Anyway I’ve been playing around with shift register 74HC595 as I’ve ran out of digital PWM pins on my arduino. By using only 3 digital pins and 74HC595 I can control 8 LEDs but it is also possible to add more 74HC595 and that means more LEDs without using more digital outputs.
The problem is that  for my application 74HC595 is not suitable as it does not support PWM. It is possible to make LEDs fade using code but I did not like the results that I was getting.

The solution is to use TLC5940 which supports PWM. So back to the drawing board

HP Proliant dl160 G6 blank screen (hanging) after restart

Here is an interesting issue that I’ve came across while deploying a bunch of HP Proliant DL160 G6 servers.
You restart the server and the it would hang with blank screen, the fans would be running at full speed.  To make the server boot you have to remove the power to the server and plug it bak again. This is a known issue and it was can be fixed by updating the Bios firmware of the server to Version: 2011.01.25 (B). 
Resolved an issue where the system will occassionally hang early in POST with the fans at max speed with the 12LFF hard disk backplane installed.

Get it from here: DL160 G6 Bios Firmware

SSL Certificate add failed, Error: 1312

You are trying to bind SSL certificate ot a port number using the the following command:
netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

The command failes with error:
SSL Certificate add failed, Error: 1312
A specified logon session does not exist. It may already have been terminated. Continue reading SSL Certificate add failed, Error: 1312

Change registry permissions

So lets say you need to change registry permissions and give all domain users full rights to a specific key HKEY_LOCAL_MACHINESOFTWAREMy_App.
You can use Group Policy but also you can use a batch file. Batch file can be setup to run on system startup or you could push it with SCCM if you have it installed.

To change registry permissions you can use regini.exe and it should be on every Windows host but I think there is a better and easier tool(well at least to me) and it is called SetACL. This tool can be used to manage not only registry permission but also File Permissions, Auditing etc.
First download SetACL and from the download package extract command line version as this is what will be used in the script to c:temp. There are 2 versions 32bit and 64bit, choose the one you need. Continue reading Change registry permissions