Windows Server 2008

Extend System Volume Error ‘The parameter is incorrect’

sysop

I had an issue when extending the volume of a Windows Server 2008 system drive where it returned the horrible looking error below ‘The parameter is incorrect’.

DiskGrowParameterIncorrect

This leaves you in a scenario where the Disk Management tool reports that the disk has been increased to the new size, but viewing the disk properties in Explorer shows it has not been increased.

DiskSizeMisMatch1

It turns out this has been an issue within Windows Server for sometime and this Microsoft KB article details how to resolve it with the Diskpart utility, essentially the disk partition has been increased, but not the file system size.

It’s as simple as

DISKPART

DISKPART> select volume #

where # is the number of the affected volume which can be found with list volume.

DISKPART> extend filesystem

Now the file system size should match the new partition size.

Start the Network and Internet Troubleshooting Wizards from the Command-Prompt

sysop

The network and Internet troubleshooting wizards can also be started from the command line, using the parameters below. All you need is to copy and paste these commands in the Run window (press the Windows key + R) or in the Command Prompt:

  • To open the Internet Connections troubleshooter:msdt.exe -id NetworkDiagnosticsWeb
  • To open the Shared Folders troubleshooter:msdt.exe -id NetworkDiagnosticsFileShare
  • To open the HomeGroup troubleshooter:msdt.exe -id HomeGroupDiagnostic
  • To open the Network Adapter troubleshooter:msdt.exe -id NetworkDiagnosticsNetworkAdapter
  • To open the Incoming Connections troubleshooter:msdt.exe -id NetworkDiagnosticsInbound

Export exchange mailbox to PST (Exchange PowerShell)

sysop

If you want to export or backup a user mailbox to a PST file to import to Microsoft Outlook, you need a machine running Microsoft Operating System 32 bit version with Microsoft Outlook installed or MAPI component, on the same domain of the Exchange Server.

On this machine, you need to install Microsoft Exchange Management Server (you can find this on the Microsoft Exchange CD installation wizard) or download (2007 version) from: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=6be38633-7248-4532-929b-76e9c677e802.

First you need to grant yourself permission’s on this database:

Get-mailbox -database ‘SERVERNAME.DOMAIN.LOCALdatabaseName’ | Add-MailboxPermission -User “danielcosta” -AccessRights FullAccess

After this, open Exchange PowerShell and run this command (change what you need) to backup a single mailbox:

Export-Mailbox -id username -PSTFolderPath E:folder

If you want to backup all users in a Exchange Database to a folder you can run this:

Get-mailbox -database ‘SERVERNAME.DOMAIN.LOCALdatabaseName’ | Export-Mailbox -PSTFolderPath c:folder

BOOTMGR is missing

sysop

 

Cause:

This error occurs when either of the following conditions is true:

  • The Windows Boot Manager (Bootmgr) entry is not present in the Boot Configuration Data (BCD) store.
  • The Boot\BCD file on the active partition is damaged or missing.

Resolution:

Method 1: Repair the BCD store by using the Startup Repair option

You can use the Startup Repair option in the Windows Recovery Environment to repair the BCD store. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.
  2. Press a key when you are prompted.
  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.
  4. Click Repair your computer.
  5. Click the operating system that you want to repair, and then click Next.
  6. In the System Recovery Options dialog box, click Startup Repair.
  7. Restart the computer.

Method 2: Rebuild the BCD store by using the Bootrec.exe tool

If the previous method does not resolve the problem, you can rebuild the BCD store by using the Bootrec.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.
  2. Press a key when you are prompted.
  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.
  4. Click Repair your computer.
  5. Click the operating system that you want to repair, and then click Next.
  6. In the System Recovery Options dialog box, click Command Prompt.
  7. Type Bootrec /RebuildBcd, and then press ENTER.
    • If the Bootrec.exe tool runs successfully, it presents you with an installation path of a Windows directory. To add the entry to the BCD store, type Yes. A confirmation message appears that indicates the entry was added successfully.
    • If the Bootrec.exe tool cannot locate any missing Windows installations, you must remove the BCD store, and then you must re-create it. To do this, type the following commands in the order in which they are presented. Press ENTER after each command.
      Bcdedit /export C:\BCD_Backup
      ren c:\boot\bcd bcd.old
      Bootrec /rebuildbcd
  8. Restart the computer.

Method 3: Rebuild the BCD store manually by using the Bcdedit.exe tool

If the previous method does not resolve the problem, you can rebuild the BCD store manually by using the Bcdedit.exe tool in the Windows Recovery Environment. To do this, follow these steps:

  1. Put the Windows Vista installation disc in the disc drive, and then start the computer.
  2. Press a key when you are prompted.
  3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.
  4. Click Repair your computer.
  5. Click the operating system that you want to repair, and then click Next.
  6. In the System Recovery Options dialog box, click Command Prompt.
  7. Type the following command, and then press ENTER:
    cd /d Partition:\Windows\System32

    Note Partition represents the letter of the partition on which Windows Vista is installed. Typically, this is partition C.

  8. Type the following command, and then press ENTER:
    bcdedit /enum all

    In the Windows Boot Loader section of the output from this command, note the GUID that is listed for resumeobject. You will use this GUID later.

  9. Type the following command, and then press ENTER:
    bcdedit -create {bootmgr} -d “Description

    Note Description represents the description for the new entry.

  10. Type the following command, and then press ENTER:
    bcdedit -set {bootmgr} device partition=Partition:

    Note Partition represents the letter of the partition. Typically, the letter is C.

  11. Type the following command, and then press ENTER:
    bcdedit /displayorder {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  12. Type the following command, and then press ENTER:
    bcdedit /default {GUID}

    Note GUID represents the GUID that you obtained in step 8.

  13. Type the following command, and then press ENTER:
    bcdedit /timeout Value

    Note Value represents the time in seconds before the Windows Boot Manager selects the default entry that you created in step 12.

  14. Restart the computer.

If you are booting from a Server 2008 install disk, when you use the “Repair your computer” option, the available options look like this:

You can access the repair option on a Server 2008 disk by choosing “command prompt”, then running  “x:\sources\recovery\StartRep.exe”.

 

Recovering Disk Space on the C: Drive in Small Business Server 2008

sysop

SBS 2008 installs all of its features using a single volume (C:), there are tools available to move some of the data to other locations, but a number of folders that remain in the C: volume can continue to grow if left unchecked, this can potentially eat all the available disk space on the C: drive. Once the C: drive reaches certain low space thresholds, some services will stop functioning properly on the server, while others will change their behavior to prevent data loss. Usually, administrators realize they have a problem when e-mail flow is impacted, under low disk space conditions, due to the Exchange Back Pressure features, mail flow will stop. Users may experience some of the following errors or non-delivery-reports: Error 0x800CCC6C, SMTP_452_NO_SYSTEM_STORAGE, or 452 4.3.1 Insufficient system resources.

These are some of the steps that can be performed to help recover and prevent these issues.

IIS and SBS Logs

(This is expanding on the existing post “Reclaiming Disk Space Lost to IIS Logs on SBS 2003 and SBS 2008”)

By default, all IIS hosted web sites have logging enabled, this can lead to some large folders in C:inetpublogsLogFiles (Review this post in case you have moved your log files). You may also want to specifically stop logging all together for certain web sites, in particular, the “WSUS Administration” web site (Site Id 1372222313). For this, perform the following steps:

  1. Launch IIS Manager from Administrative Tools.
  2. Expand Server, Sites, and select the WSUS Administration web site.
  3. On the feature panel, click to open Logging.
  4. Click Disable in the Actions panel (rightmost panel)
  5. Repeat the steps for any other web site. Please note that logging may be needed for troubleshooting or auditing purposes on sites that are public facing, this is usually not the case on the WSUS Administration site.

Some of the SBS 2008 log files can grow to very large sizes, all SBS logs are stores in this folder (and subfolders): C:Program FilesWindows Small Business ServerLogs. Some of the logs that will grow the most and may need trimming are:

  • Console.log, this log will continue to grow while the SBS Console is running.
  • *.evtx files, these are the event logs before the setup of the server completed, they can be safely removed if the server has been in production and had no setup issues.
  • W3wp.log, in the C:Program FilesWindows Small Business ServerLogsWebWorkplace folder. This is the log for Remote Web Workplace.
  • The C:Program FilesWindows Small Business ServerLogsMonitoringServiceLogs folder. These are the logs for the Windows SBS Manager service.

POP3 Connector Badmail directory

If you are using the POP3 Connector, you may end up with emails that failed to be delivered (rejected by the local Exchange server) inC:Program FilesWindows Small Business ServerDatabadmail. This folder will be automatically trimmed to 400mb once it reaches 450mb once a week.

The licensing log can consume a significant amount of hard disk space

This is discussed on the Windows Small Business Server 2008 Release Documentation
You can delete the events in the Windows SBS 2008 licensing log to free up additional space on the hard disk drive.

To delete events in the Windows SBS 2008 licensing log

  1. From the server, open a Command Prompt window as an administrator. To do this, click Start, and then in the Search box, typecommand prompt.
  2. In the list of results, right-click Command Prompt, and then click Run as administrator.
  3. At the command prompt, type the following command: del “%systemroot%system32winevtlogsMicrosoft-Windows-Server Infrastructure Licensing*%4Debug.etl.*”

You can also use Registry Editor to disable the licensing log.

  1. Click Start, type regedit, and then press ENTER.
  2. In Registry Editor, locate and then click the following registry key:
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftServerInfrastructureLicensing
  3. In the details pane, right-click TraceMask, and then click Modify.
  4. In the Edit DWORD dialog box, change the value for Value data to 0 (zero), and then click OK.
  5. Restart the server.

Windows Server Update Services (WSUS) Server Cleanup Wizard

In WSUS, you can delete unused updates and update revisions, computers not contacting the server, unneeded update files, expired updates and superseded updates. In order to accomplish this, you have to manually go through the WSUS Server Cleanup Wizard.
To run the Server Cleanup Wizard :

  1. In the WSUS administration console (launch it from the Administrative Tools), select Options, and then Server Cleanup Wizard.
  2. By default this wizard will remove unneeded content and computers that have not contacted the server for 30 days or more. Select all possible options, and then click Next.
  3. The wizard will begin the cleanup process, and will present a summary of its work when it is finished, depending on the server performance, this may take a very long time. Click Finish to complete the process.

Very large SharePoint SQL transaction log file

Please read the following KB article for an explanation and instructions on how to prevent this:
2000544 SBS 2008 BPA Reports that The Windows SharePoint Services configuration databases log file is getting large (currently over 1gb in size)

Active Directory Certificate Services transaction log files

When completing a critical or system state backup of the C: volume, a new transaction log will be generated under thec:windowssystem32certlog folder. Removing these logs is only safe as long as the CA database file is consistent. In order to remove these logs and reclaim disk space, follow these steps:

  1. Open the Services MMC and stop the Active Directory Certificate Services service.
  2. Make a backup copy of ALL the file contents present in the c:windowssystem32certlog folder.
  3. Delete EDB.CHK and all the files that have an extension of .LOG (*.LOG)
  4. Restart the Active Directory Certificate Services service.

Windows Component Clean Tool

The Windows Component Clean Tool (COMPCLN.exe) can be used to remove the files that are archived after Windows Vista SP2 or Windows Server 2008 SP2 is applied. It also removes the files that were archived after Windows Vista SP1 was applied, if they are found on the system. Running this tool is optional.

Installing Windows Server 2008 service packs increases the amount of disk space that is used by the operating system. This space is used to archive files so that the service pack can be uninstalled. Typically, you should run COMPCLN.exe if you want to reclaim this disk space after applying SP2 and if you will not need to uninstall SP2.

NOTE: You cannot uninstall Windows Vista SP2 or Windows Server 2008 SP2 after you run this tool on an image.

Move Data Wizards

We are not going to focus on these wizards on this post, but as a reference, SBS 2008 provides an automated way of moving the following:

  • Move Exchange Server Data: which moves both the exchange database file as well as your exchange transaction logs for all storage groups.
  • Move Windows SharePoint Services Data: Moves the SharePoint Content and Configuration databases.
  • Move Users’ Shared Data: Moves C:UsersShares directory and all sub directories
  • Move Users’ Redirected Documents Data: Moves C:UsersFolderRedirections directory and all sub directories
  • Move Windows Update Repository Data: Moves the repository data from C:WSUSWSUSContent and C:WSUSUpdateServicePackages. Please note it does NOT move the SUSDB Folder and the WSUS database which contains the metadata.
  • More Resources:
    Manage Server Storage by using Windows SBS Console
    Moving Data on Windows Small Business Server 2008
    Introducing Server Storage Management in SBS 2008

Update #1 3/3:
Added reference to WSUS Administration web site ID (Site Id 1372222313)
Added reference to Exchange 2007 BackPressure NDRs and errors due to low disk space

From Microsoft Technet

[Post comes to us courtesy of Damian Leibaschoff and Wayne Gordon McIntyre from Commercial Technical Support and Chris Puckett from Product Quality]

ASN1 bad tag value met. 0x8009310

sysop

Question:
I get CertEnroll::Cx509Enrollment::p_InstallResponse: ASN1 bad tag value met. 0x8009310b on IIS 7 and I am unable to install my certificate.

Answer:
This can be a result of IIS placing the certificate in the wrong certificate store or forgetting where it places the private key, in many cases it gets placed in Other People Certificate store for theCurrent User account. Only certificates that are stored in the Personal Section of the Local Computer store can be used in IIS.

Option #1: Repair a damaged certificate.

  1. Open up DOS prompt (cmd.exe)
  2. Type: certutil -repairstore my “THUMBPRINT/SERIALNUMBER”
    Note: Also, sometimes the certificate is not available and needs to be imported in order for this command to work.
  3. Go back into the IIS Manager and re-edit the bindings for this site. (Where you can select the certificate.
    Note: Sometimes, you will get an error, so just ignore the error and try again. When trying again, the certificate may already be selected and nothing else needs to be done.

Option #2: Restore Certificate to the Local Computer Store

  1. Open the Certificate Snap-In from within the MMC (Microsoft Management Console)
    Start -> Run -> Type “mmc” -> File -> Add/Remove Snap-in -> Add -> Certificates
  2. Add Current User account.
    My User Account -> Finish.
  3. Add Local Computer account.
    Computer account -> Local Computer -> Finish.
  4. Close Add Standalone Snap-in.
  5. Click Ok.

    6. Now you should have a screen similar to this:

  6. Drag the certificate that will not install, out of the Other People store and drop it under theLocal Computer -> Personal -> Certificates.

    7. Do not close out of the MMC at this time.

  7. Open up a command prompt.
    Start -> Run -> Type cmd.
  8. Type: certutil -repairstore my “THUMBPRINT_OF_CERTIFICATE”. (with quotes)
  9. You should now have the private key back on the certificate so now open up IIS and assign it to your website.

Transferring FSMO Roles in Windows Server 2008

sysop

The five FSMO roles are:

  1. Schema Master
  2. Domain Naming Master
  3. Infrastructure Master
  4. Relative ID (RID) Master
  5. PDC Emulator

The FSMO roles are going to be transferred, using the following three MMC snap-ins :

  • Active Directory Schema snap-in : Will be used to transfer the Schema Master role
  • Active Directory Domains and Trusts snap-in : Will be used to transfer the Domain Naming Master role
  • Active Directory Users and Computers snap-in : Will be used to transfer the RID MasterPDC Emulator, and Infrastructure Master roles

Note: The following steps are done on the Windows Server 2008 machine that I intend to set as the roles holder ( transfer the roles to it )

Lets start transferring the FSMO roles.

  • Using Active Directory Schema snap-in to transfer the Schema Master role You have to register schmmgmt.dll in order to be able to use the Active Directory Schema snap-in 
  1. Click StartRun
  2. Type regsvr32 schmmgmt.dll
  3. Click OK A popup message will confirm that schmmgmt.dll was successfully registered. Click OK
  4. Click Start Run, type mmc, then click OK
  5. Click File > then click Add/Remove Snap-in…
  6. From the left side, under Available Snap-ins, click on Active Directory Schema, then click Add > and then click OK

  7. Right click Active Directory Schema, then click Change Active Directory Domain Controller…
  8. From the listed Domain Controllers, click on the domain controller that you want to be the schema master role holder and then click on OKYou will receive a message box stating that the schema snap-in is not connected to a schema operations master. That is for sure, as we have not yet set this Windows Server 2008 domain controller as a Schema Master role holder. This will be done in the next step. Click OK
  9. In the console tree, right click Active Directory Schema [DomainController.DomainName], and then click Operations Master…
  10. On the Change Schema Master page, the current schema master role holder will be displayed ( ex. DC.SOMETHING.NET) and the targeted schema holder as well (ex. DC2K8.SOMETHING.NET). Once you click Change, the schema master holder will become 
    DC2K8.SOMETHING.NET     , click Change

    Click Yesto confirm the role transfer

    The role will be transferred and a confirmation message will be displayed. Click OK

    Then click Close, as you can see in the below snapshot, the current schema master is DC2K8.SOMETHING.NET

  • Using Active Directory Domains and Trusts snap-in to transfer the Domain Naming Master Role
  1. Click Start Administrative Tools > then click Active Directory Domains and Trusts
  2. Right click Active Directory Domains and Trusts, then click Change Active Directory Domain Controller…
  3. From the listed Domain Controllers, click on the domain controller that you want to be the Domain Naming master role holder and then click onOK
  4. Right click Active Directory Domains and Trusts, then click Operations Master…
  5. On the Operations Master page, we are going to change the Domain Naming role holder from DC.SOMETHING.NET to DC2K8.SOMETHING.NET, Click ChangeClick YES to confirm the transfer of the Domain Naming roleThe role will be transferred and a confirmation message will be displayed. Click OK , then click Close


Till now, we have successfully transferred two FSMO roles, the Schema Master role and the Domain Naming role. The last three roles can be transferred using a single Snap-in.

 

  • Using Active Directory Users and Computers snap-in to transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
  1. Click StartAdministrative Tools > then click Active Directory Users and Computers
  2. Right click Active Directory Users and Computers, then click All TasksOperations Master…
  3. You will have three Tabs, representing three FSMO roles (RID, PDC, Infrastructure). Click the Change button under each of these three tabs to transfer the roles.Click Yes to confirm the role transferThe role will be transferred and a confirmation message will be displayed. Click OK

    As for the Infrastructure role, once you click on the Change button you will receive the below message

    By default, when you first install your first Domain Controller, it holds the five roles and beside that it is a Global Catalog. If your environment is a multi-domain/forest, then you should think about structuring your FSMO roles and transfer the Infrastructure role to a none Global Catalog domain controller. Else if you have small number of domain controllers ( ex. two domain controllers) then you should not worry about this. ClickYes

  4. The Tabs should now look like this:

 

That’s it, by now, you have successfully transferred the five FSMO roles to the Windows Server 2008 Domain Controller.

 

Summary

 

There are five FSMO roles in a forest, to transfer any of these roles you have to use the appropriate Active Directory snap-in.

 

 

Steps to move a DHCP database from a Windows Server 2003 or 2008 to another Windows Server 2008 machine

sysop

The DHCP database can be moved or migrated from a Windows Server 2003 server to a Windows Server 2008 server, or from one Windows Server 2008 server to another.  The information below details the necessary steps.

Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008

To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:

1.   Log on to the source DHCP server by using an account that is a member of the local Administrators group.

2.   Click Start, click Run, type cmd in the Open box, and then click OK.

3.   Type netsh dhcp server export C:\dhcp.txt all , and then press ENTER.

Note: You must have local administrator permissions to export the data.

Configure the DHCP server service on the server that is running Windows Server 2008

1.   Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.

2.   In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.

Import the DHCP database

1.   Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.

2.   Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.

3.   Verify that the DHCP service is started on the Windows Server 2008-based computer.

4.   Click Start, click Run, type cmd in the Open box, and then click OK.

5.   At the command prompt, type netsh dhcp server import c:\dhcpdatabase.txt all , and then press ENTER, where c:\dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.

Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:

Error initializing and reading the service configuration – Access Denied

Note You must have local administrator permissions to import the data.

6.   To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.

7.   If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.

Authorize the DHCP server

1.   Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.

Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.

2.   In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.

3.   Right-click the server object, and then click Authorize.

4.   After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.