Thursday, 25 Aug 2016 | tralala:)
 

Random notes

No Mapping between account names and security IDs was done

While deploying some GPO the following error message knocked the door:

'0x80070534 No mapping between account names and security IDs was done' This error was suppressed. Event 4098, Group Policy Scheduled Tasks

Scheduled task from GPP look like this:

This is actually the setting that Group Policy Management console would do for you when you select the "Change user or Group..." and type SYSTEM into the textbox area.

But we all know that correct setting is little bit different:

Cannot start DPM after Update Rollup 5 for System Center 2012 R2 Data Protection Manager

My colleague was recently troubleshooting a DPM issue, I believe its word sharing the details.

Symtops:

  • When trying to close freezed DPM console you recieve something like: "you must close all dialog boxes before.." even thought all Windows are closed.
  • DPM console (or a script that tries do anything DPM related) consume all memory resources
  • Event ID: 1002 Application Hang and Event ID: 1001 Windows Error Reporting for AppHangB1 is logged

Example of such the event:

The program mmc.exe version 6.2.9200.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 76c
 Start Time: 01d04ce0689da0c6
 Termination Time: 16
 Application Path: C:\Windows\system32\mmc.exe
 Report Id: xxxx
 Faulting package full name: 
 Faulting package-relative application ID: 

After the classical troubleshooting, MS case was opened and come up with the following script:

DELETE FROM dbo.tbl_IM_ProtectedObject
WHERE ProtectedObjectId IN
(
       SELECT PO.ProtectedObjectId
       FROM dbo.tbl_IM_ProtectedObject AS PO
       JOIN dbo.tbl_AM_Server AS SRVR
       ON PO.ServerId = SRVR.ServerId
       WHERE (CONVERT(VARCHAR(4096),PO.ComponentName) = 'System State' OR CONVERT(VARCHAR(4096),PO.ComponentName) = 'Bare Metal Recovery')
       AND PO.ProtectedInPlan = 0
       AND PO.ProtectedObjectId NOT IN (SELECT ProtectedObjectId FROM dbo.tbl_IM_ProtectedObjectAlerts)
       AND LOWER(CONVERT(XML,PO.LogicalPath).value(
             '(/child::ArrayOfInquiryPathEntryType/child::InquiryPathEntryType[attribute::Type="Server"]/attribute::Value)[1]',
              'VARCHAR(4096)'
       )) != LOWER(SRVR.ServerName)
)
 
Apparently MS Bug.

Outlook 2013 crashes after start mso.dll and exception code: 0xc0000005

Outlook 2013

From the error log:

Faulting application name: OUTLOOK.EXE, version: 15.0.4667.1000, time stamp: 0x543d3698
Faulting module name: mso.dll, version: 15.0.4667.1001, time stamp: 0x5447696f
Exception code: 0xc0000005
Fault offset: 0x010eb9a9
Faulting process id: 0x1878
Faulting application start time: 0x01d0098924b9cdb8
Faulting application path: C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
Faulting module path: C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll
Report Id: d70e2ad0-757c-11e4-b3bf-0c8bfdde041c

  • Safe mode - Crash again
  • Recreate the userprofile - Crash again
  • Disconnect the network when startign up the Outlook- Works OK, untill the synchronization start - crash again

It ended up being a iCloud issue: simple start the outlook with network disconnected, navigate to account settings and remove Internet Calendar Sharing for iCloud.

MDT 2013 Domain Join not working

Deploying machine via MDT 2013 was just fine when domain join suddenly stopped working.

 

  • Check the MDT log at (knowing when the join should occur) %systemroot%/Temp/DeploymentLogs/ZTIDomainJoin.txt
[LOG[DomainErrorRecovery Action: AutoRetry.]LOG]!>
[LOG[Initiating domain join operation using JoinDomainOrWorkgroup.]LOG]!>
[LOG[Initial attempt: JoinDomain(AD.example.com,PWD,AD.example.com\service_account-MDT,,3), rc = 1385]LOG]!>
[LOG[JoinDomain Failure: The account *may* already exist in a different OU. Retrying without the specified OU.]LOG]!>
[LOG[Retry attempt: JoinDomain(AD.example.com,PWD,AD.example.com\service_account-MDT,,3), rc = 1385]LOG]!>
[LOG[Initiating a reboot.]LOG]!>
[LOG[Property LTISuspend is now = ]LOG]!>

[LOG[ZTIDomainJoin processing completed successfully.]LOG]!>

 

  • Check the %systemroot%/Debug/NetSetup.log
0/10/2014 10:40:11:648 NetpValidateName: checking to see if 'AD.example.com' is valid as type 3 name
10/10/2014 10:40:11:648 NetpValidateName: 'AD.example.com' is not a valid NetBIOS domain name: 0x7b
10/10/2014 10:40:11:758 NetpCheckDomainNameIsValid [ Exists ] for 'AD.example.com' returned 0x0
10/10/2014 10:40:11:758 NetpValidateName: name 'AD.example.com' is valid for type 3
10/10/2014 10:40:11:758 NetpDsGetDcName: trying to find DC in domain 'AD.example.com', flags: 0x40001010
10/10/2014 10:40:11:867 NetpLoadParameters: loading registry parameters...
10/10/2014 10:40:11:867 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
10/10/2014 10:40:11:867 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
10/10/2014 10:40:11:867 NetpLoadParameters: status: 0x2
10/10/2014 10:40:11:867 NetpDsGetDcName: status of verifying DNS A record name resolution for 'DC.AD.example.com': 0x0
10/10/2014 10:40:11:867 NetpDsGetDcName: found DC '\\DC.AD.example.com' in the specified domain
10/10/2014 10:40:11:867 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
10/10/2014 10:40:11:882 NetUseAdd to \\DC.AD.example.com\IPC$ returned 1385
10/10/2014 10:40:11:882 NetpJoinDomain: status of connecting to dc '\\DC.AD.example.com': 0x569
10/10/2014 10:40:11:882 NetpJoinDomainOnDs: Function exits with status of: 0x569
10/10/2014 10:40:11:882 NetpDoDomainJoin: status: 0x569
 
  • Realize that 1385 is the eror code. Execute „net helpmsg 1385
Logon failure: the user has not been granted the requested logon type at this computer.
 
  • Recall changes to AD Domain, Deny Log On Locally should not be enabled across the domain for MDT join Account

DLink DGS-3100-48 asymmetric VLAN (private VLAN) issues

For a recent project a have to deploy private VLAN (asymmetric VLAN in DLink’s terminology) using DGS-3100-48 switch.

Using the latest available firmware version 3.60.28 I wasn’t able to configure it properly. In other words – the switch doesn’t support asymmetric VLAN properly. Note: since firmware version v3.00.43 there should be support for asymmetric VLAN so one would expect it could work (ftp://ftp.dlink.com/Switch/dgs3100series/Firmware/dgs3100series_release_notes_36028.pdf)

It’s time for DLink support!

After few emails with support department of DLink I have receive a new firmware 3.60.37. Since I have six DGS-3100-48 units in stack I have uploaded new firmware to all of them - as a stack. And this is where it gets interesting. 4 of 6 switches failed to load and ends up in booting loop.

After decompressing image you can see something like that on the console output:

01-Jan-2000 01:01:16 %ERHG-F-SEND: Bad parameters in HSG_init_hash

***** FATAL ERROR *****

Reporting Task: ROOT.

Software Version: 3.60.37 (date  14-Nov-2010 time  14:52:42)

0x144724

0x141d0c

0x54657c

0x366834

0x36ae94

0x38bfd8

0x38c180

0x4a6b00

**************************************************

*****************  SYSTEM RESET  *****************

**************************************************

There is not much to do as you cannot reset the configuration during the boot, so the only option was…

Time for recovery procedure!

Manual v3.6 says something about password recovery procedure – which you can utilize to reset configuration (it’s always worth a try to do so before changing fw boot or reflashing). According to manual you should:

„Power on the switch. After the boot image is loaded to 100%, the Switch will allow 2 seconds for the user to press the hotkey (Shift + 6 ) to enter the “Password Recovery Mode”.“

But this doesn’t work – absolutely not. It may for older fw but it definitely does not for this one.

There is this HW installation guide v3.5 that also lacks any details for recovery procedure. However v1 of the same guide has the following information: During the boot process, after the first part of the POST is completed press <Esc> or <Enter> within two seconds after the following message is displayed:

Autoboot in 2 seconds -press RETURN or Esc.to abort and enter prom.

Well, this is still unusable since no 2 seconds pause is visible during the switch boot.

Time for solution!

Finally DLink support personal come up with solution: right after the POST press the CTRL+SHIFT+ ”-“ one time! This shows the “Autoboot…” message and you can press ESC to enter the service menu. From service menu navigate to advanced menu (via shift + 6) and remove config/change the boot image etc.

Btw; Asymmetric VLAN doesn’t work with firmware 3.60.37 anyway. In the end we have received version v3.60.44 which does work correctly, finally.

 
 
Did you know?

That this button does nothing?

Follow Us
Topics

Hyper-V

IT Pro

Random

Get in touch

Would you like to share something interesting with me? Mail: info at rozmazat.cz