Archive for the ‘Windows Server 2003’ Category

A problem is preventing windows from accurately checking the license for this computer 0x80040002

Friday, June 20th, 2008

As I was trolling about the incident logs recently I noticed that two Windows Server 2003 hosts which were completely separate and had absolutely no interaction with one another were both presenting the same error message during the logon process. The error was:

"A problem is preventing windows from accurately checking the license for this computer 0x80040002" This error presented immediately after Authentication. A quick Google only revealed a few hits regarding Windows XP Home and a Dell specific problem so naturally it piqued my interest.

One machine could obviously be hardware related (file corruption, bad RAM, anything really..) but two? This was just way too juicy for me to ignore so I began investigating.

A reboot into safe-mode and I was in business. My first stop is always to check the services list in the registry editor. Indeed, a quick check in regedit led me to a service called ‘recovery2′ which I have never heard of. The ImagePath was "c:\program files\outlook express\recovery.exe" curious and more curious. This service obviously being spurious I removed the entry from the registry, deleted the file and restarted the server. The machine then processed my login normally.

The odd thing being that I could find any good references to this particular root-kit anywhere on Google.

If anyone comes across something similar, let me know how you fare in the comments.

-Drew

Exchange 2007 OWA makes you login twice

Monday, March 10th, 2008

Nothing irritates me more than wasting time, being inefficient, or gnomes.  I recently configured a Sharepoint 2007 Enterprise server and whilst playing around with the ‘site’ I added a few different Web Parts. Everything went fine until I added Web Parts which pull information from my Exchange 2007 server and noticed I had to login twice (Once to the DOMAIN via Sharepoint, and once into OWA).

The problem is that by default Exchange 2007 is not set to use ‘Integrated Authentication’ I tried playing with the Virtual Directory for OWA in IIS to no avail, I then opened the Exchange Management console to see what kind of trouble I could get into. I drilled down to ‘Client Access’ under ‘Server Configuration’ and there I saw this:

exchange1

When I opened the item listed as: owa (default website) this presented me with a screen which looks like this:

exchange2

Originally I had it set to “Use forms-based authentication” I simply changed this to “Use one or more standard authentication methods” and selected Integrated Windows Authentication. Viola, if the user is already logged into the domain, it will not bring up that annoying login screen in your MOSS 2007 site.

Keep in mind, if you allow people to login to OWA whom are not already logged into the domain via OWA (why would you?) this may break that functionality.

-Drew

Delete locked Microsoft Access (MDB files) in Windows 2003

Thursday, October 25th, 2007

Nothing is more frustrating than when you’re playing on a three hour rock band bender in the data center when a  developer calls up and needs you to delete a file and Windows tells you it shove it because the file is locked.

Recently, I had an Access database I needed to delete. It just so happens that this Access database was being used on as a data source for a web site being served in IIS.

Unfortunately this server hosts over one hundred or so other web sites, so rebooting it was not an option. I found out if you simply stop the application pool for that particular site, it will allow you to delete the MDB file.

Steps:

Open IIS Manager:

Navigate to start -> all programs -> administrative tools -> Internet Service Manager

If you know which application pool the web site which is using the locked MDB file continue to the next step otherwise:

Expand Web Sites -> Right-Click on the affected web site, click Home Directory, Be sure to note the value of “Application Pool”

Now that we are certain to know the name of the application pool:

Expand the COMPUTERNAME -> EXPAND Application Pools -> Right-Click on the appropriate application pool and click stop.

Now that the application pool is stopped, delete the locked Access Database (MDB file)

Restart the affected application pool:

Right-Click on the affected application pool, click start

The MDB file is deleted, your app pool is running, the developer is happy and you’re back to trying your Rock Band marathon. Rejoice!

-Drew

Reboot a Windows 2003 Server remotely without remote desktop

Tuesday, August 8th, 2006

Most, if not all system administrators with a Windows 2003 server machine under their control has had the unpleasant experience of needing to reboot a server in the middle of the night or while they are hundreds of miles away from the data center. Every once in awhile, remote desktop may not be desirable or available and the server still needs to be rebooted. I present a method to reboot a Windows 2003 Server remotely without Remote Desktop.

Open a command prompt:

click start, navigate to  run > type cmd.exe and press enter

For this example I will assume the IP address of your server is 192.168.0.1

Create a RPC connection to 192.168.0.1:

net use \\192.168.0.1

You will need to authenticate using an administrator account:

The password or user name is invalid for \\192.168.0.1Enter the user name for ‘192.168.0.1’ : administrator

Enter the password for 192.168.0.1: password

The command completed successfully.

Then if you issue the following command, windows will shutdown and the server will restart (note: -f will force a reboot, you may not need it):

shutdown -r -f -m \\192.168.0.1

This method of rebooting has saved me many late night trips to the datacenter when Remote Desktop acts up.

Have fun!

-Drew

How do I delete directories hackers create on my system?

Tuesday, February 14th, 2006

Occasionally we all make mistakes, we leave anonymous FTP enabled and some 12 year old kid uploads his Britney Spears MP3 collection to your web server. In another instance you find yourself with a 200GB hard drive that you’ve only used 30GB of, but it reports there is only 20GB remaining, and you find out that your RECYCLER folder has been the generous host to a bunch of German pornography for however many unknown months.

Many times simply finding the locations of these files can be a daunting task; we have written an in-depth article that exposes some of the common methods that your average 13 year old N-SYNC fan uses to put his Madonna MP3 collection onto your corporate fileserver in another article. Once you find the files, if you cannot delete them; that is probably one of the most frustrating moments as a system administrator.

To do this, we employ methods from 15 years ago (thanks Microsoft).

If you do already know how to do this, open a command prompt by doing the following:

click start navigate to run type cmd.exe and press enter

Navigate to the parent folder of the questionable content (i.e) the folder named ” . . . . I Jh0000n yoUhz!”

cd e:\inetpub\wwwroot\site

First we take a quick look at the directory to see what we see:

E:\inetpub\wwwroot\site>dir
Volume in drive E is IIS
Volume Serial Number is 1034-05BD

Directory of E:\inetpub\wwwroot\site

03/02/2006 03:26 PM  .
03/02/2006 03:26 PM  ..
12/30/2003 11:22 AM
12/20/2003 11:11 AM  Admin

Do you notice that there is a directory with no label? FTP hijackers and other script kiddies often use this technique to try to mask their activities in order to throw off system administrators and make it harder to delete their “distro sites”. It is in fact very simple to delete these sites:

E:\inetpub\wwwroot\site>dir /x
Volume in drive E is IIS
Volume Serial Number is 1034-05BD

Directory of E:\inetpub\wwwroot\site

03/02/2006 03:26 PM  .
03/02/2006 03:26 PM  ..
12/30/2003 11:22 AM  0200~1
12/20/2003 11:11 AM  Admin

Notice how the directory with no label is actually called 0200~1? That is the true name of the folder on the server. First we will empty the contents of this directory:

del 0200~1

Now we will remove the directory entirely.

rmdir 0200~1

The massive store of Justin Timberlake MP3s is now gone, and young Timmy from Brazil has to fire up Bearshare and start all over again. (Boo, Hoo, Hoo.) The real question is: Do you know how those files got there? If you cannot honestly answer this question, you should read our article “Where’d my Disk Space Go?”

-Drew