Category Archives: Tips’N’Tricks

Where’s mah mail, dude?! (meme edition)

One of the recent requests from a user stated that all his mail without even visiting Inbox went right into … Deleted Items folder. No problem – just find the rule which does that and remove or fix it.

all-the-things-meme-generator-delete-all-the-rules-dee398

Simple as “one, two, three, doesn’t work”. Yep, after I had deleted all the rules the Inbox still lacked the mail.

i-find-your-lack-of-mail-disturbing

Now what? Moving mailbox to another location? Probably that would help, probably not, but it is not a solution, actually (neither was the workaround we have found).

Even Google Almighty wasn’t able to find the solution (I found it later, when I new what to look for), so we went to our final resort: Microsoft Premier Support (yep, we didn’t want to breed a new variety of users: those who read their email in deleted items and store business critical documents in the recycled bin). The workaround was quite simple: set AutomateProcessing for the mailbox into AutoUpdate. After doing that:

Get-Mailbox | Set-CalendarProcessing -AutomateProcessing AutoUpdate

everything went back to normal. And you know what? I’m fine with it, even it wasn’t me, who found the solution =)

Advertisements

Network trace without NetMon, wireShark, etc… Part 2

MC91021636214As I told you in the previous episode, there is more than just capturing without installing any software. Much more, actually. There is a .cab file which contains many files: 33 to be accurate (at least in my case). The files contain the heck of information about the computer’s networking configuration as well as logs. Let’s take a look at those files:

 

1) adapterinfo.txt: contains info about your NICs’ drivers:

image

How can this be useful? Easily, say, you see the driver for a physical NIC which was issued 5 years ago: why not to upgrade it first? Anyway, this can give you the starting point for troubleshooting.

2) dns.txt: this one contains the output for ipconfig /displaydns command which gives us the content of the DNS client cache

image

3) envinfo.txt: all you want and even more about the wireless network. Drivers with supported authentication and cipher options, interfaces and their state, hosted networks, WLAN settings, profiles and more and more…

image

4) filesharing.txt: nbtstat –n, nbtstat –c, net config rdr, net config srv, net share

image

5) gpresult.txt: no comments

6) neighbors.txt: arp –a, netsh interface ipv6 show neighbors (yeah, calling netsh from netsh… inception… 😉 )

7) netiostate.txt: in my case there were Terede settings

image

8) osinfo.txt: at first it looks like systeminfo output, but actually it is somewhat different, yet can prove useful.

image

9) Report.etl: trace log file. I haven’t yet took a look into it. Probably it can be good for a deep troubleshooting

10) wcninfo.txt: wireless computer network information. Services status, files information and again interfaces info, ipconfig, and more…

image

11) wfpfilters.xml: I haven’t yet undertook a close investigation on the file, but seems like the file contains firewall rules in XML format

12) windowsfirewallconfig.txt: config for the firewall. Is it turned on, global settings and all that stuff

13) several other files, which contain various event logs related to networking, registry keys dumps and other info

image

14) Report.html: an .html file which contains links to the files above

image

Well, that’s it. Actually, while troubleshooting some incidents I was forced to request some info several time, just because I didn’t know what exactly I was going to need and I didn’t want to frustrate users with many commands or sending them a .bat file. Now I can give them only two commands and voila! I love it, really. IMHO this ability is just awesome even without taking network traffic capture, so I strongly advise to remember it!

Network trace without NetMon, WireShark, etc…

MC910216362[1]It is often necessary to capture and analyze some network traffic to troubleshoot a problem. Usually, it requires to install some software package similar to several stated in the subject to this article. It’s ok, when the computer in question is, say, your laptop, or its user is at least advanced user, has administrative permissions and it is permitted by a security policy to install some new software. But what if it is not the case? A user is some sales manager who don’t want to spend their time installing anything? Or this is a server, where you cannot change anything?

To cut a long story short, recently I’ve run into a totally awesome blogpost, where among other truly interesting things (the blog is in the top 5 of my most favorite, if not the most interesting, BTW) there was a solution for such a situation.

In short, you don’t have to install, say, Network Monitor onto a Windows7/2008 R2 box to get network capture. It can be done with the built-in tool, that is netsh. You still need

1) to be a local admin on the computer you are tracing

2) NetMon to analyze the package you receive after the capture is complete. But you can do it on any computer you wish.

How does it work? Just excellent 😉

1) Start the trace

netsh trace start capture=yes tracefile=<PathToFile>

image

2) Then reproduce the problem. I started my chrome (to much open tabs in IE 😉 ) and went to www.microsoft.com.

3) Then stop the trace:

netsh trace stop

image

Please notice, that the trace created two files: .etl and .cab. The ETL one is where our network trace is placed. The second… It makes the method even more awesome, but I will dedicate the next blog post to it.

4) Open the trace on any computer where you have Network Monitor installed:

image

Oops… What’s with parsers? If we take a closer look at the interface we’ll see the following:

Process: Windows stub parser: Requires full Common parsers. See the “How Do I Change Parser Set Options(Version 3.3 or before) or Configure Parser Profile (Version 3.4)” help topic for tips on loading these parser sets.

Well, some parsers are definitely not turned on. Let’s do it now, it’s easy (I have NetMon 3.4). Go to tools->options

image

Look at Parser Profiles tab:

image

and turn on the Windows profile by right clicking it and selecting Set As Active option:

image

That’s what we were looking for:

image

5) Now do all the NetMon stuff, for example I was looking for Chrome activity and, say, I need to look at DNS requests:

image

Isn’t that great? No, it is simply awesome, because we haven’t yet take a look at .cab file, which contains tons of useful info. But we’ll do it in the next article.

%systemroot%System32 secrets: defrag

The next command also seems to be used the further the less. Partly, probably, because performance of modern computers allows forgetting about the problem of fragmentation unless it is too late becomes huge. Partly because some myths about it have successfully died. But mostly because it is running by default once a week. Earlier (in 9x age) we had a nice GUI-based defragmentation program, now we have only a command line tool and very reduced (without that visualized fragmentation status: it was totally useless, but absolutely awesome. Hey, I believe that the fact we don’t have this magic now is probably the main reason we don’t need defrag 😉 ) GUI to manage it. Running this command in background (with low priority, by the way) on a regular basis means that we don’t have much of fragmentation:

clip_image001

But we also don’t have the magic =(

Anyway, if you don’t want “this bloody computer to operate your data” or are just not satisfied with the schedule, then you can switch it off in dfrgui program:

clip_image002

Change the time it runs in the same place, or create some sophisticated schedule in the task scheduler:

clip_image004

You can even implement some advanced logic, if you wish. Say, why even bother to run defrag if you see the picture like this:

clip_image005

You can write a script which checks for fragmentation, does defragmentation if needed, consolidates free space once in a while and do nothing at all other times.

Anyway, I’m quite comfortable with the default behavior, but even this fact doesn’t mean I have to know nothing about my options.

BITS Transfer PowerShell cmdlets

One friend of mine told me that I shouldn’t have spread knowledge about BITSAdmin command while there was the PowerShell cmdlets in place. Well, to some extent he is definitely right:

  • 1) PowerShell is better self-documented.

2) It is waaaay easier to script with.

3) It is more simple to use in some basic situations like “just give me that darn file”.

4) Many people just like PoSh.

So, the tasks I did in my post about BITSAdmin seems to be done in one command:

Start-BitsTransfer –source <URL> –destination <PathToFile>

but one need to do his homework better:

image

Seems like the module for BITS is not imported by default. Let’s correct the mistake:

image

and now we have our cmdlets:

image

So, let’s our download begin:

image

Excellent, isn’t it (it even show the progress very visually)? No, it isn’t. Because when I turned my network connection off the download was cancelled:

image

Even though it was stated that “BITS will try again” – it wouldn’t and there wasn’t any job registered with BITS. I don’t know why, actually (I hope my friend will explain it to me), but I found a “workaround”. Just add “-Asynchronous” option to the string and it will fork just fine for you although you won’t be able to see that beautiful download bar:

image

image

But even when the state changed to “Transferred”, there was only a .tmp file in my directory. Actually, when I started the command without “-Asynchronous” option, I’ve got the file immediately after the end of the transfer, but you already know that you cannot then resume the transfer if it was interrupted. Therefore, I had to complete the transfer manually:

image 

Not very big difference from what we did with BITSAdmin, I guess. And I couldn’t tell how to do is to monitor my jobs in fasion BITSAsmin /MONITOR does.

So, let’s sum it up:

1) PoSh is best for scripting

2) You can use for interactive tasks whichever command set you are used to, but remember, that BITSAdmin can be discontinued any moment

So, my best approach is, do everything I can with PoSh and monitor with BITSAdmin, until someone tells me how to do it with PoSh 😉

Migrate scheduled tasks from 2003 to 2008

Well, the time has come for me to learn at last syntax for schtasks what I was reluctant to do. Some time you have to migrate a task or a bunch of them from one computer to another. In my case it was even more “interesting” task: migrate some tasks from Windows Server 2003 box to Windows 2008 R2. If you have only one it is no problem to move it manually, but what if there are many of them? Here it is: the moment of schtasks’ triumph! =)

What it can do for us is to export 2003’s tasks into an XML file. Suppose we have task “Command Prompt” which launches cmd.exe once:

image

image

image

Now let’s use our secret weapon (run it from 2008 box):

image

In Task.xml we now have the following content:

   1: <?xml version="1.0" encoding="utf-16"?>

   2: <Task version="1.1" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">

   3:   <RegistrationInfo>

   4:     <Author>trofimov</Author>

   5:   </RegistrationInfo>

   6:   <Triggers>

   7:     <TimeTrigger>

   8:       <Enabled>true</Enabled>

   9:       <StartBoundary>2011-04-10T23:43:00</StartBoundary>

  10:     </TimeTrigger>

  11:   </Triggers>

  12:   <Settings>

  13:     <Enabled>true</Enabled>

  14:     <DeleteExpiredTaskAfter>PT0S</DeleteExpiredTaskAfter>

  15:     <ExecutionTimeLimit>PT259200S</ExecutionTimeLimit>

  16:     <Hidden>false</Hidden>

  17:     <WakeToRun>false</WakeToRun>

  18:     <DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>

  19:     <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>

  20:     <RunOnlyIfIdle>false</RunOnlyIfIdle>

  21:     <Priority>5</Priority>

  22:     <IdleSettings>

  23:       <Duration>PT600S</Duration>

  24:       <WaitTimeout>PT3600S</WaitTimeout>

  25:       <StopOnIdleEnd>false</StopOnIdleEnd>

  26:       <RestartOnIdle>false</RestartOnIdle>

  27:     </IdleSettings>

  28:   </Settings>

  29:   <Principals>

  30:     <Principal>

  31:       <UserId>System</UserId>

  32:     </Principal>

  33:   </Principals>

  34:   <Actions>

  35:     <Exec>

  36:       <Command>C:WINDOWSsystem32cmd.exe</Command>

  37:       <WorkingDirectory>C:WINDOWSsystem32</WorkingDirectory>

  38:     </Exec>

  39:   </Actions>

  40: </Task>

which we can now import to our W2008R2 box with schtasks or even through GUI:

image

image

image

Of course, doing that with schtasks is more efficient way to import more than one task, but GUI is much more spectacular 😉

Press a button–get the result

GPODo you know at which moment exactly does your GPO apply really? When you switch the radio button to “Enabled”? Or when you close a GPO console? I’ve been wondering about it for some time (but of course I was to lazy to test it myself 😉 ), but some time ago, while being on a training I asked a trainer and we conducted experiment on spot, because he didn’t know it either. During the experiment we got proof that the settings you change are implemented as soon as you press the “OK” or “Apply” button with this particular setting. You don’t believe me? Test it yourself or watch the short clip about it if you are lazy too (but remember: my English is far from ideal =( ):