In-Depth

88 High-Voltage Tips

Become the network master of all your domains. This ultimate guide spells out new, smart ways to upgrade systems, set up services, monitor traffic, install applications and more—better, faster, cheaper.


Create a “Virtual” Test Machine
Are you trying to simulate a client/server environment with a limited number of physical machines? A few products let you run multiple operating systems at the same time on the same machine. Both OSs will run at the same time and, because they function independently, you can treat them as different nodes on your network. For example, you can run RedHat Linux, Windows 98 and Windows XP, all on the same machine, at the same time (if—and this is a big if—you have sufficient system resources). If this sounds interesting, be sure to check out VMWare Workstation (www.vmware.com) or VirtualPC for Windows (www.connectix.com). These products are also great for QA departments that need to test on multiple operating systems.

—Anil Desai

Upgrade a Single CPU Kernel to a Multi CPU Kernel

  1. Install the hardware, including any BIOS updates needed, and make sure the BIOS sees the new CPUs.
  2. Boot up Windows 2000 with the new hardware installed.
  3. Go to the System Control Panel. Select the Hardware Tab. Click on the Device Manager button.
  4. Double-click the Computer Icon. Right-click “MPS Uniprocessor PC” and select “Properties.”
  5. Select the Driver Tab. Click the “Update Driver” button.
  6. The “Welcome to the Upgrade Device Driver Wizard” screen comes up. Click Next.
  7. Select “Display a list of the known drivers for this device so that I can choose a specific driver.” Click Next.
  8. Select “Show all hardware of this device class.” Under Manufacturers, select “Standard Computers.” Then select “MPS Multiprocessor PC.” Click Next. Then click Next again. It will copy the correct kernel and HAL files. Click Finish.
  9. Close all windows and reboot.
  10. To switch back to a single CPU kernel, just reverse the process.

—John MacGown

More High Voltage Tips!

 Tips 26-40,
Plus 6 Tips on Exchange Transaction Log Management

 Tips 47-53,
Plus Tips 54-64 (Exclusively Online)

 Tips 65-88 (Exclusively Online);
Contributors' Bios

Show All Registered Devices
The Windows registry keeps track of all hardware devices installed on your Win2K, XP, and .NET Server machine. The Device Manager only displays the hardware devices currently connected to the machine. Hardware not currently connected, such as a USB device or a FireWire hard disk, won’t be shown. Over time, a lot of devices can be registered, particularly if you connect the same device to different USB ports. By using an environment variable, you can have the Device Manager display all the hardware installed on the machine. Set “devmgr_show_nonpresent_devices” environment variable to “1” using the System Properties dialog. Alternatively, just type “set devmgr_show_nonpresent_devices=1” at a command prompt. Then, using Device Manager, make sure the “Show hidden devices” option is set on the view menu. Normally when “Show hidden devices” is set, only non-PnP devices are shown. With the environment variable set, Device Manager also shows disconnected hardware using a semi-transparent icon. You can then uninstall the device and all the associated drivers.
—Charles Oppermann

Does That BIOS Support ACPI?
There might be a time when you need to upgrade your computer’s BIOS, but are concerned about whether or not you have a BIOS that supports Advanced Configuration and Power Interface (ACPI). A quick way to check is to run the APMSTAT utility from the Support\Tools folder on the Win2K Professional CD.
—Derek Melber

Moving from APM to ACPI
If you currently run a system that supports Advanced Power Management (APM), but want to upgrade the BIOS to a version that supports ACPI, then you’ll need to think before you dive in. If you upgrade the BIOS without taking care of the existing OS, you’ll certainly see a blue screen at the reboot. The problem is that the APM and ACPI HAL.dll are different for Win2K. In order to get the correct HAL installed, you need to run through the initial stages of the installation. At the beginning, when it asks you to press F6 for a SCSI driver, press F5. This will allow you to select the proper HAL for your newly upgraded ACPI BIOS.
—Derek Melber

Tips

Find Applications with Where
If you have multiple copies of the same executable or batch file on a machine, it can sometimes be difficult to determine which one gets launched. The Where utility in the Resource Kit follows each branch of the path variable in the environment searching for a specified executable or batch file and listing the result. Where can also work recursively, starting from a particular folder and searching all branches below that folder.
—Bill Boswell

Compromising Look vs. Function in XP
You can keep the stylish new look of XP but still use the tools that you’re familiar with. Simply right-click the taskbar, select “Properties” and then click on the “Start Menu” tab. From here you can specify that the Classic Start Menu will be used, and all your tools will be right where you’re used to finding them. (Now, if only we had a choice for the “Windows 3.1 look,” some of you “old dogs” who don’t like to learn new tricks would be happy too.)
—Chris Brooke

Shift Between Command Prompt and GUI
I prefer working at a command prompt, but there are times when it’s handy to use a graphical interface for displaying files. You can open Explorer in a My Computer view from a command prompt using start. (note the “dot” after start.) If you want to put the focus of Explorer on the parent folder, enter start.. (with two dots after “start”). To get the reverse action, to open a command prompt in a folder from Explorer, use a tool from Power Toys called cmdnow. You can streamline this process even further by putting an Address Bar in the taskbar. Do this by right-clicking in the background of the taskbar and selecting Toolbars | Address from the flyout menu.
—Bill Boswell

Create a SuperConsole
With Windows NT 4.0 you had to go to individual administrative tools to work on different facets, but now you can create your own personal management consoles in Win2K that include all the tools you need (or want). This is a great way to manage your administrative needs in a central location. It’s not hard: Go to Start | Run then run MMC.exe, Add/Remove Snap-In to get the tools you need.
—Peter Bruzzese

Tips
Recover from File Transfer Problems
Imagine this scenario: You’re copying thousands of user folders and files between servers when a file that’s locked as “in use” causes the process to fail. You correct the network issue and want to complete the file copy operation with only the files or folders that have failed to copy. Here, a “No to All” button would be priceless, as it would save you from having to hit “No” thousands of times, just to prevent the re-copying of all of the files and folders. Fortunately, there’s an undocumented way to give this response: Just hold down the Shift key when you click No. This is interpreted as a “No to All” response, and it can save you hours of frustration!
—Anil Desai

Create a Web-based Performance Dashboard
Many third-party vendors would have you believe that you need to spend thousands of dollars to create a performance-monitoring dashboard for the machines you manage. However, there’s a much cheaper way to get useful results. In Win2K (and later), the familiar Performance Monitor tool is now implemented as an ActiveX control. This means you can embed it in a Web page. In fact, when you save the settings for a Performance chart, it’s saved as an HTML file that can be opened in Internet Explorer. With just a little imagination, you can create a simple Web page that includes several different Performance Monitor charts.

Dashboard
(Click image to enlarge)

And, since you can monitor as many different machines and statistics as you like, you can create a simple “dashboard” that allows you to monitor performance for all of your critical machines in one place. Drop the page on your intranet (with the necessary security, of course), and you’ve got a homegrown monitoring solution that can be built in as little as 10 minutes!
—Anil Desai

10 Tricks for Troubleshooting
Active Directory Replication
  1. Orphaned server objects. Usually caused by removing a DC from the domain without demoting it first. The solution is to use NTDSUtil to delete these objects. (See Q216498.)
  2. DC unavailable or Domain can’t be contacted. Caused by physical failures, network failures or DNS misconfiguration failures.
  3. Incomplete or incorrect replication topology, possibly insufficient site links to perform replication to all DCs, usually with event 1311 errors in the Directory Service log. The solution is to analyze the topology and make sure there are sufficient site links to replicate among all sites and all subnets used are mapped to a site. This could be caused by orphaned server objects or a DC that was simply unplugged and not demoted first. See Q214745 for resolution of this error.
  4. Misconfigured DNS. Ask yourself:
  • Are the DC’s IP properties pointing to the correct Windows 2000 DNS server that’s authoritative for that domain?
  • Are any delegations for child domains pointing to the correct DNS servers?
  • Are the DNS servers accessible and online?
  • Does name resolution work? Can you ping the domain name and the DC name?
  • Are there duplicate connection objects in the Sites and Services snap-in?
  1. Are DCs really domain controllers?
  • The Net Share command from a command prompt should show netlogon and SYSVOL. If not, DCPromo was not successful.
  • The Net Accounts command shows the Computer Role of DCs as “Backup.”
  • Go to the Users and Computers Snap-in and from the View menu, enable “Advanced Features.” In the tree, go to System, File Replication Service, Domain System Volume. There should be a folder with the Computer name if the machine is a DC.
  1. Check for network or domain errors in the output logs of Netdiag.exe and Dcdiag.exe, and check the Replication Monitor’s status report (in replication monitor, add server, then right-click on it and select generate report). Also check the Directory Services log, the System Event log, and the DNS log.
  2. Use repadimin from Support Tools. On every DC, execute the command, “repadmin /showreps.” This will tell you if replication was successful and when it happened.
  3. Use ReplMon from the Support Tools to get a summary of all replication errors for all DCs in a domain. In ReplMon, go to the Action menu in the task bar, then to Domain and select the only option—”Search Domain Controllers for Replication Errors.” On the next screen, click the “Run Search” button at the bottom. In the next screen, enter the FQDN of the domain to search and click OK. It will return all events from all DCs in the domain that relate to replication failures.
  4. Error 1722: The RPC Server is unavailable. This means the DC couldn’t be found for some reason. Check DNS, physical connections, verify that the DC is really a DC, and run Netdiag and DCdiag. Also check for firewall misconfiguration.
  5. Error 1265. The attempt to establish a replication link (then identify the partition) failed. Could be a DNS Lookup Failure. Perhaps it couldn’t find the DC for this domain. (Follow the steps for event 1722 above.) Perhaps the target account name is incorrect. A possible solution is offered in Q281485: “Name Collision in Active Directory Causes Replication Errors.”

—Gary Olsen and Ann Lovell

Instant Remote Storage Services
Say you have a relatively expensive and fast RAID array with storage space being pushed to its limit. RSS is a solution included with Win2K that uses an intelligent method to calculate file usage based upon your configured criteria and determine when files haven’t been accessed beyond your specified limit. It can then move those files off to a library that will keep track of where those files are. The RSS service uses reparse points to redirect your users in the event they do try to access those files. Bottom line: The files are still available but off your production RAID box.
—Peter Bruzzese

View Network Packets
If you like to use Network Monitor for troubleshooting, you probably get frustrated because it only reports traffic to and from the interface on the server, not all traffic seen by the interface. SMS, on the other hand, comes with a promiscuous mode version of Network Monitor that can report all traffic it sees. The problem with the SMS version of Network Monitor is that it lacks the most current parsers that show specific contents of captured packets. You can get the best of both worlds by replacing the entire Parsers folder for the SMS version of Network Monitor with the Parsers folder from the .NET Server version of Network Monitor.

(Click image to enlarge)
(Click image to enlarge)

This will let you see detailed contents of LDAP queries, Kerberos authentications, DNS transactions and other critical processes in a Win2K and .NET system.
—Bill Boswell

Tips

Let Non-Admins Install Applications
You probably don’t want to give full local Administrator privileges to the average user. However, it can be frustrating for users to wait for a field technician to install applications that aren’t pushed out to the desktop. For applications that use a Microsoft Installer (.MSI) package to handle installation, a developer can set a flag in the .MSI script to elevate the user’s privileges sufficiently to install the application. Not all developers set the flag, though. You can set a group policy that temporarily elevates the privileges in all cases when installing applications that have an .MSI package. The policy is called Always Install With Elevated Privileges and is located in User Configuration | Administrative Templates | Windows Installer.
—Bill Boswell

Launch MMC Tools from the Run Command
If you would rather avoid navigating the Start menu, you can use Run to launch any of the MMC-based administration utilities. All you need to know is the name of the .msc file corresponding to the tool. For example, AD Users and Computers is dsa.msc, where dsa stands for Directory Service Agent, an acronym denoting a server that hosts a replica of an LDAP directory service. The AD Sites and Services console is dssite.msc and the AD Domains and Trusts console is domain.msc. To get a full list of the MMC console names, search the hard disk for files ending in .msc.
—Bill Boswell

Featured