Orphaned Site – Plus a missing RID Master?

I was hanging out with a great bunch of guys at an IT shop in Colorado. They had me over for a few weeks upgrading their DC’s to 2008 R2 (a smart move for any customer) and I ran into a bit of a snag.

Each branch had two DC’s equally load balanced to service DNS, DHCP, and authentication requests from clients. As they were all 2003 32-bit, they all had to be reloaded. I figured the best way was move roles to the partner, nuke/pave, rinse/repeat.

On the second branch, working on promoting the second DC, the error came up that “Windows cannot create the object because the Directory Service was unable to allocate a relative identifier” which usually means the RID master has toumbstoned or has been down so long the DC’s can’t refill their buckets.

But in this case the RID master was up and healthy.

What happened was the first domain controller, after having been brought offline, notified the other DC at that site… but for some reason that DC didn’t check in with the mothership and let the rest of the domain know about it. It also didn’t bother to let them know when the newly loaded server joined the domain and became a DC.

I didn’t notice this, so when I killed the other box and reloaded it with 2008 everything was find until I tried to DC Promo the thing. DC #1 wasn’t able to bring DC#2 into the environment. The existing DC’s didn’t know who he was, even though as far as he was concerned – everything was fine.

I ended up having to dcpromo the other box down and start over. I had to wait until after hours to do it though – didn’t want to impact any users (the incorrectly joined DC had no idea he wasn’t feeling much love so he kept servicing user requests). But when I dcpromo’d them the second time I used the advanced settings and pointed them to the DC’s at the main office.

Lesson learned – but if you get errors about a missing RID master, that could be your problem.

Telnet Client Missing from Windows 7, how to quickly fix this

I see a ton of people griping about the fact that telnet is missing (by default) from Windows 7.

This is actually because we (the IT industry) kept asking for thinner, more secure, etc.


This is incredibly easy to work around… you’re generally already at the command line… so from a DOS prompt all you have to do is type this:

pkgmgr /iu:”TelnetClient”

And you’ll have your telnet client back super fast! (make sure and give it a minute or two to finish, this runs silent)

You have to be a member of Local Administrators group in order to run ADMT

If you get the following error:

You have to be a member of Local Administrators group in order to run ADMT. : Access is denied. (0x80070005)

You are likely not running the command from an elevated command prompt. When you search for the error there are a lot of blogs talking about adding yourself to the domain admins group on both domains. This is true – but it is not your issue.

Re-run with elevated permissions.

(actually your first hint would probably have been that you got the error ” ‘admt’ is not recognized as an internal or external command, operable program or batch file.” and had to change to the c:\windows\admt directory)

Bulk user and computer creation in AD

If all you need to do is create a bunch of users and computers for a test environment you can use these simple little scripts at the command line – just change to your domain/OU:

FOR /L %i in (1,1,500) DO dsadd user “cn=MyUser%i,ou=MyOU,dc=domain,dc=local” -samid MyUser%i -upn myuser%i@domain.local -fn My -ln User%i -display “MyUser%i” -pwd P@ssw0rd -disabled no

FOR /L %i in (1,1,500) DO dsadd computer “cn=MyClient%i,ou=MyClientOU,dc=domain,dc=local”

How to get Adobe Acrobat Reader without using the Download Manager (DLM)

If you’re like me and you don’t like adding MORE silly IE helpers or add-on installers or other stuff that just takes up room. Especially in cases like this when we’re talking about a 35 meg file.

Just go here:


and skip the whole thing. Pick your version (10 is the latest as of this writing) and your language (en-US) for me and grab the exe file.

NOTE: most companies have a public FTP site. If you can stand browsing around a bit, you usually can find things like previous versions and skip little add-on’s like these.

Fingerprint reader displays in device manager, not in biometric devices

I’ve noticed a number of postings lately with people trying to enable their fingerprint readers. They can see the device in device manager, but there isn’t a biometric devices option listed in the control panel. If they go through help and support and search for biometric devices they have found that they can launch the applet manually, but they see “Windows did not find any biometric devices on this computer. You might need to attach your device or install device drivers.”

Well, obviously it is present and has drivers installed if it shows up in the device manager right? Right. But, there is a caveat. Not all fingerprint readers are classified as WBF (Windows Biometric Framework) compatible and thus, will not enable the CPL (control panel applet).

But there is usually a solution.

Generally all you have to do is make sure you got everything you needed. There is a lot of advice about finding alternate drivers or uninstalling/reinstalling the device in device manager… but generally speaking you’re missing something much simpler than that.

I have seen this on Dell, HP, Lenovo, Toshiba, etc etc etc. So the big guys have this issue too. Problem is if they are trying to keep costs down they might be integrating a non WBF compatible fingerprint reader into their laptop/tablet/netbook/whatever. If so (as long as you didn’t buy the device from Bob’s Auto Transmission and White-Box Laptop Sales) you probably missed something on the downloads page. The big guys usually have a framework of their own.

So for instance, if you GO HERE you’d notice that for the Validity Fingerprint Sensor you have a driver clearly listed with a pretty download button right next to it (just like if you were on Dell’s website for a similar laptop. But if all you run is the drive, you’ll miss the fine print on the driver page (which says, “NOTE: To use the fingerprint sensor, HP ProtectTools Security Manager must be installed.”)

If you miss that you’ll be pounding your head for hours, or just give up and forget about that super-cool fingerprint logon thingy you planned to impress your friends with. Well, the HP ProtectTools suite is on that same page (just like with IBM, Dell, etc) to get around this problem… but people miss it.

This brings up the subject, why don’t the manufacturers of these 3rd party devices just get their stuff certified? I don’t know the answer to that but it has been going on for a long time. Sometimes… the hardware manufacturers just don’t know, don’t care, or maybe… they don’t like Microsoft and refuse to submit their drivers. Most likely the reason is the manufacturer wants to have a single tool that will work with whatever version of Operating System the user has. Whatever the reason – go back to your downloads page on whatever support site your manufacturer has listed and look again. I bet you missed the “alternate” biometric interface suite.

Understanding why Decimal isn’t any cooler than Binary, Octal, etc

We all live in a world of ten.


Because we evolved into creatures with ten fingers and toes.

So, we built a numbering system (quite naturally) based on how many things we could count using the digits we could see in front of our face. Even the word ‘five’ has it’s roots in the word ‘fist’.

But does this:


really represent the number ten?

Does it? Well, for us sure. But why? And, does it have to?

Why can’t this be ten:


Well, that’s the trick see.
We have been on a decimal (ten) base numbering system ever since we were kids and learned to count. So we have trouble thinking that other systems are just as valid. For a long time I felt that a creature that used another numbering system must feel a strange nagging sensation that there was something strange about how his numbers never really came up to nice round numbers like us lucky humans.

Let’s think about some aliens for a sec (which I always think is fun). Imagine that some alien civilization evolved with eight fingers. Imagine what sort of conversation you might have with one of them if you met up in some celestial bar while changing flights between Alpha Centuri and Wolf 359 for your vacation. And say your discussion turned to the number ten. Maybe because you’re doing shots and talking about who can put down more Romulan Ale. This might be tricky for you because to you this:


would be ten shots for you and this:


Would be ten shots for your new-found friend. Why?

Well, let’s think about the number ten for a second. We think of ten as a nice round number because, well, it’s the combination of the digits 1 and 0 (and it is the number of fingers most of us have – making it our roll-over number). And naturally we would have a tendency to think of anything that doesn’t look like this:


to be something other than ten. And if you’re the surly sort you might even get into a heated exchange with your octal-ten-base-shot-shooting companion. The reality is that you are both right, they are both ten, he just has a different placeholder for that particular number.

You see, to him – the numbers 8 and 9 don’t even exist. But wait, you’re probably thinking I mean the numbers 9 and ten don’t exist. That for him to count your shots he would say 1,2,3,4,5,6,7,8,10,11 – right? Well, you see, that’s where a lot of the confusion comes from. For him, the counting would actually go like this:

1,2,3,4,5,6,7,10,11,12 – like you he rolls over to 10 on his last finger.

So he figures you’re doing 12 shots whereas he is doing 10. To you, this lightweight is cheating and only doing 8 shots while you’re putting down ten. So again, to him… the numbers eight and nine have no meaning to him. A “round” number to him is still ten, and 100, and 1,000. Just like you. He just have different placeholders. So if you looked at his numbering system it would look like this:

and so on until:

So if he grew up in a world where everyone had eight fingers, this would feel completely natural – as natural to him as you feel about your round numbers. And all you have to do is some simple conversions to keep the conflict to a minimum. Either you do 8 shots at a time or he does 12. Or you could just order a nice Makers, neat – or a Glenlivet – single malt is always going to be 1 malt no matter what numbering system you use.

But what if there’s a fish sitting beside you guys. Apart from the seriously challenging prospect of actually DRINKING against a FISH, there’s going to be some challenges there as well number-wise. Fish obviously don’t have any fingers so (in case you weren’t aware of this little known fact) fish count with their fins. This might sound a little weird but again – not weird to them. They find it perfectly natural. This is binary – and in reality it is the simplest numbering system around (you can’t have any less than two digits and make anything happen). Any REAL communication we might ever have with true aliens will be likely to start with the universal language of math – and it will likely be a binary communication system until more complex systems can be established.

So we start with 1. And that’s where we roll, direct to 10. So for him:

Though while binary is simple, as you can see – it gets pretty long pretty fast. It’s wicked easy to add though. But to continue:

So as a boost to your morale, in his numbering system you are doing one thousand and ten shots. Might seem strange to you but again… this is just a placeholder for the same thing:




As it counts, notice that each time it is simply one and then ten. One and then ten. Your octopus fingered friend is 7 and rolls to ten. You are 9 and roll to ten. He just rolls to ten after using up one.

Where this gets a bit more challenging is trying to decide how many shots to order if the bartender is a fish. You know you want 10 shots but if you order that and only get 2 you’re going to be disappointed. But I will cover conversions in another post – once you have the basics I can teach you some pretty simple (and easy to remember tricks) to converting between the various numbering systems.

But for now it doesn’t matter because the bartender is a fish – and as everyone knows fish are notoriously bad at serving drinks so you would not likely get what you ordered anyway.

What does matter is why I picked octo-boy and a fish as your drinking companions.

Computers operate from a basic technology based on, and evolved substantially from, old-style relays (little electromagnet switches). Switches are either on or off. String a few relays together and you can build the basic functionality of what a transistor does – and if you string a few million transistors together you’ll have a processor, the brain of a computer. String the relays together a little differently and you get what’s called a flip/flop, which became the basic building blocks for how memory (RAM) works… But everything breaks down to tiny little switches turning on and off as electricity (which is either on or off) flows through them. This is why computers are said to speak binary. Because their entire make-up breaks down to a series of mechanisms that are either on or off and any given time (represented by us as 1, on, or 0, off).

So how do you communicate with a device that only knows how to count in 1’s and 0’s (on’s and off’s)?

Just create a map between our language (letters) and something that fits into its capabilities. In order to do that you have to take a look at our language, and put yourself in the minds of the people building the first computers. They didn’t have millions of tiny transistors that could fit on your fingernail – they had relays, logic gates, vacuum tubes and the like. They had limited resources and therefore needed to find ways to do things without adding complexity.

Thus, the question. What is the least complicated way to build a map between our language and the language of a fish (binary)?

The answer is take every character you need (numbers, letters, punctuation, etc.) and map them to numbers in binary, which as you saw grow in length pretty fast. The longer the number, the more switches you need in order to process all the on’s and off’s.
So how many do you need? Well, first – let’s explore what options we have.
One binary digit gives you two possibilities (0 & 1) which I suppose you could match to A & B or 1 & 2. Two binary characters (as you saw before) have four possible combinations (00,01,10,11). You could match this to A,B,C, & D or 1,2,3, & 4. This is obviously not enough to get very far so let’s take a deeper look at what combinations we have available. The column on the left is how many binary digits we’ll use and the column on the right is how many combinations you can get from them:

1 2
2 4
3 8
4 16
5 32
6 64
7 128
8 256
9 512
10 1,024

If you have been working with computers for any length of time these numbers may look familiar to you. Memory, hard drive sizes, color depth on monitors and video cards, speeds, etc. If you’ve been working with computers for a really long time like I have the number 256 is probably the one you’ve seen the most. This is no coincidence. And it turns out – that is the answer (bet you already guessed because octo-boy sort of gave it away). With 8 binary digits (bits) you get 256 combinations. With 256 combinations you can map enough characters to our language to be able to do something useful with a bunch of little tiny switches. Including case, punctuation, numbers, etc. Here is a sample of what it looks like:

01100001 a
01100010 b
01100011 c
01100100 d
01100101 e
01100110 f
01100111 g
01101000 h
01101001 i
01101010 j

This is an actual example of mapping from binary to our language. This may be something of a simplification, we didn’t cover HEX (hexadecimal) machine language or the like. But basically what you have is eight bits, which is what a byte is. A byte of EIGHT bits is simply what we picked to use to represent our language because the people building computers back in the day had limited resources. The needed a way to build the bridge as simply as possible. It would have been human nature to go ahead and build a ten bit byte – giving you 1,024 different slots to fill up with human numbers, letters, and symbols.

But at the time that was just unnecessary in their minds. They knew that there was no reason to go with ten just because we have ten fingers. They understood that an eight base was just as valid as a ten base system.

OMSA email alerting without ITA

It goes without saying that if you’re not monitoring your server for hardware failures you’re asking for trouble. Most hardware vendors have an agent that runs on the system. These agents generally are built for 1-to-1 management, but also conform to open standards (such as MIB’s on SNMP) for many-to-one management.

With Dell the agent is called Open Manage Server Administrator (OMSA) and the one-to-many software is IT Assistant (ITA). Both are free downloads. The rub? OMSA does not have an email component, so most customers set up ITA to capture those alerts for email distribution. Well, for people with only a handful of servers, setting up ITA might be overkill.

So thanks to Paul Murana, this is REALLY easy. Here’s how:

So basically what you’re going to do is put OMSA on your server so it has the MIB‘s loaded into SNMP. Without going into too much detail, MIB’s are interpreters that tell SNMP how to understand what hardware is on your system, and how to read the status of that hardware. Then you’re going to download a script, modify a couple of lines to fit your environment, run a test to be sure you get email, then run an install script that Paulie has built into the script which will configure OMSA to send you email when something goes wrong.

  1. If you haven’t already, download OMSA from the Dell website and install it on your server (this link usually points to the latest version).
  2. Download DellAlert.zip and extract to c:\ on your server
  3. Edit the file (DellAlert.vbs) and change the following to fit your environment:
    • EmailFrom: change this to the address you want to show up as the from address
    • EmailTo: change this to the email address you want to get the alerts
    • SMTPServer: change this to the name or IP address of your mail server
    • MailSubject: change the word SERVERNAME to your server’s name, leave the rest of this line alone
      *NOTE: if your mail server doesn’t allow relay on your local network or from the IP address you’re installing this on, you’ll need to add a username and password to the SMTPUser and SMTPPass fields as well.
    • Save the file.
  4. Run:
    cscript dellalert.vbs testemail
    from a command prompt on your server. You’ll get a test email if you configured everything correctly. If not you’re probably going to need to edit your mailserver to allow relay or you entered an invalid username/password combo.
  5. Run:
    cscript dellalert.vbs setup
    This calls a bunch of “omconfig” commands (a command line utility used for managing OMSA)_which will set up all of the alerts to send email.

Now, you’ll want to test the setup – so let’s do that without impacting the server. The easiest way is to change the temperature thresholds so the server thinks it is in trouble. This takes the risk out of pulling a power cord or some other real-world test.

  1. Log into OMSA (when you installed it, a shortcut called “Server Administrator” was placed on the desktop)
  2. Expand Main System Chassis and click Temperatures. Click System Board Ambient Temp. You’ll notice the “OK” temperatures are listed – we’re going to fool the server by changing these temporarily.
  3. Change the radio button from “Set to Default” to “Set to Values” and change the Maximum Warning Threshold to 9 degrees (or anything less than the “Current Reading” in the graphic).
  4. Click Apply changes. If everything is working you should get an email almost immediately.
  5. Change the radio button to “Set to Default”, click Apply Changes (to put everything back to normal)

Congratulations! If you made it this far you’re all set up! You should get email alerts on any of the conditions listed below. If you don’t want any of them, you can manually turn them off one at a time inside of OMSA under the alert management tab. Just un-tick the “Execute Application” checkbox on any of the alert actions you’re not interested in.

Power supply failure
Power supply warning
Temperature warning
Temperature failure
Fan speed warning
Fan speed failure
Voltage warning
Voltage failure
Chassis intrusion
Redundancy degraded
Redundancy lost
Memory pre-failure
Memory failure
Hardware log warning
Hardware log full
Processor warning
Processor failure
Watchdog asr
Battery warning
Battery failure
Power warning
Power failure
Peak power
Removable flash media present
Removable flash media removed
Removable flash media failure
Storage System warning
Storage System failure
Storage Controller warning
Storage Controller failure
Physical Disk warning
Physical Disk failure
Virtual Disk warning
Virtual Disk failure
Enclosure warning
Enclosure failure
Storage Controller Battery warning
Storage Controller Battery failure

Serious props to Paulie for designing this awesome little script!! Read more about it and his other tips and tricks here:

Tiering, it’s not just for storage anymore!

I want to talk a little today about the concept of what I’ll call “Tiered X”. Yes, if you work in a datacenter or in IT for a company that has one, you’ve probably been approached by a vendor or partner to talk about tiered storage. If you haven’t you will be.

But tiered storage is certainly not where you should stop having those discussions. Without using the term you’ve probably already thought about application tiering (did you ever cluster or set up DR (disaster recovery) for anything important to your business for instance?) But have you considered things like how you tier your hypervisors? Or your network? Or your power distribution? Or even what you report back to the business for successes in uptime?

Well, let’s cover a few topics that have become important to some of my larger customers in recent months.

For those of you who haven’t really given any thought to tiering in general, I’ll use storage as the basis for the concept as this is the most prominent. Basically we’ve been just keeping the lights on and going with status quo as an industry. We standardize on something and then… well? We sorta’ leave it at that sometimes.

And data is in out-of-control sprawl mode. People are generating so much information these days the numbers are staggering. Literally 95% of which will never be accessed again! (and 60% of which is from my 15-year-old’s text messages). We’re filling up SANs left and right, buying new suitcases full of disks whenever we hit whatever threshold we believe justifies expansion. We’ve hit critical mass on this folks. And if you don’t want to see ad’s in the hiring classifieds with a title of “SAN Janitor” we’ll need to act.

So, enough marketing babble. What are people doing? Simple, they’re investing in less expensive storage options to parallel their existing storage infrastructure and rating the data on their network. If it’s critical to the business, it goes on the expensive stuff – the rest goes on something more economical. For instance, I have several customers who use a mix of PowerVault, EqualLogic, and EMC. They’ll throw a PV MD3000i on the network for low-end stuff like ISO images, rarely used (but backed up) databases, archived documents of terminated users, etc etc. They will use EQL for mid-range, important data. And they will use a solution like EMC for critical data. A lot of them are also investing in devices like DataDomain, which will help with data de-duplication – but that’s a whole other topic. Bottom line is, if the data isn’t critical don’t put it on high-end storage. If you’re married to your storage vendor or just don’t want to introduce more brands into your environment because you’re standardized, talk to your vendor about their lower-end options. They’ll listen.

But, why stop there?

Look at your port costs. I love Cisco, don’t get me wrong. But on some of your servers that you could classify as less critical, you might think about shopping around. Remember most vendors have similar command sets to Cisco IOS. And companies like Dell and HP have some really attractive offerings that both beat the cost (and in some cases outperform) the 800-lb gorilla. Dell has even partnered with Juniper and Brocade recently to expand to end-of-row and core switching – so don’t forget to look at some of your other options out there. Standardization is cool, but is it really worth the expense for every server in your datacenter? You should at least be weighing in.

Same goes with power. Without digging too deep, give some thought to how much of your datacenter is plugged into that high-end UPS. Does the server that runs your company’s test-and-dev environment really need to be drawing that much voltage, or would those expansion dollars be more effective buying a lower end system next time around and moving some of the less-used stuff next round?

But one clear miss I’m seeing out there is with hypervisors. I’m a VCP and would never trash VMware. Would I argue if someone told me that Vsphere has more features than Hyper-V? No. But I pose this question. Does it matter? No, seriously… look at the feature comparison. How many of those features are you really ever going to use on your lower-end systems? Is it really worth all that extra money to have all your VM‘s on the same type of host? That’s a question you’ll have to answer for yourself… but I will say that if a standardized interface is your cup of tea, then check out SCVMM (System Center Virtual Machine Manager). It can manage both hypervisors! (yes, shameless Microsoft plug, sorry – still, it’s true)

So what are you really losing? I’m not going to list this out in a feature comparison chart – there’s 1,000’s of them out there already. But go find one (make sure it’s up to date, lots of old inaccurate info out there about limitations with Hyper-V) and ask yourself the real questions and weigh in on the price you’re paying. You might find that tiered VM’s makes more sense than you thought! Though, I think I may have to give my opinion on one feature differentiator. Over allocation of RAM. OK, seriously? Guys? If that’s important to you…. if you’re honestly putting production systems online on hosts that don’t have the infrastructure to run at capacity, please send me your address. I’ll come out there, grab your end users, head back to the IT Department and take turns smacking your wrists. 🙂

Over allocation + Production Systems = Bad Mojo

Even in your test, dev, and lab systems – how can you really get accurate results on tests if you’re running under capacity? How will you really know if you are testing for the real world? OK – jumping off my soap box.

So in conclusion, give some thought to your infrastructure. Is your Cisco guy telling you to buy more port licenses because he’s comfortable with the interface or the convenience of managing one system? And, do you really need something like Nexus just yet? Is your server team telling you to buy VMware because they like having all their VM’s in one VCenter window? Have you thought of the fact that one Windows Server Datacenter edition license comes with unlimited Windows Server licenses to run as guests under the host?

Maybe in your case, it’s all justified. Food for thought though, Cheers everyone!

The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click “OK” to restart the computer and then restart installation.

OK so I got the error: The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click “OK” to restart the computer and then restart installation

Seems a few others are seeing this – not a lot of good information out there about it so let me explain what I did to fix this.

But first, seems appropriate to mention how I broke it.

I was building an image (Windows 7) to test with Windows Deployment Services (WDS) and I decided I wanted a custom install with Office pre-installed. I built the VM and ran sysprep. But I forgot to pick shutdown and chose restart. When the VM started I realized what I had done and shut it off. That essentially left the computer in limbo – it is trying to run setup but the setup process is damaged.

So what you have to do is convince the computer it’s not in setup anymore. This information is in the registry under HKEY_LOCAL_MACHINE\SYSTEM\Setup

But the conundrum is, how….

to get to the registry if you can’t boot into the desktop?

Well, what you need to do is to load that hive offline. The best way to do this is to boot to your install media (which runs Windows PE) and get to the command prompt. As soon as the installer gets to the first screen hold down shift and press F10. It should look like this:


After pressing Shift+F10 it will look like this – so type “regedit” and hit enter:


And the registry editor will open. Now here’s the challenge, the registry you’re looking at is not the settings for your computer. Your machine is offline, this is the registry hives for the Windows Preinstallation Environment (PE) and changing them won’t help you so you need to load YOUR computer’s System hive.

Here’s how. First, click and highlight the HKEY_LOCAL_MACHINE as shown:


No go to File->Load Hive:


And browse out to d:\windows\system32\config. (note the drive in this case is D: not c: remember that your computer is offline, this is why it won’t be under c:\):


Now you will need to give it a name, I called mine system2:


After this you will be able to access the offline system hive by expanding the tree as shown until you get to setup (make sure you expand system2 not system:


After exposing the offline values you’ll see that the hive has a bunch of stuff in there about ongoing setup processes. We’ll need to change these. Specifically, you need to zero out the OOBEInProgress, SetupPhase, SetupType, and SystemSetupInProgress by double-clicking each one and putting a “0” into the value field.

You will also want to clear out all of the text in CmdLine (which currently has the value of oobe\windeploy.exe)

Here is a screenshot from a good system’s registry:


Now you should be able to restart the computer without it trying to load a setup process.

Hope this helps!