Home » 2012 » March

NetBackup Status Code 2 none of the requested files were backed up

STATUS CODE 2: Microsoft SQL backups fail with a NetBackup Status Code 2 “none of the requested files were backed up”

SQL Client Configuration:
1. Configure the NetBackup client service (Admin ToolsServices) to run as the account that you are logged in as and then restart the service (Figure 1).
Figure 1

2. Open the NetBackup MS SQL GUI a prompt to ‘set your DBMS Login Parameters‘ will appear.  Reenter the same account info that the NetBackup client service is running as (Figure 2).
Figure 2

3. Choose ActionsBackupDatabase and select the database(s) to be backed up, enter the policy name (this is optional) and select ‘save for later execution‘ and then click on OK.  Enter a file name and then save.  If the script is saved in the default location, only the script name is necessary to be referenced in the policy.

4. Client configuration portion is now completed, please perform the next steps from the NetBackup Administration Console.

MS-SQL-Server Policy Configuration:
1. OpenCreate a MS-SQL-Server policy.  Verify that the Default-Application-Backup schedule is set to 24 x 7 and add a new schedule type ‘automatic backup‘ and set the start window to the desired schedule in which SQL backups are to be run.
2. On the Clients tab addverify that the client name is entered correctly.
3. On the Backup Selections tab, enter the name of the backup script that was created on the client (i.e. backup.bch).  NetBackup will look for this script in the default location on the client to run it.

NOTE:  If backing up multiple clients with a single policy then there must be a common script name on each of the clients listed!  The contents of each script will be unique for each client. For example: a policy exists on one SQL client with a script named DailyFull.bch in the default directory of ‘C:Program FilesVERITASNetBackupDbExtMsSql‘.  A month later, another SQL server is added with the above client configuration steps. The .bch file is saved on the new client as DailyFull.bch in the default directory.  At this point, it is only necessary to add the client name to the ‘Clients‘ tab of the MS-SQL-Server policy.  Figure 3 is an example of an MS-SQL-Server policy properly configured to backup multiple clients.
Figure 3

NetBackup SQL agent backup configuration is now completed, right click on the policy and choose ‘Manual Backup‘ to test.

Posted on March 30, 2012 by , Reply

SCCM Query Script To Find Broken Clients

Log into SCCM and click on query and create this query to find broken SMS clients

(
System Resource.Client is equal to 0
or
System Resource.Client is Null
or
System Resource.Agent site is not equal to “D80″
)
and
System Resource.Operating System Name and Version is like “microsoft%”
and
System Resources.SMS Assigned Sites is not Null

Posted on March 23, 2012 by , Reply

Using Task Scheduler to schedule the computer to shut down and restart at a specific time

  1. Click Start, Run and type control schedtasks
  2. Double-click Add Scheduled Task. The Scheduled Task Wizard starts.
  3. Click Next.
  4. Under Click the program you want Windows to run, click Browse.
  5. In the Select Program to Schedule dialog box, locate the %SystemRoot%System32 folder, locate and click the Shutdown.exe file, and then click Open.
  6. Under Perform this task, specify a name for the task and how frequently you want this task to run, and then click Next.
  7. Under Select the time and day you want this task to start, specify a start time and date for the task, and then click Next.
  8. Type the user name and password to run this task under, and then click Next.
  9. Click to select the Open advanced properties for this task when I click Finish check box, and then click Finish.
  10. Click the Task tab. In the Run box, specify any additional parameters that you want to use with Shutdown.exe. Click OK.

Important: In the 10th step, you need to add the parameters for the Shutdown.exe command.

To immediately shutdown the system (0 second timeout), the command-line would be:
shutdown.exe -s -t 00

To reboot the system immediately, this command:
shutdown.exe -r -t 00

For additional help, type Shutdown /? at the Command Prompt. Scheduling the Shutdown.exe without any parameters will not help. It will just execute with a exit code 0 (success)

Posted on March 22, 2012 by , Reply

Upgrading MDT 2008 to 2010 for SCCM

MDT (Microsoft Deployment Toolkit) provides the ability to do Lite Touch Deployments of computers. MDT has enhanced task sequence steps over those that are included in SCCM by default.

Luckily you can integrate MDT with SCCM to get the best of both worlds (and achieve
Zero Touch Deployments!) . This guide runs through the steps required to upgrade your version of MDT to 2010 and maintain the SCCM integration…

This morning MDT 2010 RTM was released to the public (you can download it here).

To see a list of the changes and new features you can expect to find take a look here.

MDT 2008 integrated with SCCM task sequences
To play safe before upgrading MDT first remove the integration with SCCM:
• Run the “Configure ConfigMgr Integration” shortcut provided by MDT 2008 and select
“remove components”.
• Enter your SCCM site details and click Finish.
• After confirming the MDT options have disappeared from the SCCM task sequence
menus run the MDT 2010 setup Next perform the install of MDT
• Step through the wizard selecting the components you want and the install location
• The MDT setup will now take care of removing MDT 2008 and installing itself over the
top After the wizard completes you can then re-run the integration wizard to add the MDT hooks back into SCCM
• Enter your site details that you used in the first step
When the wizard completes the MDT options should now be back in under the task sequence options:

Note: If you had used MDT 2008 to provide unknown computer support to SCCM (if you can’t upgrade to R2 to get it natively) then you might want to consider not upgrading. MDT 2010 does not support the PXE filter driver but it does still allow you to remove it if you didn’t uninstall it before upgrading.

Posted on March 22, 2012 by , Reply

SQL Memory Leak Settings Work Around

Microsoft SQL Memory Leak work around.  Microsoft SQL is a huge memory resource consumer there is no fix besides add more memory but there is a work around Microsoft provides

1.Log into the SQL Server using SQL Server Management Studio

2.Right click on the server go to properties

3.Click on the memory tab

4.Now the calculation is done in Megabytes 1024 MB is a gig

5.Subtract the system ram you want to leave free from your over all RAM.

6.I would leave at least 4 gigs of RAM free for the Operating System if possible.

7.The final answer is the number you type into the box that says “Maximum Server Memory (in MB)”

8.Click OK

Posted on March 22, 2012 by , Reply

Setup SCCM PXE Point

There have been many posts out there trying to address the issue behind Native Mode and PXE and/or Boot Media problems. This posting publishes information I found in the following article and additions which I have made to clarify some certificate configurations.

Step 1
In the site properties , check that you have imported your Root CA certificates. If you have subordinate CA servers , import them as well as I have seen issues arriving when not importing them .The picture below will give you the idea :

Step 2
Create your OSD PXE service point Certificate & export it . Go to your certificate authority and duplicate the Computer certificate , name it Configmgr OSD certificate and make sure that you could export the private key !

My Comments:
MAKE SURE SUBJECT NAME TAB CONTAINS: SUPPLY IN REQUEST. When the
request is made, give the certificate the following Attributes:
• CommonName: (i.e. OSDpxeBootCert..Com)
• Alternate name: OSDpxeBootCert..com
• Friendly name: Any descriptive name.
Note: Because certificates are Required through out the native mode deployment. FQDNs are also required for certificate Subject name and Alt Subject Names.
When you have created the certificate , export it to a DER format by going to MMC -
Certificates – personal – Request new certificate . Select the Configmgr OSD certificate and install it on your machine . When done , right click on the certificate and select export . Export the certificate with private key and when exported , delete the certificate you have requested .

Step 3
Import you in the PXE role configuration pane .
Now we go to the SCCM console and go to Site systems – PXE Role , import the certificate you just exported . The picture below explains it :
You will get the following warning when you exported the certificate on the Site server itself . This is no problem and you should select “yes” to continue
Check the PXE Certificate in the SCCM console. Verify that the Root CA is trusted.
Try opening the Certificates | PXE node in SCCM. Find the certificate that is not “blocked” and right-click to Open it. Check the status of the CA Certificate. I found that it was “Not Trusted” in my environment.

When I clicked the Install button and selected the Trusted Root CA Authorities, the certificate was then “valid” when I reopened the certificate. My SMSPXE.log no longer reflected that the certificate was not set.

Step 4
Check that the following things below are set correctly
Network Access Account Not Set
Go into the Client Policy in SCCM and set a Network Access Account. It sometimes
“disappears” even after everything has been working fine. And then the OSD Task sequence cannot access the content on the Distribution point !

Posted on March 22, 2012 by , Reply

Implementing and Administering the ActiveX Installer Service

You can use this document to learn how to implement and administer the ActiveX® Installer Service in Windows Vista®.

Why the ActiveX Installer Service?
Many organizations must install ActiveX controls on their desktops in order to ensure that a variety of programs that they must use on a daily basis will work properly. However, most ActiveX controls must be installed by a member of the Administrators group and many organizations have configured or want to configure their users to run as standard users, which are non-administrative users that are members of the Users group. As a result, organizations have to repackage and deploy the ActiveX controls to the users. In addition, many of these ActiveX controls must be regularly updated. Many organizations find this to be a difficult and costly process to manage for standard users.

With Windows Vista, you can now easily deploy and update ActiveX controls in a standard user environment. The ActiveX Installer Service enables you to use Group Policy to define approved host URLs that standard users can use to install ActiveX controls.

Note
The ActiveX Installer Service is an optional component on Windows Vista® Ultimate,
Windows Vista® Business, Windows Vista® Enterprise.

How the ActiveX Installer Service Works

When a standard user uses Internet Explorer® to browse to a site that requires the user to install an ActiveX control, the ActiveX Installer Service checks whether the URL requesting the ActiveX control installation is approved in Group Policy. This URL is called the host URL. If the host URL is approved, the service installs the ActiveX control for the standard user, and the user does not have to provide administrator credentials or administrative approval. If the host URL is not approved, the default Windows Vista ActiveX control setting is used and the user is
required to provide administrator credentials or administrative approval.

Note
We designed the ActiveX Installer Service to allow standard users to install ActiveX controls without having to provide administrator credentials. The service does not affect how members of the Administrators group install ActiveX controls.

The service only installs Microsoft Internet Component Download packaged ActiveX controls; this means that the ActiveX control must be have a .cab, .dll, or .ocx extension in order to be installed using the ActiveX Installer Service.

Enabling the ActiveX Installer Service
You can enable the ActiveX Installer Service using the Control Panel or at the command prompt.
To enable the ActiveX Installer Service using Control Panel
1. Click the Start button and then click Control Panel.

2. In Control Panel Home, click Programs.

3. Under Programs and Features, click Turn Windows features on or off.

4. If the User Account Control dialog box appears, confirm that the action it displays is
what you want, and then click Continue.

5. In the Windows Features dialog box, select ActiveX Installer Service, and then click
OK.

6. After you enable the ActiveX Installer Service, you must use the Group Policy Management Console (GPMC) to configure it.

To enable the ActiveX Installer Service using Command Prompt
1. Click the Start button, type cmd into the Start Search box, right-click cmd.exe, and then click Run as administrator.

2. If the User Account Control dialog box appears, confirm that the action it displays is
what you want, and then click Continue.

3. In Command Prompt, type ocsetup.exe AxInstallService. After you enable the ActiveX Installer Service, you must use the GPMC to configure it.
Configuring the ActiveX Installer Service After you enable the ActiveX Installer Service, you must use the GPMC to configure it. You
must configure the ActiveX Installer Service settings by using an administrative template in Group Policy. The administrative template consists of a list of approved installation sites, which the ActiveX Installer Service uses to determine whether an

ActiveX control can be installed.
To configure the ActiveX Installer Service using the Group Policy Management Console
1. Click the Start button, point to All Programs, click Accessories, and then click Run.

2. Type mmc, and then click OK.

3. In the File menu, click Add/Remove Snap-in.

4. In the Add/Remove Snap-ins dialog box, select Group Policy Management Console,
and then click Add.

5. In the Select Group Policy Object dialog box, accept the default setting of the local
computer or click Browse to configure a remote computer, and then click Finish.

6. In the Add/Remove Snap-ins dialog box, click OK.

7. In the console tree, expand Local Computer Policy, expand Computer Configuration,
expand Administrative Templates, expand Windows Components, and then click
ActiveX Installer Service.

8. In the details pane, right-click Approved Installation Sites for ActiveX Controls, and
then click Properties.

9. In the Approved Installation Sites for ActiveX Controls Properties dialog box, select
Enabled, and then click Show next to Host URLs.

10. In the Show Contents dialog box, click Add.

11. In the Add Item dialog box, type the name for the URL where you want to allow
ActiveX controls to be installed.

12. In the Add Item dialog box, type the values for the four ActiveX Installer Service host URLs settings. Tables 1, 2, 3, and 4 show these settings. When you add a URL, you can specify comma-delimited values that detail the settings for the
ActiveX Installer Service. You can configure four values:
• Installing ActiveX controls that have trusted signatures
• Installing signed ActiveX controls
• Installing unsigned ActiveX controls
• HTTPS error exceptions

Installing ActiveX controls that have trusted signatures
This setting describes the behavior of the service when installation an ActiveX control that is signed by a certificate in the Machine or Enterprise Trusted Publishers store. Table 1 shows possible values for this setting.
Table 1 Values for installing ActiveX controls that have trusted signatures
Value Description

0 Disallows users from installing ActiveX controls that have trusted signatures.

1 Prompts the user before installing ActiveX controls that have trusted signatures.

2 Installs ActiveX controls that have trusted signatures without notifying the user. This is the default value. Installing signed ActiveX controls

This setting determines the behavior of the service when installing an ActiveX control that is signed by a certificate that is not in the Trusted Publisher Store for the computer or the enterprise.
Table 2 Values for installing signed ActiveX controls
Value Description

0 Disallows installing signed ActiveX controls.

1 Prompts the user before installing signed ActiveX controls. This is the default value.

2 Installs signed ActiveX controls without notifying the user.

Installing unsigned ActiveX controls

This setting determines the behavior of the service when installing an unsigned ActiveX control.

Value Description
0 Disallows installing unsigned ActiveX controls. This is the default value.

1 Installs unsigned ActiveX controls without notifying the user.
HTTPS error exceptions This value controls the connection checking for the service when downloading the ActiveX control. By default, the ActiveX Installer Service would disallow the install of an ActiveX control if there were any errors detected in an HTTPS connection.

Value Description
0 - Specifies that the connection must pass all verification checks.

0×00000100 - Specifies that the ActiveX Installer Service should ignore errors caused by unknown CAs.

0×00001000 - Specifies that the ActiveX Installer Service should ignore errors caused by an invalid common name (CN). A CN is a naming attribute from which an object distinguished name (DN) is formed.

0×00002000 - Specifies that the ActiveX Installer Service should ignore errors caused by a certificate’s date.

0×00000200 – Specifies that the ActiveX Installer Service should ignore errors caused by improper certificate use.

Note
You can use the OR (|) character to specify multiple error exceptions for the ActiveX Installer Service.

Sample configuration
You can use the sample configurations below to learn how you can configure the ActiveX Installer Service; however, these sample configurations are not recommendations.

Default settings
If you do not specify values, the ActiveX Installer Service enforces the default values. The default values are 2,1,0,0. With these settings in effect, the ActiveX Installer Service will:
• Prevent unsigned ActiveX controls from being installed
• Prompt the user to approve the installation of a signed ActiveX control
• Automatically install ActiveX controls that are signed by a certificate in the Trusted Publishers Store without prompting the user.

High security settings
The most secure configuration of the ActiveX Installer Service is when an administrator
configures the service to:
• Use an HTTPS site as the host URL
• Allows only ActiveX controls that are signed by a certificate in the Trusted Publishers Store to be installed The values to configure this are 2,0,0,0.

Auditing for the ActiveX Installer Service
The ActiveX Installer Service creates four audit events in the Applications audit event log. The following events are defined logically in the order they would result during the installation of an ActiveX control.
• Event 4097 (Attempt to install ActiveX control not in Group Policy)
This event occurs when the ActiveX Installer Service is asked to download a control from a host URL that is not within the list of allowed installation hosts. This event is very important because you can use the enumerated host information in the event to author your ActiveX Installer Service Group Policy.
• Event 4098 (ActiveX control passed all Group Policy checks)
This event occurs when the ActiveX Installer Service is first queried to install an ActiveX
control from a host that is listed in the list of allowed installation hosts. The next step that ActiveX Installer Service will complete is to download the ActiveX control from the host.
• Event 4099 (ActiveX control blocked by Group Policy)
This event occurs when the ActiveX Installer Service attempts to download an ActiveX control that does not meet the required signing setting in Group Policy. If the ActiveX control is unsigned, and Group Policy requires that all ActiveX controls are signed, then this error would occur.
• Event 4100 (Failed to download ActiveX control)
This event occurs when the ActiveX Installer Service attempts to download an ActiveX control from a host that does not meet the criteria you have specified in Group Policy. If an HTTPS site has an expired or bad certificate, and this was required by Group Policy, then this error would occur.
Best Practices for Using the ActiveX Installer Service

We recommend that you use the following best practices when you implement the

ActiveX Installer Service in your organization.
• Only install ActiveX controls from reputable organizations
We recommend that you only install ActiveX controls from publishers that you know and trust. The ActiveX Installer Service does not determine whether the host presenting the ActiveX control is connected to a secure network. Ensuring that you only install ActiveX controls from reputable publishers will help mitigate this threat.
• Deploy commonly used ActiveX controls
We recommend that you deploy ActiveX controls that are commonly used in your
environment by using your organization’s application deployment method. Many users
today use laptops to connect to multiple networks, including wireless hot spots. A
malicious proxy at an insecure network could attempt to trick the ActiveX Installation
Service by redirecting it to a host with malicious software that represents itself as a
commonly used ActiveX control. Ensuring that you deploy commonly used ActiveX
controls for your users will help mitigate this threat.
• Only use HTTPS host URLs
We recommend that you only modify the value for HTTPS error exceptions to require the connection to pass all verification checks (0). If a remote users connects to an insecure wireless network, and the proxy attempts to redirect the connection, this setting will ensure that the ActiveX control installation will fail since the certificate will be invalid.
• Consolidate ActiveX controls to a central server
We recommend that you consolidate the ActiveX controls you use in your organization to a central server. The location where a Web site hosts an ActiveX control is called a
CODEBASE. Normally, the CODEBASE is specified in the Web page, and the
installation process retrieves the ActiveX control from that location.
In managed enterprises, you can use Group Policy to override the CODEBASE that is
specified within the Web page to redirect to an internal server. Using this setting allows you to easily manage which ActiveX controls users can install by consolidating the ActiveX controls onto a central server; if the server is an HTTPS server, you also satisfy the previous best practice, only use HTTPS host URLs.
You can configure a common Group Policy setting to redirect all ActiveX control
installations to a central server in your organization. You can do this by using the
CodeBaseSearchPath registry key. For more information on the CodeBaseSearchPath see
Implementing Internet Component Download
(http://go.microsoft.com/fwlink/?LinkId=90677).

Posted on March 22, 2012 by , 2 comments

HP ASR Keeps Rebooting Server Fix

Most Servers have HP ASR Enabled by default.

1.Hit F9 during the server POST to enter the BIOS

2. Select Server Availability and hit Enter

3. Select ASR Status and hit Enter

4. Select Disabled and hit Enter

5.Hit Esc twice

6. Press F10 to confirm exit

Posted on March 22, 2012 by , Reply

Disable annoying Java Update notification

If you’re sick of getting prompted for Java Update, or if you have some web application like Banner that requires a particular version, you can use a simple registry hack to disable notification of available updates.

Open the Registry Editor by going to the Start button and typing in regedt32.

Navigate through to the following key: HKEY_LOCAL_MACHINESOFTWAREJavaSoftJava UpdatePolicy

Change the value of EnableAutoUpdateCheck to 0 and the value of EnableJavaUpdate to 0.

Java should no longer prompt you for the annoying updates.

Posted on March 22, 2012 by , Reply

Configure IM Notifications in System Center Operations Manager 2007

 

 

Ever wanted to setup IM notifications in SCOM 2007? Well here are the 6 steps you’ll need tofollow to get this configured:

1. Create the Notification Action Account:
a. Create a domain user account and enable SIP on the Communications tab (OCS) or LiveCommunications tab (LCS)
b. Add the users SIP URI, for example sip: NotificationAccount @ scom.dom
c. Add the name of the OCS Server or Pool name.

2. Enable a notification channel:
a. From the Start Menu, select the SCOM Operations Console
b. In the Navigation pane (left), Click Administration
c. In the Administration pane, click Settings
d. In the Action pane, right click Notification and select Properties from the context menu.
e. Select the Instant Messaging tab. Select the “Enable instant messaging notifications” checkbox. In the IM Server field, enter the FQDN of your LCS server. In the Return address field, enter the sip address of the Notification Action Account.

NOTE: You must add sip: in front of the return address, for
example: . It is important that you use your Notification Action Account instant messaging address; otherwise instant message notifications may fail due to lack of permissions.

f. If you have installed a Microsoft Office Live Communication 2005 Server with default
settings, you will have to change IM port to 5060. Accept the remaining default values by clicking OK.

3. Create one or more Notification Recipients:
a. From the Start Menu, launch the SCOM Operations Console
b. In the Navigation pane (left), Click Administration
c. In the Administration pane, right-click Recipients and choose New Notification Recipient
d. On the General tab click the button to the right of the textbox to select your notification recipients’ domain account and click OK.
e. On the Notification Devices tab, click Add to launch the Create Notification Device Wizard.
f. Choose Instant Messaging from the notification channel dropdown. Verify that the recipient address is correct in the “Delivery address for the selected channel” textbox, for example SIP:IMRecipient@scom.dom. The value should be the notification recipients SIP URI. Click next.
g. On the Schedule screen, leave the default settings, this recipient will receive IM 24/7. Click Next
h. On the General screen, enter a device name, such as the recipient’s name or other identifying information, and then click Finish. Click OK again to finish.

4. Create one or more Notification Subscriptions (the following steps subscribe to all alerts so you will need to modify as needed):
a. In the Administration pane, right-click Subscriptions and choose New Notification
Subscription to launch the Create Notification Subscription Wizard.
b. Create Notification Subscription Wizard – Introduction: Click Next
c. On the General screen, input a name, for example “all alerts at all time”. Input a short description and then click Add
d. Choose your domain recipient created in the previous section and click OK. Click Next.
e. On the User Role Filter screen, leave the default settings and click Next
f. On the Groups screen, leave default settings, all groups selected, and click Next
g. On the Classes screen, leave default settings, all classes, and click Next
h. On the Alert Criteria screen, leave default settings, all alert criteria, and click Next
i. On the Alert Aging screen, leave default settings, do not notify on alert aging. and click Next
j. On the Formats screen, leave the default e-mail and IM format, click Finish

5. Create the Notification RunAs Account, which will be used in the Run As Profile for sending notifications:
a. From the Start Menu, launch the SCOM Operations Console
b. In the Navigation pane (left), Click Administration
c. In the Administration pane, right-click Run As Accounts and choose Create Run As Account from the context menu to launch the Create Run As Account Wizard.
d. On the Introduction screen, click Next
e. On the General screen, choose Windows from the Run as account type drop-down box, input display name and a short description. Click Next
f. On the Account screen, input user name, password and domain, then click Create. The wizard will close when done.

6. Create the Notification Run As Profile:
a. In the Administration pane click Run As Profiles. In the Action pane, right-click the
Notification Account node and choose Properties
b. Select the Run As Accounts tab, then click New
c. On the Alternative Run As Account screen, choose the Run As Account created in previous section, and then select your Management Server in the matching computer list. Then click OK.
Click OK again to finish.

Posted on March 22, 2012 by , Reply
12 » Last
This site is protected by Comment SPAM Wiper.