Archive for the 'Server 2008' Category

Unable to login to Citrix server via RDP or ICA

We have recently set up some new Windows Server 2008 R2/Citrix XenApp 6.0 servers.  For some reason, users could not launch a remote desktop to them even though we (thought) allowed this.  Turns out there is a policy which blocks this by default.  I found the answer here:

Re: Unable to login using RDP or ICA after installing XenApp 6
Posted: Mar 31, 2010 5:27 PM   in response to: Aref  Mukred in response to: Aref Mukred


This message was useful
4 users found this post useful

Hi Aref –
Can you please try the following ?
1. Open Delivery Services Console
2. Edit the unfiltered user policy | ICA
3. Set the policy for Desktop Launches to Allowed
This policy applies to XenApp 6.0 and Allows or prevents non-administrative users to connect to a desktop session on the server.
When allowed, non-administrative users can connect. By default, non-administrative users cannot connect to desktop sessions.

Citrix Forums : Unable to login using RDP or ICA after …

The answer above will get you there, but as my teachers used to tell me all the time, he needs to “show his work”:




A fatal error occurred while trying to sysprep the machine.

Today, while getting ready to deploy an updated Citrix farm for a set of Line of Business applications, I got an error during the sysprep process.  The machine in question is a 2008 64 bit machine.  It has Citrix and all the applications installed.  It is also a Hyper-V VM. 

I created an answer file and when I run Sysprep I get a popup that says:  A fatal error occurred while trying to sysprep the machine.

Hmm..  so I look at the logs and here is what I find:

2010-06-03 10:42:33, Error      [0x0f0085] SYSPRP LaunchDll:Could not load DLL drmv2clt.dll[gle=0x0000007e]
2010-06-03 10:42:33, Error      [0x0f0070] SYSPRP RunExternalDlls:An error occurred while running registry sysprep DLLs, halting sysprep execution. dwRet = 126[gle=0x0000007e]
2010-06-03 10:42:33, Error      [0x0f00a8] SYSPRP WinMain:Hit failure while processing sysprep cleanup providers; hr = 0x8007007e[gle=0x0000007e]

I found lots of references to Windows Media Player, and that you can’t have sharing enabled.  Not a problem on this machine.  Not any help either. 

I did find this article helpful:

Guess what?! Those aren’t shown in on a Windows Server 2008! Our workaround was to install the Desktop Experience feature on the server.

I added the “Desktop Experience” feature did the sysprep and then uninstalled it on each of the new machines.  Rather a pain, but I didn’t have a lot of time to work on figuring out a better answer.

“netvsc” error in Hyper-V guest

We use Citrix Presentation Server for a number of applications, and lately we have had a significant increase in issues with one set of our Citrix servers.  We have 3 main sets of Citrix servers and the problems have only been happening on one set. 

One of the sets doesn’t have this error, but wouldn’t because they are physical servers.  They have been in production a long time, and we have plans to virtualize them. 

The second set doesn’t get the errors, but it is fewer servers and fewer users.

The third set:

    • is virtual
    • runs on 2008 R2 Hyper-V
    • has more servers (6 as opposed to 4 or 5 for the other two)
    • supports more users and more users per server (averages around 20 users per server during business hours)

Around November, we started upgrading our hosts from 2008 to 2008 R2.  The problems have been getting progressively worse peaking in the last 2 months.  Our last 2008 host was converted in March. 

After some event log review, we were able to correlate some of the issues to the following error in the event log:

Event Type:    Warning
Event Source:    netvsc
Event Category:    None
Event ID:    5
Date:        4/19/2010
Time:        3:49:53 PM
User:        N/A
Computer:    <ServerNameChangedToProtectTheGuilty>
The miniport ‘Microsoft Virtual Machine Bus Network Adapter #4’ hung.

For more information, see Help and Support Center at
0000: 00 00 00 00 02 00 52 00   ……R.
0008: 00 00 00 00 05 00 00 80   …….€
0010: 00 00 00 00 00 00 00 00   ……..
0018: 00 00 00 00 00 00 00 00   ……..
0020: 00 00 00 00 00 00 00 00   ……..

and right behind that would be this message:

Event Type:    Information
Event Source:    netvsc
Event Category:    None
Event ID:    4
Date:        4/19/2010
Time:        3:49:53 PM
User:        N/A
Computer:    <ServerNameChangedToProtectTheGuilty>
The miniport ‘Microsoft Virtual Machine Bus Network Adapter #4’ reset.

For more information, see Help and Support Center at
0000: 00 00 00 00 02 00 52 00   ……R.
0008: 00 00 00 00 04 00 00 40   …….@
0010: 00 00 00 00 00 00 00 00   ……..
0018: 00 00 00 00 00 00 00 00   ……..
0020: 00 00 00 00 00 00 00 00   ……..

After doing a bit of searching and getting a lot of nothing, and doing some on site troubleshooting without much luck, I finally broke down and called Microsoft.  I spent a day e-mailing back and forth with someone who was suggesting that I try all the things that I had already tried, so I contacted our TAM and had the case escalated. 

The technician then informed me that there was an internal hotfix that had not been fully tested yet, that related to my issue.  It seems that in 2008 R2 Hyper-V guests running Server 2003, the network adapter will hang and then reset under heavy load.  The hotfix has to be applied to the host and then the integration services on the guest have to be updated.  In my environment, when I updated, I had to remove the integration services from the guest before the updated NIC driver would install.  I reported this behavior to the technician I was working with, but he said that he couldn’t reproduce that particular problem and that he had no issues updating his test environment.

It is my understanding that the hotfix will be released under KB981836.  When you install this, it changes the integration services version from 6.1.7600.16385 to 6.1.7600.20683.  You can see this if you look at the driver version on the guest NIC.

An online pack already exists…

Situation:  I have a 32bit file server running Windows Server 2003.  I have a new 2008 R2 (x64) file server running on Hyper-V.  Did I mention that the R2 server is on Clustered hosts?

This is all simple.  Just drop the LUNs from the file server, give them to the cluster and assign them as pass through disk to the guest OS.  Simple…

Except, I kept getting the following errors when I try to do the import:

An online pack already exists.

The operation failed, because an online pack object already exists.

The provider encountered an error while merging two packs.

I mean really…  what does all that mean.  I couldn’t find anything pertinent in my searches, I tried working in Diskpart, and got some of the same errors.

After lots of searches, I couldn’t find anything to help.  So I opened a ticket with Microsoft.  I got a very helpful person who told me that it basically sounds like a driver issue, but he couldn’t say for certain.  He couldn’t find much on it either.

So on a whim, I moved my test LUN from my production file server to another 2003 server.  That worked just fine, so I then moved it from there to the 2008 R2 machine that I had been working with.  That worked just fine.  Weird…

So I checked the driver for the production file server:


and compared that to the other 2003 server:


As you can tell, the culprit seems to be an outdated driver on the current file server.  Seems I don’t keep things as up to date as I should.

Hyper-V certificate expiration and resolution

If you see this:

‘VMName’ failed to initialize.
Could not initialize machine remoting system. Error: ‘Unspecified error’ (0x80004005).
Could not find a usable certificate. Error: ‘Unspecified error’ (0x80004005).

Then this could be your answer:

Symptoms and resolution:

§ You may be unable to start or connect to virtual machines running on Windows Server 2008 or Microsoft Hyper-V Server 2008. This occurs when connecting using vmconnect. Connections made using remote desktop won’t be affected.  

§ KB Article 967902 has been created that details the symptoms and resolution.  This KB article provides a direct link to download the quickfix to resolve this error.

Important Notes:

§ Though this error may occur, the Hyper-V service will continue to operate.   Neither the Hyper-V host nor the running virtual machines will go offline.

§ It is not expected that this issue can be exploited for malicious purposes.

§ Customers running Windows Server 2008 R2 Hyper-V beta won’t experience this error.

That last line it my favorite…

I guess we should be running the beta in production…  and what’s with the ‘Unspecified error’?  


Windows Server Division WebLog : Hyper-V certificate expiration and resolution

DPM does not remove expired recovery points

I have been using DPM for about 7 months now.  (I tested with it for a few months before that.)  I never installed 2006, but 2007 seems to be working ok.  I have a few complaints, but I have complaints about all the backup software that I have ever used.  None of it really makes me happy.  But on to the story…

I have 3 production DPM servers.  One of them has a large number of protection group members.  8 Protection Groups, 328 Members.  And that is just to protect 39 computers, but one of the SQL servers has about 150 databases.

I noticed the problem because I kept running out of space on the Recovery Point volumes.  I had a particular 2008 Domain Controller that the system state recovery point volume would have to be extended every couple of days.  I was keeping the recovery points on disk for 5 days, so it finally occurred to me that it should take more that 200 GB to keep 5 days work of recovery points for the system state. 

I called and opened a ticket with Microsoft and we have been working on this for almost 2 months.  So far, the best that I can tell is that the process that clears the old recovery points slowly eats up memory.  This coupled with the fact that I have a lot of PG members, and means that the job frequently fails before it completes.  If the number of recovery points continues to grow, the job that clears them (pruneshadowcopies) takes longer and takes more memory.  This increases the chance that it will fail…

I don’t have a solution to this problem yet, other than a few work-arounds and a way to manually run the process:

  • add more RAM to your DPM Server.  Especially if you are running SQL locally on the box.
  • reduce the number of PG members.  Fewer members, less recovery points, less chance the prune job will fail.
  • open the DPM Management Shell (DPM PowerShell) and run “pruneshadowcopies.ps1”.  This will manually run the job that is triggered by DPM at midnight every night.  If you have a lot of recovery points that haven’t been pruned, then this will probably fail (crash) a few times before it finishes.  I have had it run all weekend before and then crash, and I have seen it run for just an hour and then crash.  Keep running it, and it will eventually finish. 
  • Hope that Microsoft comes up with a real fix soon…

To see if you have this problem, there is a version of the pruneshadowcopies script that just shows the recovery points, without actually expiring them.  The tech that I have been working with on my case sent it to me. 

New Features in System Center Virtual Machine Manager 2008 R2

Of the new features coming in the R2 versions of Windows Server 2008 and SCVMM, I think these two are the obvious winners:

Support for Live Migration: With Windows 2008 R2 adding support for Live migration, it’s now added as a new migration option in VMM R2. Live migration requires the source and destination host to be part of a failover cluster and that the VM is on a shared storage. Live migration means that there is no user perceived downtime; since the VM’s memory pages are being transferred, the hosts’ processors need to be the same (manufacturer and processor architecture). Our competition claims that Vmotion doesn’t require clustering but this only works for planned downtime and not for unplanned downtime. By combining Live migration and clustering, Hyper-V addresses both planned and unplanned downtime.

Multiple VMs per LUN: VMM 2008 didn’t allow placing multiple VMs per LUN even though Hyper-V allowed it and the reason was that the LUN ownership was on a per host basis. This meant that migrating any VM on that shared LUN would result in all other VMs being migrated as well which can result in a confusing user experience (I’ve blogged about this at length). With CSV (Clustered Shared Volumes) in Windows 2008 R2, a single LUN is accessible by all hosts within a cluster. This enables a VM that’s on a shared LUN to be migrated without affecting other VMs on that LUN. As a result, with VMM R2, we’ll allow multiple VMs to be placed on the same LUN if CSV is enabled on the cluster.

That is from the beta release announcement for SCVMM.  I have downloaded the beta, but haven’t had time lately to get it setup.  I am hoping to work on that this coming week… 

Replica disk threshold exceeded, or Recovery Point Volume threshold exceeded

Great! :(  Now what?

Well, if you have a new DPM server and not a lot of protection groups created, and you haven’t been protecting anything much, you can just click on the link in the warning message that says “Allocate more disk space for replica…”  That pulls up a pretty window that looks like the one below:


So you go ahead an make the number in the “Replica Volume” field a little bigger, hit ok and go on about your business.  Unless..

Sometimes you may need to go and use DISKPART to manually add space to the volume.  If you try the above method, and you get a failed message instead of success, you are either out of disk space, or it could be that you have more than one disk on your DPM server and one of the disks becomes full.  In order to extend the volume onto another disk, you have to use DISKPART.  DPM (at this version) won’t do it for you.

  1. Open a command prompt (run as administrator if you are using a 2008 Server for your DPM server) and type “diskpart”. 
  2. Type “List Volume” at the prompt.
  3. Right click and “select all” then enter to copy the output to the clipboard
  4. Paste it in notepad so you can do a search and search for the Data Source
    1. You should see a line similar to this:

        Volume 534       DPM-Prolo  NTFS   Simple      2050 MB  Healthy
          C:\Program Files\Microsoft DPM\DPM\Volumes\Replica\\ SqlServerWriter\PrologPilot\
        Volume 535       DPM-Prolo  NTFS   Simple      2050 MB  Healthy
          C:\Program Files\Microsoft DPM\DPM\Volumes\DiffArea\\ SqlServerWriter\PrologPilot\
        Volume 536       DPM-Non VSS  NTFS   Simple      1540 MB  Healthy
          C:\Program Files\Microsoft DPM\DPM\Volumes\Replica\\Non VSS Datasource Writer\Computer\SystemState\SystemState

    1. The volume number  comes before what it is describing and there are 2 for each protected object.  A Replica volume and a DiffArea.  The replica volume is a copy of the data as it is on the protected member.  The DiffArea is where the recovery points are stored.  The “Non VSS Datasource Writer” is system state in the example.
  5. At the DISKPART> prompt type “select volume” and the volume number i.e. : select volume 534
  6. If you want to see the details about the disk, you can type detail volume and it gives an output similar to:

    DISKPART> detail volume

      Disk ###  Status      Size     Free     Dyn  Gpt
      ——–  ———-  ——-  ——-  —  —
    * Disk 2    Online      2560 GB   356 GB   *    *

    Read-only              : No
    Hidden                 : No
    No Default Drive Letter: Yes
    Shadow Copy            : No
    Dismounted             : No
    BitLocker Encrypted    : No

    Volume Capacity        : 1030 MB
    Volume Free Space      :  186 MB

  7. In order to increase the space for the Replica volume you would type: EXTEND SIZE=1024 DISK=2.  This would extend the selected volume by 1 GB (1024 MB) on DISK 2. 
  8. Now you have to go back in and tell DPM that you extended the volume.  (I believe it may figure it out on its own eventually, but I prefer to get the warning cleared up sooner rather than later, so I go update DPM.


Note:  Each time you use DISKPART, you are likely to see different numbers for the volumes.  I haven’t looked into what that is, but I do know that the system volume is always one of the last in the list.  For that reason I recommend that you always view detail volume after you select it, to make sure you are seeing the volume you intend to work with.

The right way and the wrong way to disable the the firewall…

I use Server 2008 for a lot of things these days and I tend to not use the Windows firewall for most applications.  Here is an interesting note for the right and wrong way to disable the firewall and why doing things “the way we have always done them” isn’t always the right way:

Although Window Server 2008 offers an impressive built-in firewall, in some cases we Exchange administrators don’t want to have to deal with it. Maybe you are building a demo to show a customer, or a lab environment to reproduce an issue. Maybe you just want to get Exchange installed now and will loop back to deal with fine-tuning firewall issues later. Maybe you have some other firewall product you’d rather use. Maybe, even, you don’t believe in defense in depth – or don’t think server-level firewall is useful.

Whatever the reason, you’ve decided to disable the Windows 2008 firewall for an Exchange 2007 server. It turns out that there is a right way to do it and a wrong way to do it.

Migrating from DasBlog to WordPress

So I don’t really Blog very much anyway, but that just means, that I want to keep all the entries that I have created over the past 5 years.  In moving to a new Blog, I don’t want to just dump the old stuff. 

WordPress is pretty popular with the group I work with, so that is what I decided to go with.  The problem…  there isn’t an importer for WordPress from DasBlog.  I did a search and came up with a few good posts, but I am not as knowledgeable as I should be so it took a little work to figure it all out.  This is the post that gave me the most help:

Here is what I did:


  1. Build a server – I am using Server 2008 x64 Standard
    1. Install the IIS Role
    2. Install IIS Role Services
    3. Download and install the URL Rewrite Module
  2. Setup MySQL
    1. I just went to and downloaded the latest version.  I had a little bit of trouble with the install, because I tried to use a password with quotes in it.
  3. Setup PHP
    1. Again, I just went to and downloaded the latest version.  I believe I had to select the CGI setup, but I don’t remember for sure… 
  4. Copy old web site content to new server (I have other things on the site besides the Blog)
    1. The nice thing about my situation is that I can leave the old stuff in production while I  figure out the new stuff.  Copying my old stuff over (minus the old Blog) was very simple.
  5. Create web site and point to the directory that I copied over.
    1. Also, I had to set the default document as index.php for the Blog
    2. Setup URL Rewrite to get “Pretty URLs”
  6. Export old Blog content
    1. This was the hard part.  I used a utility that I downloaded from to convert my posts to BlogML.
    2. Then I used  the import module that I got from
    3. The import leaves a handy little permalinkmap.csv file.  I used Excel and Notepad to change it up a little bit to make lines that looked like:, look like <add key=”/2009/02/18/ldquoFailedToSetEventLoggingrdquoErrorWhenLoggingIntoCitrixApps.aspx” value=”/2009/02/18/failed-to-set-event-logging-error-when-logging-into-citrix-apps/” />  
    4. Add URL Rewrite to enable old links to get to the new post address.  With IIS 7 and the URL Rewrite module you can add the lines that were created in the above step to the webconfig file to get the old links to point to the new links.

So even though this is an exceptionally long post compared to most that make, I didn’t include most of the details…  guess you will just have to ask if you need to know…