Cannot logon to newly installed SQL Server

Problem: After a fresh install of SQL Server 2008 R2 on a Windows 7 computer, where Windows user group BUILTIN\Administrators were given administrative rights, I was not able to log on to the database from Microsoft SQL Server Management Studio while logged on to Windows as a user who was a member of the Administrators group and thus should have been granted access. The error received was: Login failed for user 'COMPUTERNAME\user'. (Microsoft SQL Server, Error: 18456).

Solution: Turn off User Account Control, or if you prefer to leave it on, make sure you start SQL Server Management Studio as an administrator (right-click the icon and select Run as administrator).

Win7: Restore .bat default behaviour

One of those small, very annying problems: I had managed to assign .bat files to open with my favourite cleartext editor (Notepad++ by the way), so that instead of running the bat file upon double-click, it opened in the editor. Now I wanted it reverted back to the original behavior.

I finally came up with a working solution: Just delete this registry key with all subkeys and life as you knew it before will be smiling to you again:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat

Cannot set fixed IP

Funny problem: Set the fixed IP of a network interface - once you have clicked OK back out of the network interface properties dialog box, it reverts to an automatically assigned IP of 169.254.x.x. Go back into properties for the network interface, and IPv4 settings still holds the static IP you set. It is not possible to ping the interface on that address, and ipconfig shows only the automatically assigned address.

I had this problem on a Windows Server 2008 R2 today, and spent a fair amount of time troubleshooting it, including running Windows Update, several reboots etc..

Solution: In the end, I uninstalled all network interfaces found under Network Interfaces in Device Manager (right-click Computer > Manage > Devices) and then right-clicked the device root and selected "scan for hardware changes" to automatically reinstall the network interfaces. Voilla, the IP settings now sticks and actually works!

Possible reason: I am not sure what messed up the system, but my main suspect would be a special high performance frame grabber driver from Pleora that was installed on this server for two other network interfaces (not the one I was trying to set the IP on). This driver obviously digs deep into the device hierarchy, because it removes the network interfaces it controls out of the Network Interfaces tree entry in Device manager over to a new tree entry called "Pro/1000 grabber devices".

Anyways, I got my solution - now it works!

Change of hard drive - cloning/restoring with BartPE/DriveImageXML

The following is not particularly ground breaking, just a note to self on how to do a HDD (hard disk drive) backup and restore as hassle-free as possible. My choice of tool was a BartPE CD that I built including the disk cloning tool DriveImageXML (or DIX) as a plugin.

Making the clone file was the easy part - DIX simply lets you make a clone file to a USB drive from within a running Windows OS. Getting the new HDD to boot after restoring the clone file to it was a little trickier. This is what I ended up doing

1. Install DIX on the old drive running Windows, then creating a backup (clone) of the whole partition to a file on a USB hard drive. Yes, you can actually do that while Windows is running off of the same disk!
   
2. Removed the old HDD and installed the new HDD in the computer (since it was a laptop with only one HDD bay, I did not have the option of leaving the old one in until the data was transferred).
3. Partitioning was a little tricky. Unless you find a partitioning plugin for BartPE, you will have to do it from some other bootable media. I first tried an old Win98 command-line bootable CD, which only formatted around 130Gb (my drive was 160). I ended up booting into a Knoppix Linux boot CD and create a standard, active (=bootable) partition by running its fdisk from a command shell after issuing a su to gain administrator access. The partition was marked as a Linux type partition, which does not matter since DIX will overwrite it anyway, it just does not know how to create the partition. I might also have created the partition by booting into a Windows installation CD, creating the partition and then abort further installation.
4. Now booting into the BartPE CD, I ran DIX again on the new disk, restoring the image from my USB disk. To get Bart to see the USB disk, make sure that it is on and connected already at boot.
   
5. Booting from the new disk was the trickiest. When attempting to boot from the new disk, only a blank black page with a blinking cursor appeared. I had to boot into the Windows installation disk and choose Recovery console. From there, I ran fixboot, fixmbr and bootcfg /rebuild. Seems like my hard drive lacked both a working master boot record (MBR) and because my old disk had a utility partition that I had not bothered taking with me, the partition entry in boot.ini was also wrong.

Finally, my new disk booted with all the old data and programs as it was before.

XP Firewall option "My network (subnet) only" blocks traffic from local subnet

Problem: The weirdest problem occurred on a Windows XP Service Pack 3 computer: I changed a firewall rule scope from "Any computer" to "Local subnet only," only to find that the service did not accept traffic from my local subnet anymore. I started investigating, and ended up testing several different services and ports. The same thing happened: Once the port or service had been restrained to the scope "My network only", no traffic from comptuers on the local subnet was allowed through.

Symptoms: I noticed first because I tried to ping the computer. The name was not resolved, because the UDP 137 port (part of the File and Printer sharing entity) for NetBios name resolving blocked when set to "my network only" scope. Same thing happened to the VNC server service - once the 5900 port or the VNC server service was set to "my network only", it was no longer possible to connect to the comptuer from another local host.

Resolution: Sifting through probably a few dozens of webpages left me empty handed. At the end, I decided to rebuild the firewall settings from scratch by clicking the "Restore default settings" button of the advanced tab in Windows Firewall. When I now selected a "Local subnet only" scope, it worked like a charm. My firewall configuration was obviously messed up and needed a reset.

Reason: Who knows?

Apart from understanding what went wrong, the hardest thing in such a situaiton is to know when you should stop wasting time searching for the reason and resort to a tedious rebuild of firewall rules. Most boring: I still do not know what had went wrong, only what solved it. :(

Conficker/Downadup removal - safe mode gives bluescreen

This is the most useless way to make money that I know of: Fighting viruses. As if there aren't enogh real technical challenges to play with.

A customer was hard hit by the Conficker/Downadup virus the other day. The B variant didn't take too long to figure out how to remove, but a couple of the affected computers would not boot to safe mode, yielding the bluescreen of death (BSOD). No virus removal software I tried was able to detect the junk process causing this, so I had to research a little on my own.

Update 14.3.09: BitDefender now has a removal tool that they claim will also remove the .C variant. I haven't tested it though.

The Downadup.B and .C variants are well described at Symantec's and others' websites, so I won't repeat that. I'll just give a practical short work list that worked for me and left my customer's computers virus free:

Determining if you are infected by Downadup.B:
There's a couple of simple steps to give you a good indication of whether you are affected by the Downadup.B. One or more of these bullets indicate that you are infected:

• You are not able to browse to sites like www.symantec.com or www.microsoft.com. Other non-antivirus websites, like your local newspaper webpage works fine.
• You have several entries in Scheduled Tasks - like "at", possibly with a number behind
• The obvious one: Check your antivirus software logs to see if the virus has been identified

Quick cleaning of Downadup and securing from reinfection
Here's how I cleaned each computer and managed to keep it from being reinfected by other infected computers on the network (although they should all have been physically disconnected from the network):

• Physically disconnect each computer on your LAN
• Boot to safe mode without network support (if you get a bluescreen - see below)
• Change passwords of all local users that have "guessable" passwords - see list on Symantecs virus description page. Gotcha: The virus also guesses existing usernames on the system, even backwards or repeated two times, as possible passwords.
  
• Make sure Windows Firewall (or equivalent) is on
• Make sure you do not allow autorun from USB sticks etc. (see below)
  
• Run the removal tool from Symantec (or other tool of your choice)

If you want to remove manually, I found this description from Microsoft to be one of the most helpful if you want to manually remove or check that all traces are gone.

With all the above steps done, you are ready to connect to the LAN again and try to reboot into normal mode.

Booting to safe mode results in bluescreen
This means that things get a little tougher. Symantec did not have a removal tool for the Downadup.C virus when I needed it (Update: BitDefender has - see note above). In addition, the Downadup.B removal tool was killed the same instance you try to start it. Same goes for many antivirus packages etc..

To solve this, you need to find a clean donor computer with the same OS and probably as identical hardware as possible. Export the following regkey to a memory stick (that you have verified is clean before plugging it into your clean donor computer) or similar and run it on the infected computer:

HKLM\System\CurrentControlSet\Control\SafeBoot

Then quickly reboot into safe mode (F8 upon reboot), in the hope that the virus will not redelete the key before you manage to take down your system for reboot.

Removing the Downadup.C
You have now managed to boot into safe mode (F8 during boot). The virus is still there, you will need to look for it manually, unless there's a removal tool by the time you read this. On my two infected computers where I got bluescreen upon safe mode boot, I opened Windows Explorer in c:\windows\system32, sorted the files on date and looked for the most recent DLLs or EXE files I could find. There was only one DLL file created within the last week, and in both cases it was named a random set of characters. Going to properties, I verified that there was no Microsoft version information - hence, this file would most probably not be to my benefit. Just to make sure, I renamed the file extension to VIRUSSUSPECT and rebooted. The virus was gone, and I had the proof I needed to delete the file I first renamed.

Beware that the Downadup.C also weakens security that you do NOT get restored only by removing the virus DLL. Again, review the Symantec (or other) descriptions of the virus and take action accordingly.

Good luck, and good hunting!

DDE on XP/2003

Ever tried porting a DDE app to Windows XP/2003 that you know worked under Windows NT/9x? It just won't communicate. Having found the problem twice and then forgotten again, here's the note on what is (normally) wrong:

The NetDDE services (Control Panel-Administrative Tools-Services) need to be started. Set startup type to automatic (they are disabled by default), and to avoid rebooting the first time, start them as well.

Things they stole back in Vista

(Originally posted Nov. 25, 2007 - the the list of complaints keeps on growing...)

If this continues, I will have torn all my hair off in pure frustration as to what Microsoft decided I do not need. It turns out that Vista (as in my Vista Business) has taken away several features that I had gotten used to in standard Windows XP. Aaaaargh - this just makes my point as to whether to choose a freely developed OS, with freely available features thrown in (Linux), or yet another time stay with so-called (un)supported licensed software. Enough said, here's my frustration list:

• Backup is gone! That is, they did add some substitute only good for backing up your whole disk to an external source. What I used to do in XP was backing up a subset of files (my data) to a local file destination, and then took that file and burnt it to a CD for offsite storage. Forget it - the old NTBackup software is gone. I found a good substitute in the free Simply Safe Backup software, but that's beside the point.
• Telnet is gone! Not too much of an alarm though, I found it under Control Panel-Programs and features-Turn Windows features on or off.
• Windows Explorer no longer lets you completely turn off the "Remember each folder's view settings" (although the choice is there under Tools-Advanced). When I browse the folder hierarchy, I normally choose to see file details. If Explorer decides to however, it just jumps to thumbnail view, I guess when you enter a folder where graphics files are present. You'll also notice that they took away the "up" button to go one level up the directory tree. You can always go "back" to the previous folder you visited, but that's not always the parent folder. And of course, there's no way to customize the toolbar to bring that button back...
• The defragmenter has lost the little that was left of its visual interface (it had already suffered the transition from 9x to XP badly). Luckily, there are good third-party tools out there, like the free Defraggler, that shows you where each file is located on the disk and even gives you the option to only defrag the files you need quick access to. With the new "improved" Windows, this is a necessary addon.

Apart from that, I found a couple of tricks to be most necessary to get around:

• Run as administrator seems to be the general medicine if a program fails to do what you expect it to. Especially programs that access any part of the computer other than your screen/desktop (like registry, folders for programs, network ports etc.). I guess this is part of the new security model requiring you to say that you are sure a dozen times before actually doing what you are sure you want to do.
• Ethereal Wireshark network packet tracer needs to be run with this option - otherwise you will not find any network adapters to inspect.
• DevPHP had to be run as administrator to avoid loosing all settings upon exit. Assumingly this has to do with the new way Microsoft has invented to handle writing to the HkeyLocalMachine hive of the registry - where you THINK you write to that key, whileas actually writing to your HkeyCurrentUser hive. This is not comfirmed though.
• Check out this brilliant website for clues: Vista Rewired -It made it right into my group of favourite bookmarks!

If Microsoft could just do a little bit more than pleasing newbies to Windows (do they?) and let us nerdies also have a few goodies, they might actually have some of us recommend their stuff. As for now, I sincerely hate Windows Vista and recommend everyone (including my customers) who buys a new computer to stick with XP. Vista is just a really bad idea.

Slow Windows login (Gone in 60 seconds)

I decided that today was going to be the day I solved why my Windows XP always takes excactly 1 minute to "think" after clicking the login button and until it shows my Windows desktop and starts to load traybar applications etc..

First try was to minimize the profile size. If I were using a roaming profile this would certainly have helped, because the size of my profile folders were around 800 megs. I moved out the Thunderbird mail profile and sqeezed some more unnecessary bits out of it and came down to around 150 megs. Still a bit much, but the change in login speed should be noticeable. Result: Nada. Still took a minute to think it all over before letting me in.

The solution was right under my nose the whole time - actually letting me know upon each login that "some network drives could not reconnect". Of course not - I use my laptop on different places and I am not always connected to those network drives. I just find it convenient to have them all ready for use in explorer. No longer. I disconnected them and did a login, and the whole minute's wait was gone.

The login was no longer "Gone in 60 seconds" - the 60 seconds were gone. :)

I just wonder where I can find the time to fetch my coffee now...

Fileshares: Connecting with the wrong hostname

Situation: Occasionally I need to connect to servers with names formed from a spoon of alphabet soup - impossible to remember. Of course, since the customer is always right, he gets to choose the names of his own server. I however, need to refer to computer names I can remember or that has a meaning.

Workaround: Put an entry in your hosts/lmhosts file (in the c:\windows\system32\drivers\etc folder), or if you have access to the DNS or WINS server, put the entry there, using your preferred name and the IP of the server you want to reach. If, for instance, a server is named something like SA823SX3B and you want to name it FILESERVER, just put in an entry for FILESERVER with the SA823SX3B's IP. It works for ping and many other services, but:

Problem: This does (by default) NOT work if you want to connect to a NetBIOS fileshare. You can verify that firewalls etc. is not the cause of this problem by connecting via \\SA823SX3B\fileshare and even by using \\192.168.0.1\fileshare (given that that's the IP of our example server).

Solution: You need to hack the following registry key on the server in question:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters\
DisableStrictNameChecking

Set the value to 1 and reboot. You can now connect to the server using any name you please, as long as it is referring to the right IP address.

Caveat: On a NT4 computer, you will still not be able to connect without using either the real name or the IP address as reference.

See Microsoft KB 281308 for a description of this parameter.

Event: i8042prt failed to start

On an HP Proliant DL 380 G5 server with Windows 2003 Server, the annoying "A device or service failed to start" occurred during boot. The computer shared screen, mouse and keyboard with another computer via a KVM switch. Event log showed a "i8042prt failed to start" event.

The solution was found on HPs support pages. In brief, it states that the following regkey must be changed:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i8042prt\Parameters

The value Headless must be changed to value 0x1 (REG_DWORD)
Data: 0x1 (Allow Hotplugging) | 0x0 (Hotplugging not allowed)

Problem cause (assumed): This happens when the computer boots without finding any keyboard/mouse. This occurs when the computer is connected to a KVM switch and the KVM serves another computer during boot.

After-OS RAID install on a Dell PowerEdge 2800

Task: A Dell PowerEdge 2800 server with Windows Server 2003 was to have its one physical hard disk drive (HDD) upgraded to a multi-disk hardware RAID system.

Problem: I want to use a disk cloning system (like Norton Ghost) to transfer an exact copy of the standalone HDD to the new RAID disk system. This poses two problems:

1. The system would not boot, because the SCSI driver of the RAID controller was not installed in the kernel of the OS. After the clone, you could of course run the Windows 2003 setup CD and install the SCSI driver from a floppy disk, but it has to be a physical floppy - if you don't have that or even a floppy drive, you're stuck. Personnally, I chose another approach that I find more convenient (see below).
   
2. On the PowerEdge 2800, the Raid controller is a chip that, when installed, actually takes over the control of the physical disk bays of the computer. This means that no clone can be made because the standalone HDD and the RAID volume can not coexist on the server.
   

Needed: (You could probably do this with other tools as well, but this is what I had available)

• A Ghost network boot disk (CD or floppy) for your server
• A spare server
• A Ghost network boot disk (CD or floppy) for your spare server
• A LAN with a working DHCP server
• A driver for the SCSI RAID controller (not necessarily on a floppy)
  

Successful procedure:

1. Still running the OS from the original HDD (that is to be the source for the RAID disk), the SCSI driver for the RAID controller were installed. On Server 2003 it will ask you to install the device first (on the good old NT4 Servers, this was easier to accomplish). On my server however (a Dell PowerEdge 2800), there are two on-board SCSI controllers, whereof only one were in use, making the following possible:
1. Open the unused controller from the Device Manager and choose Update Driver (be very sure you have chosen the unused one - otherwise you may not be able to boot again)
   
2. Click Have disk and uncheck the option to only show compatible drivers. Locate the RAID controller's driver and select it to replace the original SCSI driver for this unused controller. This will of course render this unused SCSI controller useless for now, but it installs the driver into the OS so that the RAID controller later will be recognized and handled in boot.
2. Install the physical parts into the computer - including the RAID controller (chip) and the disks it will control
3. Set up the RAID volume on the RAID controller. This is done during boot. The controller tells you to push a function key to access RAID controller options/setup.
4. You must also enter the server's CMOS setup and set the RAID controller as the boot device.
5. On most systems you can now boot from a Ghost boot disk and image the old HDD to the new RAID volume. As mentioned, this does not work on the PowerEdge. As a workaround, a spare server was used. The old HDD was installed there. Now the following steps were taken:
1. The now RAIDed server was booted with a Ghost network boot floppy, selecting TCP/IP and Slave from the Ghost menu. Make a note of the DHCP given IP address. If this goes wrong, check that you have a DHCP server running.
   
2. The spare server was then (afterward - important) booted with a Ghost network boot floppy, selecting TCP/IP and Master from the Ghost menu
3. The IP of the RAIDed server is given as the Ghost slave to control
4. The RAIDed computer is ghosted over the net, and will, because of the previously installed RAID controller SCSI driver, boot nicely when finished.