You will see this error if you are migrating a Certificate Services Server from Server 2008, (NOT Server 2008 R2) to Windows Server 2016, (or newer).
Version of log file is not compatible with the Jet version 0xc8000202 (ESE: 514 Jet_errBadLogVersion)
You will also see the following events logged;
Event ID 17
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: xx/xx/xxxx xx:xx:xx
Event ID: 17
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: 2019-CA.migrate.com
Description:
Active Directory Certificate Services did not start: Unable to initialize the database connection for MIGRATE-CA. Version of log file is not compatible with Jet version 0xc8000202 (ESE: -514 JET_errBadLogVersion).
OK, if you followed a good CA migration guide like mine here, then you already have a copy of the the Database, CA certs, Private keys, and Registry settings. So you are good, don’t panic.
This has happened because the source Jet Database that Certificate Services used on the old 2008 Server, (Note: not 2008 R2) is simply too old to be upgraded straight to the one on Server 2016 or newer.
You need to spin up a 2012 R2 server, migrate Certificate Services, onto that, then migrate to Server 2016 (or 2019) from there.
Related Articles, References, Credits, or External Links
I was trying to hot add some memory to a VM the other day, and found the option grayed out. Normally I’d just down the VM, add the memory, then bring it back up. But it was a production server and I was pretty sure the OS supported it.
A quick Google search told me why it was grayed out, but it also transpired there was little to no information on what version of Windows hot add and hot plug would work with.
Solution
I’m not going to argue the semantics of the differences between “hot add” and “hot plug”, if I’m taking about hot add I’m talking about memory, if I’m talking about hot plug I’m talking about adding CPUs. You also need to be aware that to date Few OS’s support hot remove or hot unplug. If you try you will see the following;
vSphere version 6 or 6.5 (Hot Unplug )
It simply wont let you lower the value;
Note: With a Supported O,S (i.e. Server 2016 and 2019) you CAN hot remove CPU.
vSphere version 5.0 or 5.5
Hot Add Memory/ CPU in vSphere 6 & 6.5
As with earlier version of vSphere, to enable hot plug or hot remove, the machine has to be shut down. Then the option can be enabled. Select the VM > Edit Settings.
CPU: Virtual Hardware > CPU > Tick ‘Enable CPU Hot Add’ > Save.
Hot Plug, Hot Add in the vSphere HTML5 Client
Hot Add Memory/ CPU in vSphere 5 & 5.5
As for memory and CPU settings you will probably see what I was seeing. Both the options are not changeable.
2. Sorry but to enable this feature you need to power off the client machine, then when you edit its settings > Options > Advanced > Memory/CPU_Hotplug > You can enable hot add and hot plug > OK . Power the VM back on again.
3. Now you will see you have the option to hot add memory and hot plug CPUs.
What Operating Systems support this?
Like I said above, I did some testing because information is thin on the ground, this is what I was actually able to make work.
With 2008 R2 Standard
1. As you can tell from the table memory hot add will work but to add a CPU will need a reboot. Before I started I had 2 CPUs and 4GB of memory.
2. Lets add more memory and CPUs.
3. For all machines I tested there was a lag, sometimes as little as 3-5 seconds, other times as long as 15-20 seconds, during this time you will see some processor and memory usage spikes. But as shown the memory eventually becomes available.
4. Post reboot, your extra CPUs will appear.
With 2008 R2 Enterprise and Datacenter
1. Note I’m using Datacenter here, but Enterprise is the same. I increased the memory from 4 to 5 GB, And added a further 3 CPUs.
2. It does work, you simply need to restart the “Task Manager” to reflect the increased CPU count.
3. Finished.
Related Articles, References, Credits, or External Links
I needed to work out how to bulk disable some domain users from a .CSV file this week, so I thought I’d write it up.
Disable Domain Users in Bulk from CSV
Well firstly, you need to have your users in a CSV file. For the live job I just exported all the SamAccountNames to a CSV, but here for testing I just loaded a few in manually;
In Part 3 we ran through manual pools, if you want to deploy automated pools using ‘Linked Clones’, then you will need VMware Composer. Composer installs on your Virtual Center Server. It also requires a database, the following is a step by step guide to installing SQL Server 2008 R2 and configuring it for Composer.
VMware View 5 Suppored Database Platforms
When you have your databse platform installed and configured, on the Virtual center server create an ODBC connection to the database and install VMware Composer. Finally you will need to enable composer in the VMware View Administrator Console.
Solution
VMware View – Installing SQL 2008 R2 and Configuring for Composer
1. Let the SQL DVD auto-run and choose Installation > New installation > OK > Product Key > Next > Accept the EULA > Next > Install the setup files.
2. Take note of any warnings, here it’s complaining that I’m on a domain controller (in a test environment this is OK, don’t do this in production!). And it’s giving me a firewall warning. I’m going to disable the firewall as I’m behind a corporate firewall, BUT if you want to create an exception for TCP port 1433, or run the following command. That would be the correct way to address the warning.
[box] netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN [/box]
3. You only need the “Database Engine Services” and the “Management Tools” , or you can simply install everything > Next > Next > Select Default Instance* > Next > Next.
*Unless you specifically want a named instance.
4. I set the services to run under the ‘System’ account, if you want to use the domain admin, or another domain service account use that instead. You can use the “Use same account button for all” to save typing > Next.
5. We will need SQL authentication, type in a suitable complex password (You can add the current user of the domain administrator as well) > Next > If your installing Analysis services you can add an account here > Next.
6. Install the native mode default configuration > Next > Next > Next > Install > Close > Exit the SQL installer.
7. Launch the SQL Management Studio > Log in (for servername simply type in localhost) > Right click Databases > New Database..
8. Give the Database a name > Select the ‘Options’ Settings.
9. Change the recovery model to ‘Simple’ > OK.
10. Expand Security > Logins > Create a new login.
13. Give the new user/login a name, select SQL authentication > Set a complex password > Untick Enforce password expiration > Select the user mappping section (on the left).
14. Select the database you have just created and give this new user the “db_owner” role > OK > Exit the management studio
VMware View – Configure ODBC Settings on the Virtual Center Server
15. On the vCenter Server > Start > Administrative Tools > Data Sources (ODBC).
16. System DSN > Add > SQL Server Native Client > Finish,
17. Add in the Database name and the server you installed SQL on > Next.
18. Supply the details for the user you created and the password you set > Next.
19. Change the default database from ‘master’ to the one you created > Next > accept all the defaults > Finish.
20. Click ‘Test Data Source’ and it should say TEST COMLPETED SUCESSFULLY > OK > OK > OK.
VMware View – Installing VMware Composer
Note: Composer MUST be installed on your VMware virtual Center (vCenter) Server.
21. Run the installer > Next > Next > Accept the EULA > Next > Next > Enter the ODBC details and login you created earlier > Next.
22. Next > Install > Finish.
VMware View – Add Composer to VMware View Administrator Console
23. Connect to, and log into the VMware View Administrator Console > View Configuration > Servers > If you already have a vCenter server select Edit > If not select Add.
24. On the vCenter Server settings tab ensure ‘Enable View Composer’ is ticked and add in a domain user (with rights to create, and delete computer objects in the domain) > OK.
25. You will know if the operation was successful as the vCenter logo will change, it will now have a gold/yellow box around it.
Related Articles, References, Credits, or External Links
You have a Linux client machine, and you want to authenticate to, and log into a Windows domain. I don’t have too much history with Linux, but from what I’ve read this used to be a nightmare. Using Ubuntu (10.10) I did have a couple of hiccups, but I did get there in the end.
Note: The domain controller is a Windows 2008 R2 Server.
Solution
Notes
1. The commands needed to install the “likewise-open5” package, and join the domain, (assuming the FQDN of the domain is domaina.com and the user name you are using to join the domain is administrator).
2. Then to allow users to logon from the Ubuntu welcome screen,
[box]sudo nano /etc/samba/lwiauthd.conf[/box]
3. Add the following line (the file will probably be empty), to Save press CTRL+X, then Y, then {enter}.
[box]winbind use default domain = yes[/box]
4. Then reboot.
[box]sudo reboot[/box]
5. To allow sudo for the domain user(s),
[box]sudo nano /etc/sudoers[/box]
Locate the line that reads “#Members of the Admin group may gain root privileges and do the following:”. Below that, type the following (assuming the domain name is domaina and the user is a member of the domain admins group, domain^users also works).
[box]%domainadomain^admins ALL=(ALL) ALL[/box]/p>
Problem 1
Error: Lsass Error [code 0x00080047]
9502 (0x251E) DNS_ERROR_BAD_PACKET – A bad packet was received from a DNS server. Potentially the requested address does not exist.
This plagued me for a while, I tried everything I read online (like making sure that my time was correct – which it wasn’t (see below), making sure firewalls were off (they were), make sure your DNS has a reverse lookup zone (mine has), and finally make sure there are no existing DNS records for the IP address you are connecting with (mine did so I deleted them). None of these fixed the problem, to fix it is annoyingly simple.
FIX
Firstly make sure that the Ubuntu client is looking at your domain DNS server, for it’s DNS, the following command will tell you,
[box]cat /etc/resolv.conf[/box]
Then get the domain syntax right, in my case the domain name.
If you would like to add your domain user(s) to the welcome screen click here.
Update 04/01/12
Attention: PeteNetLive – Suggestion
Message: Hi,
Thanks very much for you YouTube and description of joining Ubuntu to a domain. There was however one step extra that I needed to do to enable to logon screen to show users other than the local use and the guest account. To do this I had to add the following line to /etc/lightdm/lightdm.conf
greeter-show-manual-login=true
I was joining Ubuntu 12.10 to the domain so maybe it is specific to 12.10 since you didn’t experience it but it would be good to add it to your article along with the other fixes to issues.
Thanks again.
From: Roland Elferink
Related Articles, References, Credits, or External Links
Spend any time working in windows and sooner or later something will upset Windows Explorer, and when it crashes it has a habit of taking something with it (usually your desktop experience – or something you’ve been working on and have not saved!).
The underlying problem can be anything from some poorly coded software, a dodgy device driver, or a wayward Windows update. But you can offset the problem by running Windows Explorer in its own sandboxed process, then if it does fail, it wont break anything else.
Warning there is a slight performance overhead to doing this but if you have a reasonable machine – crack on!
Solution
1. Open Windows Explorer (Windows Key +E)
2. Click Tools > Folder Options > View > Place a tick next to “Launch folder windows in a separate process” > Apply.
Note: If you can’t see the Tools Menu Press F10.
Related Articles, References, Credits, or External Links
I needed to get a list of installed programs from a server I was having problems with, so I could compare the results with another server. Note: This will work on Windows client OS’s as well.
Solution
1. On the machine in question launch a command window.
2. To display all the installed programs execute the following two commands;
[box]
WMIC
product get name,version [/box]
3. To export all the installed programs to a text file (c:ProgramList.txt) execute the following two commands;
[box]
WMIC
/output:c:ProgramList.txt product get name,version [/box]
4. Here’s the sort of information you can get.
5. To export all the installed updates to a text file (c:UpdateList.txt) execute the following two commands;
[box]
WMIC
/output:C:UpdatelList.txt QFE get [/box]
Note: You can get a list of updates by running the ‘systeminfo’ command but this gives you much more information.
6. Here’s the sort of information you can get.
Related Articles, References, Credits, or External Links
Before server 2008 if you wanted more than one password policy, you had to create a sub domain just to do that! with Server 2008 we were given fine grained password policies, which were fine (if a little clunky), and involved you creating ‘Password Settings Objects’.
They were a pain if you were not used to them e.g. five minutes is entered as 00:00:05:00. But now Microsoft have made things a LOT EASIER (though they made a good job of hiding it!).
Solution
1. From Server Manager (ServerManager.exe) > Local Server > Tools > Active Directory Administrative Center.
2. System container.
3. Password Settings Container.
4. New > Password Settings > Configure as required > Add > Locate the Security group you want to apply the policy to > OK > OK.
Note: The Precedence dictates which policy will apply if the same user has multiple policies applied to them.
5. You can then create other policies to apply to different groups.
To See What Policies are Applying to a User
6. Locate the user (while still in Active Directory Administrative Center) Right click > View resultant password settings > If a policy is in place it will open.
7. If there is no policy in place you will see, “User does not have resultant fine grained password settings. Please check the user’s domain password settings”.
Related Articles, References, Credits, or External Links