Category Archives: Windows Server 2008

autorun.inf AV blocking gotcha

Discovered this today from within Windows 7. …Any software process that involves copying, moving, or even deleting the autorun.inf file can fail as a result of current default antivirus software (aka AV) behavior.  This file is at the root of every Windows drive.

In preparation for an SBS 2011 install I wanted to create a bootable USB drive of the install media.  To start I attempted to clean off the drive of all its contents but that process failed with the autorun.inf file.  Then I realized that I should’ve just reformatted so to be thorough; of course that sledge-a-matic action worked.

I’ve done this before for SBS 2011 and WHS 2011 which can require this type of USB drive install media on headless servers.  The odd thing is that never before was this an issue so this must be something new that has emerged behind the security scenes but of which I was not aware.  What I uncovered was the Trend Micro WFBS Agent settings were blocking both ‘delete’ and ‘copy’ actions to the autorun.inf file.  This isn’t specific to just TM though as the Google search result I found pointed to a different AV vendor.  If you hit this error, disable the AV temporarily as the workaround. 

Initially I opted to go the Windows 7 USB/DVD Download tool method (creates a bootable USB drive from ISO or DVD) but hit an issue when it failed during the copying process.  After trying variations and getting the same failed result, I opted to go the longer manual creation route as detailed by Tim Barrett in his www.NoGeekLeftBehind.com blog.  During that process I hit the root issue in a way that gave me a usable error message to find the solution.  After disabling the AV I hit success.

Advertisements

SPLwow64.exe Terminal Server/Remote Desktop Service tweak needed

Now having had two clients with a related system process problem, I am documenting what I’ve discovered and the needed tweak to fix it.  Both of these small businesses are heavily using Remote Desktop Services aka Terminal Server.  One with SBS 2011 and Windows 2008 R2 on the member server (both virtualized on Hyper-V); the other uses SBS 2008 with Windows 2008 on its member server.  The first biz uses 98% of its connections as thin clients and has seen huge amounts of memory (commit size) set aside for instances of ‘splwow64.exe’.  The second client experienced an issue with Windows 2000 clients (yes they are still out there …yikes!) not automatically ending their session when they closed the Environment Tab specified application that their TS session is limited to running/displaying – just got the blue logoff screen in a hung stasis.

On the first I tried changing the configuration of the main shared printer.  The printer is which I determined was where all the SPLwow64.exe related print tasks were being sent.  First I disabled spooling and secondly I unchecked the box to render print jobs on client (in this case the RDS server).  Neither satisfied the desired memory release I wanted to see achieved.  I could confirm the correlation with the SPLwow64.exe process and actual memory consumed via the Hyper-V Manager console which showed the dynamic memory demand of this RDS machine.  When the topmost listed instances of the SPLwow64.exe process were ‘ended’ the overall memory dropped equally dramatically.  This server which typically needed roughly 4 GB of running memory was underperforming when maxing out at 10 GB that were dynamically being made available to it.

The link below states in the first post that you can adjust the time this process takes to release its memory and links to a dead KB article.

http://forums.techarena.in/windows-x64-edition/816779.htm

That applicable control registry key is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\SplWOW64TimeOut

image

The second client’s issue led me to find the following thread and and in the last post the solution.  It’s a simple technique that can be applied if you want to turn off the use of system processes, SYSwow64.exe in this case, for a Terminal Server.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\SysProcs
Add a REG_DWORD called "splwow64.exe" set the value to 0

image

**Here’s another related conversation thread by an application developer found in the private Microsoft Forums

http://social.technet.microsoft.com/Forums/en-US/appvclients/thread/da0c76ea-5653-4439-a515-8246a2135cdc

Post SBS 2008 migration and now need data from SBS 2003 NTBackup media – what to do now?

image

(picture is linked to download)

If you find that there is missing information after the migration has completed (or someone in organization suspects this) then you need to access your NTBackup created media and potentially recover data.  But Windows Server 2008 no longer has NTbackup; Vista did the same thing.

What to do?  Download the above nifty utility or go to a Windows 2003 Server you still have access to.  With the utility you can keep it all in house at the business network which keeps thing simple.

KISS is a DU-IT best practice.

Download details: File Server Migration Toolkit

Speaking of data migration (see last post) here’s a really clever way to exploit newer technologies to move massive file server data.  This provided a couple years back by Jeremy Moskowitz of Group Policy MVP fame – the guy from GPanswers.com who’s developed the clever PolicyPak tools for Server 2008 era OS’s.

imageimage

Microsoft File Server Migration Toolkit 1.1

Brief Description

The wizards in the File Server Migration Toolkit use Distributed File System (DFS) to maintain Universal Naming Convention (UNC) paths and to simplify the consolidation and migration process

KB Link and Download details: File Server Migration Toolkit

Server 2008 Core Windows Updates Full Management

The latest version of the SmartX Core Configurator takes a stripped down default process and makes it fully admin friendly. No more do you have to unplug and pray that the updates install while your reboot the Core machine. WSUS can tell you what you need installed, you can approve the install but there is no way to ‘on demand’ force it to initiate the installation process. If it fails to install you aren’t given easy access to the relevant logged information. If you feel like the Core OS’ scant footprint is too scant in this are then you need this tool. Like Exchange 2007 which is fully Power Shell driven so is Core; and also like Exchange you can build a nice GUI to call common shell scripts to do some quick work rather than fill your mind with more information to memorize (and forget).

clip_image002

In next window hit Advanced button.

clip_image004

And then you can Search for needed updates and check the box and install whatever subset of updates you wish. You can even see a history of whatever is installed on the Core machine – very nice!

clip_image006