set-executionpolicy unrestricted is denied.

Sunday, February 3rd, 2013

One of the steps we have for setting up a new LSF server is to run a powershell script which does a survey of the machine. The first step is to un-restrict the execution policy via this command:

set-executionpolicy unrestricted

The command was entered and it returned this nice little error:

Execution Policy Change
The execution policy helps protect you from scripts that you do not 
trust. Changing the execution policy might expose you to the security 
risks described in the about_Execution_Policies help topic. Do you 
want to change the execution policy?

[Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y
Set-ExecutionPolicy : Access to the registry key 'HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft .PowerShell' is 
denied.

At line:1 char:20
+ set-executionpolicy <<<<  unrestricted
    + CategoryInfo          : NotSpecified: (:) [Set-ExecutionPolicy], 
      UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,
      Microsoft.PowerShell.Commands.SetExecutionPolicyCommand

Rather odd since all security was correct.

Two obvious ideas are to upgrade powershell or reinstall it. Neither was an option is this situation.

I did a quick look around Microsoft and found this.

I decided to try the registry option and added the login.

* Run: regedt32
* Goto HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell
* Right-Click > Permissions
* Select, and add your account, grant it “Full Control” privileges
I re-entered the set-executionpolicy command and this time it worked.

 

Posted in LSF, PowerShell, Windows | Tagged , | Leave a comment

Could not start PsExec service on host

Saturday, February 2nd, 2013

I have a script which uses psexec to check a few things on new servers. I ran the script and received the following message.

Couldn’t access *hosta*:
The handle is invalid.
Could not start PsExec service on *hosta*:
Access is denied.
Starting PsExec service on *hosta*…

Rather an odd message because another server with the same configuration didn’t have a problem. I checked a few things but did not find anything obvious. Server pings, remote desktop works, etc., etc…..

From the other box I tried to see if I could remote access the C drive via \\hosta\C$ and received this error:

\\hosta\C$

Logon Failure: The target account name is incorrect

The AD account looked ok but when I checked the host; I found a typo.  Instead of *hosta* there was *hosa* (obviously not the real name but you get the idea).

I deleted the domain account and simply renamed the server.  The domain prompted for an admin level account to do this and rebooted.

Don’t forget to move the host to the proper AD group if you use them.

Moral of the story: DNS/AD is both a friend and enemy. DNS pointed to the correct server but simple things would not work while other things like remote desktop did.  Well? Only because a previous problem prompted for a change in the negotiation level of RD.

It’s funny but I look back to my first AD design course and I remember the teacher repeating most AD problems are DNS related.

Posted in 2008, PowerShell, Windows | Tagged , , , | Leave a comment

This could be caused by an outdated entry in the DNS cache.

Saturday, February 2nd, 2013

I was setting up a new server and when it came time to test a few things; I received this nice message when I tried Remote Desktop:

The connection cannot be completed because the remote computer 
that was reached is not the one you specified. This could be caused
by an outdated entry in the DNS cache. Try using the IP address of 
the computer instead of the name.

I checked the cache and DNS and found it was in order. Remote desktop would work with the IP address.

This was one of two machines with the same setup and the configuration matched the other machine. I checked the Microsoft site and found this.

All you need to do is:

  1. Start > Administrative Tools > Remote Desktop Services > Remote Desktop Session Host Configuration.
  2. Look under Connections and Right-click the RDP listener (Connection name is RDP-Tcp) and select properties.
  3. Look in the security box where you should see the security layer is set to negotiate.
  4. Change it to RDP Security Layer via the drop down button.
  5. Click OK and close the Remote Desktop Session Host Configuration.

After that; Remote Desktop by hostname works.

I can’t explain why this happened on one of two identically configured systems. I could go back and hunt for a reason if I had time which I never do of course….

*update*

Well now. While working on another issue; I found the problem. The hostname was misspelled on the host. DNS and AD managed to give functionality but other things like simply mounting the C drive \\host\C$ failed giving the error “The target account name is incorrect” A quick delete of the domain record, a reboot and the problem is solved.

Posted in 2008, Remote Desktop, Terminal Server, Windows | Tagged , , , | Leave a comment

System error 2148073478 has occurred.

Tuesday, January 15th, 2013

As we start to play with Windows 8 in our environment; we run into many new things. One such issue was trying to mount a network drive from a Netapp Filer.

We issued the command and received the following error:

System error 2148073478 has occurred.

A quick check at Microsoft showed this was due to Windows 8 and Server 2012 now using “secure negotiate” in their use of SMBv3. This requires servers using SMBv2 (which the filer in question uses) to use a signed response for all error messages which some filers don’t use and it causes the connection to fail.

The suggested resolution was to get the third party vendor to provide an update which in this case was not possible as it’s a “Release Candidate” at this time. This is not always the best thing to run in a production environment. Especially, for only a couple clients that are being used to test the new operating system versus having a genuine need.

The other option was to perform a registry edit via PowerShell to disable the “secure negotiate” on Windows 8.

I opened the PowerShell window and pasted:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters” RequireSecureNegotiate -Value 0 -Force

But, it didn’t work.  I received this nice little message:

> Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Serv
ces\LanmanWorkstation\Parameters" RequireSecureNegotiate -Value 0 -Force
Set-ItemProperty : Requested registry access is not allowed.
At line:1 char:1
+ Set-ItemProperty -Path
"HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstatio ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
    + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...tion\Parame
   ters:String) [Set-ItemProperty], SecurityException
    + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.Powe
   rShell.Commands.SetItemPropertyCommand

One of the things to remember is Microsoft is trying to be more secure with such things. Being a local administrator isn’t what is used to be.

The way around this was to right-click the tile for powershell (I have the administrative tools displayed on the desktop).  This made a check appear on the tile and a menu appear at the bottom of the screen.  On that menu was the option to “run as administrator”

I clicked the option and was able to run the command.

After that; I was able to mount shares from the filer.

Posted in 2012, 8, PowerShell, Windows | Tagged , , | Leave a comment

Windows 8 Administrative menu

Sunday, January 13th, 2013

Windows 8 is almost a treasure hunt to find the old menus. One missing menu is the Administrative menu. To get a quick display of available administrative tools:

  1. Move the cursor to the bottom left corner where you should see a thumbnail of the metro desktop.
  2. Right-click on it.
  3. You will get a menu of the most common tools such as task manager and the cmd window.

 

Posted in 8, Windows | Tagged , | Leave a comment

Display Windows 8 Administrative tools

Saturday, January 12th, 2013

The new Metro interface of windows 8 can be intimidating at first.  Especially, when all the usual tools are missing. They aren’t missing just hidden or in a different place.

One such set of tools are the old Administrative tools.  These can be enabled and will show up as their own set of tiles.

To display administrative tools:

  1. Move the cursor to the upper/lower right part of the screen and click Settings.
  2. Under settings; click Tiles
  3. You will see Show Administrative Tools and under that it will read No
  4. Click the bar to the right of no which will move the slider to the other side and No will change to Yes
  5. Click anywhere on the Metro field which will close the menu and the tiles for Administrative Tools will appear.

This will cover most needs as you test out Windows 8. Once you are comfortable, you can of course change the display back and create your own set of tiles for tools you frequently use.

Posted in 8, Windows | Tagged , | Leave a comment

How to show hidden files in Windows 2008

Friday, January 11th, 2013

Every major release of an OS brings changes to the layout. Such is the case of showing hidden folders on server 2008.

To enable hidden folder:

  • Open the C drive and look to the left for the organize menu.
  • Click it and select Folder and search options
  • Click the View tab.
  • Click the circle for Show hidden files, folders, and drives.
  • Click OK

The hidden folders and files will now appear.

Posted in 2008, Windows | Tagged | Leave a comment

Where is the command window in Windows 8?

Thursday, January 10th, 2013

Windows 8 is a massive change on the user interface.  Many of the things we took for granted are no longer where they used to be.

One such feature is the trusty option for the CMD window in the start menu.

It’s rather easy to get one actually.

Simply type cmd on the main user interface and this will bring up the search apps menu and it will highlight a box on the ui.

Either click the box or press enter and the screen will change to the familiar looking desktop with a command window opened.

I am told once you figure out windows 8, you will find it’s better then windows 7

Posted in 8 | Tagged , | Leave a comment

Where is Hardware Management?

Sunday, December 30th, 2012

I was tasked with adding several machines to a network KVM switch. The HP servers run iLO for remote management functions and they easily installed. The DELL servers use DRAC which required work to get them configured. One DELL server didn’t have a DRAC card so I had to use IPMI.

The server ran Windows 2003 which does not automatically install the IPMI driver. This is accomplished through Add/Remove Programs

  • Click Start, Control Panel, Add/Remove Programs.
  • Click Add/Remove Windows Components.
  • From the component list, select Management and Monitoring Tools, and click Details.
  • Select Hardware Management.

 
Wait a minute! Where is the Hardware Management option?

It turns out this option is only available with the R2 version of Server 2003. A quick installation and the option was available.

Following the same steps as above, the next step is to click “Next”

The installation wizard will start and it will ask for the Windows Server 2003 R2 installation disk.

After it’s installed; it would be a good idea to verify installation as there is a technote and a hot fix to install if the IPMI driver does not appear.

To verify installation: 

  • Click Start, Control Panel, System.
  • Select the Hardware tab.
  • Click Device Manager.
  • Click View, Show Hidden Devices.
  • Expand System devices.

 
Look for Microsoft Generic IPMI Compliant Device. If it exists, it’s installed. If not, enter the following command:

rundll32 ipmisetp.dll, AddTheDevice

The device should appear. If not, you might need this hotfix.

Once the device is in place, we can go about configuring it.

I will present this in another post.

As always; the useful links:

Introduction

Microsoft
Opengear

Enabling

Microsoft

Posted in Dell, IPMI, RAC, Windows | Tagged , , , | Leave a comment

A firmware update is currently in progress. Unable to reset the RAC at this time.

Tuesday, December 18th, 2012

I was trying to add a couple old Dell servers to mergepoint for remote reboot capabilities. As I was configuring one, I received and interesting message when I attempted a : racadm racreset

ERROR: A firmware update is currently in progress. Unable to reset the RAC at this time.

I had upgraded the firmware and was rather concerned about this error. I really became concerned when I tried to get system information and received the following:

C:\>racadm getsysinfo

RAC Information:
RAC Date/Time = Mon Dec 17 15:24:44 2012
Firmware Version =
Firmware Build =
Last Firmware Update =
Hardware Version =
MAC Address = 00:11:22:33:44:55

Common settings:
Register DNS RAC Name =
DNS RAC Name =
Current DNS Domain =
Domain Name from DHCP =

IPv4 settings:
Enabled =
Current IP Address = 0.0.0.0
Current IP Gateway = 0.0.0.0
Current IP Netmask = 0.0.0.0
DHCP Enabled = 0
Current DNS Server 1 =
Current DNS Server 2 =
DNS Servers from DHCP =

IPv6 settings:
Enabled =
Current IP Address 1 =
Current IP Gateway = /
Autoconfig =
Link Local IP Address = /
Current IP Address 2 = /
Current IP Address 3 = /
Current IP Address 4 = /
Current IP Address 5 = /
Current IP Address 6 = /
Current IP Address 7 = /
Current IP Address 8 = /
Current IP Address 9 = /
Current IP Address 10 = /
Current IP Address 11 = /
Current IP Address 12 = /
Current IP Address 13 = /
Current IP Address 14 = /
Current IP Address 15 = /
DNS Servers from DHCPv6 =
Current DNS Server 1 =
Current DNS Server 2 =

System Information:
System Model =
System Revision =
System BIOS Version =
BMC Firmware Version = 01.23
Service Tag =
Express Svc Code =
Host Name =
OS Name =
Power Status = ON

Watchdog Information:
Recovery Action = None
Present countdown value = 300 seconds
Initial countdown value = 300 seconds

Embedded NIC MAC Addresses:
NIC1 Ethernet =
iSCSI =
NIC2 Ethernet =
iSCSI =
NIC3 Ethernet =
iSCSI =
NIC4 Ethernet =
iSCSI =

What was odd was the fact I could run the firmware upgrade without error and the card was talking to the Mergepoint.

I almost reported the card as bad but I had an epiphany and had a look at installed programs. There I found the OpenManage Server Administrator and Drac Toolkit. I uninstalled the Drac toolkit and received valid information from the Drac card.

Lesson of the day: Sometimes different versions of software which interface with a device can give false readings.

Posted in 2003, Dell, RAC | Tagged , | Leave a comment

« Previous Entries
Next Entries »