Charlie's Tech Ramblings

We needed to find out who hasnt changed their password since 4/1/2007 (I know, for political reasons we cant force changes regularly).  So after doing some digging in the technet whitepages, I came up with this little command line:

dsquery user -stalepwd 1639 -limit 0 | dsget user -samid -mustchpwd -disabled > oldpw.txt

So for all the code. -stalepwd (number) is how many days from today in the past you want to check. 1639 days ago from today (9/26/2011) was 4/1/2011. Change to however many days you want. -limit is the number of results to return. You can limit it to a specific number, or setting to 0 returns all. Then we pipe it to the dsget command, and format the output with the logon name, if the account is set to “change password on next logon”, and if the account is disabled. If the account has never been logged onto, the date of last password will be 1/1/1601. So we wanted to remove those. The -disabled tells us which accounts are disabled (so we can remove them later). Then we pipe it all to a txt file. If you open that text file in excel, then choose delimited style, then next, then space as a delimiter, you will get a nice spreadsheet. You can then sort the rows and delete all the disabled “yes” accounts, and the mustchpwd “yes” accounts out. That will get you all passwords that havent been changed and are not expired or need to change next time you logon.

Found this article and thought it was good to share.  Some are utilities you know and love, but the first one I hadnt heard of before ( Windows System Control Center ).  Check them out:  http://www.itworld.com/data-centerservers/183005/15-incredibly-useful-and-free-microsoft-tools-it-pros

The other day I talked about hung sessions and a fix ( http://www.charliemaurice.com/?p=54 ).  For us, we now have found the underlying problem….printers.  Shocker I know.  So for us, once we kill the citrix print service and the spool service for a few minutes it will automatically clear out the sessions.

My buddy Josh has come up with a solution for getting around not being able to shadow a session if the shadowee or shadower has multiple monitors.  Remote Assistance!  I tried it out and it works great!  Thanks Josh!  Here is a link to his blog and how to set it up:  http://joshuasmueller.wordpress.com/2011/05/17/dual-monitoring-shadowing-in-xenapp-6/

I finally updated my winpe 3.0 boot images to be 4k aware as all our new machines have the new 512e drives in them. If you are using the 3.1 boot images, you are already set.  The process was actually really painless. Here are the directions I followed: http://msdn.microsoft.com/en-us/library/ff794819.aspx and here are the hotfixes that you need to apply:  http://support.microsoft.com/kb/982018

After that, I rolled out my OSD image on a new machine, then ran a vbscript to make sure they were aligned properly.

You can get the vbscript as well as a few more details about the AFHD drives here:  http://dell-lab.posterous.com/is-your-os-partition-4k-aligned-a-simple-vbsc

Sometimes we have an issue where winlogon.exe, csrss.exe and logonui.exe are still running after a user logs off. This causes the user to not be able to log back in (we have a single session limit). The problem is you cant use the DSC to reset/log off the session. There is only one way I have found (besides rebooting) to kill the sessions.

First, find the session numbers in the citrix DSC of the offending sessions, then kill winlogon.exe for those sessions (I log into the server, then add the session number column to task manager, but there are otherways such as tasklist/taskkill from the command line).

After you kill that, it should kill the other two process. I would not recommend trying to kill csrss as it sometimes will blue screen the machine. Now the DSC might say the session is still there even with no running processes for that user/session. At this point, restart the “Citrix Independent Management Architecture” service on the machine. This should clear out the session for good.

*EDIT* Little update on this issue posted here:  http://www.charliemaurice.com/?p=60

Well this one has plagued us for a couple of weeks. Took a while to track down. Turns out that when you initially deploy this, it only downloads 2/3 packages (hence why it gets stuck at 66%). You can confirm this by finding the update (either in the update list, search folder, deployment, where ever…I suggest update list), then going to the content information tab. One of the packages will say no. To fix it, find the update in your update list or search folder and right click and download it again. Once it has finished downloading, you will need to update your distribution point for you deployment package. After that, you should be in business again.

We have been having troubles with our xenapp 6 farm randomly going into a vicious reboot cycle. Nearly all of the farm will just start rebooting itself. In the event log was a 3b bluescreen which is pretty unhelpful by itself. In order to find the culprit, I needed to run windbg. Its actually very easy to do.

Start by downloading it. Its part of the SDK. This link gets you the lite installer: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=6b6c21d2-2006-4afa-9702-529fa782d63b&displaylang=en Download and run that, then install the debugger. You dont need anything else from there if you dont want it. After thats downloaded and installed, start windbg and then choose File -> Symbol File Path. In there, put SRV*c:\symbols*http://msdl.microsoft.com/download/symbols (you can change c:\symbols to any path you want). Then OK out of that and click File -> Open Crash Dump and point it to the dump file (in our case it was c:\windows\memory.dmp, you can find the location in the event log for the BSOD event). With any luck it will give you a best guess as to the cause of the problem. In our case it was Altiris causing our reboots.

Or you can take the easy way out and download BlueScreenView from Nirsoft =D http://www.nirsoft.net/utils/blue_screen_view.html

Ive been playing around with FEP 2010 to replace SEP eventually.  The biggest issue I had was getting definitions out through SCCM since you cant auto-approve (fixed in SCCM 2012). *I should probably note it IS possible, however you have to go against the “never touch the wsus console” recommendation, so I didnt want to use that method* So for now, I was able to find a script to use the network definitions.  Make sure you create the directories first. The part after c:\defs is the important part, change c:\defs to your path, do not change the hierarchy after that. Then you can change the path in the script to match. Save the below code as a vbs file, then set up a scheduled task to run it. MS updates the definitions 3 times per day, so do what you are comfortable with.

strMSEx86URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x86"
strMSEx86Location = "C:\defs\Updates\x86\mpam-fe.exe"
strNISX86URL = "http://download.microsoft.com/download/DefinitionUpdates/x86/nis_full.exe"
strNISX86Location = "C:\defs\Updates\x86\nis_full.exe"
strMSEx64URL = "http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64"
strMSEx64Location = "C:\defs\Updates\x64\mpam-fe.exe"
strNISX64URL = "http://download.microsoft.com/download/DefinitionUpdates/amd64/nis_full.exe"
strNISX64Location = "C:\defs\Updates\x64\nis_full.exe"

Set objFSO = Createobject("Scripting.FileSystemObject")
'check if file exists if so delete
If objFSO.Fileexists(strMSEx64Location) Then objFSO.DeleteFile(strMSEx64Location)
objADOStream.SaveToFile strMSEx64Location
objADOStream.Close
END IF

After you do that, set your network path in your FEP policy in SCCM to point to the folder share. So for example if you had c:\defs shared as \\fepupdates\defs then the path should be \\fepupdates\defs\updates. You need to specifiy the path up to the updates part. FEP knows to look in either the x86 or x64 directory.

Microsoft has finally released a new version of RSAT that will work with Win7 SP1.  For those of us who installed SP1 from a disk, we had no way of using them admin tools.  Thank you Microsoft for getting these out sooner rather than later.  Download them here:  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+MicrosoftDownloadCenter+%28Microsoft+Download+Center%29#tm

So after the big announcement at MMS2011 about FEP becoming free as part of the core cal, I decided it was time to take a look.  For the most part, the install is straight forward.  Unfortunately, it did take me a couple of days to get it installed.  I was plagued by the SQL server pre-req always failing ( the error was Setup has detected that the SQL Server Analysis Services is not running ).  If you do a search, there are a ton of posts.  I tried most of them to no avail (verified the SPN’s, deleted then readded them anyways, etc).  Luckily for me, the SQL server for SCCM is local to the machine and thats all it is used by.  I upgraded from SQL 2008 SP1 to SQL 2008 R2 and wholla!  It passed the pre-req finally.  So if you are having that failure and can upgrade your SQL server, I recommend it.  It actually was completely painless to do so.  Time to start deploying!