To View or Change the Tombstone LifeTime

To View or Change the Tombstone LifeTime

*To perform the following steps you'll need to be a member of the Enterprise Admins group.

By Joe Piggee Sr.

To view or change attribute values by using ADSIEdit:

1. On the Start menu, point to Run and then type ADSIEdit.msc and press Enter.
2. In the next window, click Action-> Connect to
3. In the center, change the connection point to "Select a well known Naming Context"
4. Click the drop down menu, and select Configuration, then click OK
   
5. Navigate to Configuration->CN=Services->CN=Windows NT->CN=Directory Service, Right click, and select properties
6. 
7. Scroll down to "tombstoneLifetime" and double click to edit. It will be displaying the current value, which will be in days.
8. When done just click OK.
9. Click OK and then close ADSIEdit.

* When you view properties on cn=Directory Service,cn=Windows NT, cn=Services,cn=Configuration,dc=, if no value is set it means that the default value is in effect. Any value that you type in the Edit Attribute box replaces the default value when you click Set .

What Files Make up a virtual Machine on ESXi 5.x

By Joe Piggee Sr.

 

Ok, I have received this question 4 times this week, via email, so decided to just put up a quick FAQ. “What files make up a VM, on ESXi 5?” Below you see a screenshot one of my virtual machines, which just happens to be also be my vCenter.

 

Quick Note: Virtual machines lock the .vswp, -flat.vmdk and -delta.vmdk, .vmx and .log files while powered on.

 

File	Description
*.vmx	This is the configuration file for the VM.
*.vmxf	This is also a configuration file, but not really used. It’s main purpose is for compatibility. If you were to move a VM from ESXi to a VMWare Workstation installation, this file would be used.
*.vmsd	This is just a snapshot descriptor file, that stores metadata. As you see above, mine is 0KB, because I have not created any snapshots.
*.vmdk	This is the VM’s hard disk descriptor. This contains all the VM HD’s settings. Like how large etc..
-flat.vmdk	This is the actual VM HD that contains the data.
*.log	VM Log Files, there maybe additional log file with vmname-(Number) that contain old versions of the logs
*.nvram	VM System Bios data
*.vswp	VM Swap File reated when the virtual machine boots and is used to swap memory if access to physical memory isn’t possible. Especially useful when ballooning.
*.lck	This is the file that has locked your running files. A running virtual machine creates lock files to prevent consistency problems on virtual disks. If the virtual machine did not use locks, multiple virtual machines might read and write to the disk, causing data corruption. Lock files are always created in the same directory as the .vmdk files

How to remove Windows Update install Files

By Joe Piggee

 

1.     Click on "Start" and then "Run."

2.      Type "services.msc" (without quotes) and press "Enter."

3.      Install Service Packs

4.      Install service packs on business networks with minimal effort.

5.      Right-click on "Automatic Updates Service," then select "Stop." Wait for the service to stop, then click on "Start" and open "Run" again.

6.      Type "%windir%\SoftwareDistribution" (without quotes), then press "Enter."

7.      Double-click on the "Download" folder. Press "CTRL+A" to select all the contents of the folder, then press "Delete."

8.      Open "Run" from the Start menu again, then type "services.msc" (without quotes) and press "Enter."

9.      Right-click on "Automatic Updates Service," then select "Start.

A life saver... Recreate disk descriptors

Restart Management agents, or Web Management Service on an ESXi 5.x Host

By Joe Piggee Sr.

You may run into a scenario when you can’t connect to a host via vCenter, vSphere client etc.

Quick and easy:

To restart the management agents on ESXi:
 
DCUI:
1. Connect to the console of your ESXi host.
2. Press F2 to customize the system.
3. Log in as root.
4 . Use the Up/Down arrows to navigate to Restart Management Agents.

5. Press Enter.
6. Press F11 to restart the services.
7. When the service has been restarted, press Enter.
8. Press Esc to log out of the system.

From Local Console or SSH:
1. Log in to SSH or Local console as root.
2. Run this command:

./sbin/services.sh restart

Active Directory: Creating a Cross Forest Transitive Trust

Active Directory: Creating a Cross Forest Transitive Trust

To create a forest trust

1. Open Active Directory Domains and Trusts.
2. In the console tree, right-click the domain node for the forest root domain, and then click Properties.
3. On the Trust tab, click New Trust, and then click Next.
4. On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
5. On the Trust Type page, click Forest trust, and then click Next.
6. On the Direction of Trust page, do one of the following:
   • To create a two-way, forest trust, click Two-way.
     Users in this forest and users in the specified forest can access resources in either forest.
   • To create a one-way, incoming forest trust, click One-way:incoming.
     Users in the specified forest will not be able to access any resources in this forest.
   • To create a one-way, outgoing forest trust, click One-way:outgoing.
     Users in this forest will not be able to access any resources in the specified forest.
7. Continue to follow the wizard.

* Reference: http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

Useful Troubleshooting Commands

When cross-forest trusts fail, the secure channel should be verified to determine that a foreign DC can be identified and contacted. This post provides information on troubleshooting techniques in this scenario, and is really only the first step in troubleshooting - establishing that there are no DC locator issues determining what should be a valid DC across the trust.
The following commands are useful for troubleshooting secure channel issues, specifically name resolution, DC locator and connectivity:

· nltest /domain_trusts /v

· nltest /sc_query:%trusted_domain%

· nltest /sc_reset:%trusted_domain%[\%DCname%]

· nslookup -debug -type=srv _ldap._tcp.dc._msdcs.%domainFQDN%

Ports for Commonly Used Windows Services

Service Name	UDP	TCP
Browsing datagram responses of NetBIOS over TCP/IP	138
Browsing requests of NetBIOS over TCP/IP	137
Client/Server Communication		135
Common Internet File System (CIFS)	445	139, 445
Content Replication Service		560
Cybercash Administration		8001
Cybercash Coin Gateway		8002
Cybercash Credit Gateway		8000
DCOM (SCM uses udp/tcp to dynamically assign ports for DCOM)	135	135
DHCP client		67
DHCP server		68
DHCP Manager		135
DNS Administration		139
DNS client to server lookup (varies)	53	53
Exchange Server 5.0
Client Server Communication		135
Exchange Administrator		135
IMAP		143
IMAP (SSL)		993
LDAP		389
LDAP (SSL)		636
MTA - X.400 over TCP/IP		102
POP3		110
POP3 (SSL)		995
RPC		135
SMTP		25
NNTP		119
NNTP (SSL)		563
File shares name lookup	137
File shares session		139
FTP		21
FTP-data		20
HTTP		80
HTTP-Secure Sockets Layer (SSL)		443
Internet Information Services (IIS)		80
IMAP		143
IMAP (SSL)		993
IKE (For more information, see Table C.4)	500
IPSec Authentication Header (AH) (For more information, see Table C.4)
IPSec Encapsulation Security Payload (ESP) (For more information, see Table C.4)
IRC		531
ISPMOD (SBS 2nd tier DNS registration wizard)		1234
Kerberos de-multiplexer		2053
Kerberos klogin		543
Kerberos kpasswd (v5)	464	464
Kerberos krb5	88	88
Kerberos kshell		544
L2TP	1701
LDAP		389
LDAP (SSL)		636
Login Sequence	137, 138	139
Macintosh, File Services (AFP/IP)		548
Membership DPA		568
Membership MSN		569
Microsoft Chat client to server		6667
Microsoft Chat server to server		6665
Microsoft Message Queue Server	1801	1801
Microsoft Message Queue Server	3527	135, 2101
Microsoft Message Queue Server		2103, 2105
MTA - X.400 over TCP/IP		102
NetBT datagrams	138
NetBT name lookups	137
NetBT service sessions		139
NetLogon	138
NetMeeting Audio Call Control		1731
NetMeeting H.323 call setup		1720
NetMeeting H.323 streaming RTP over UDP	Dynamic
NetMeeting Internet Locator Server ILS		389
NetMeeting RTP audio stream	Dynamic
NetMeeting T.120		1503
NetMeeting User Location Service		522
NetMeeting user location service ULS		522
Network Load Balancing	2504
NNTP		119
NNTP (SSL)		563
Outlook (see for ports)
Pass Through Verification	137, 138	139
POP3		110
POP3 (SSL)		995
PPTP control		1723
PPTP data (see Table C.4)
Printer sharing name lookup	137
Printer sharing session		139
Radius accounting (Routing and Remote Access)	1646 or 1813
Radius authentication (Routing and Remote Access)	1645 or 1812
Remote Install TFTP		69
RPC client fixed port session queries		1500
RPC client using a fixed port session replication		2500
RPC session ports		Dynamic
RPC user manager, service manager, port mapper		135
SCM used by DCOM	135	135
SMTP		25
SNMP	161
SNMP Trap	162
SQL Named Pipes encryption over other protocols name lookup	137
SQL RPC encryption over other protocols name lookup	137
SQL session		139
SQL session		1433
SQL session		1024 - 5000
SQL session mapper		135
SQL TCP client name lookup	53	53
Telnet		23
Terminal Server		3389
UNIX Printing		515
WINS Manager		135
WINS NetBios over TCP/IP name service	137
WINS Proxy	137
WINS Registration		137
WINS Replication		42
X400		102