Ran into a case today where NLTEST was returning RPC_S_UNKNOWN_IF. C:\Users\Administrator>nltest /sc_query:bradforestI_NetLogonControl failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF C:\Users\Administrator>nltest /sc_reset:bradforestI_NetLogonControl failed: Status = 1717 0x6b5 RPC_S_UNKNOWN_IF I cranked up netlogon logging but nothing appeared in the log which was strange. I then checked the windows services that were running on the system and noticed that…
Debugging Terminal Service not listening. (Isolating an instance of SVCHOST)
Ran into another issue today where I needed to set and IFEO for the particular instance of SVCHOST.exe running terminal service. Here is the easiest way of doing so: 1) Make a copy of SVCHOST.exe on the server, name it Mysvchost.exe and leave it in %Systemroot%\system32\ 2) Open regedit and go to HKLM\System\CurrentControlSet\Services\TermService (this could…
Let me drive! Using remote.exe to connect to a client.
Some might call me a control freak, but when I have the opportunity to investigate a machine myself or provide instructions via the phone/mail to the end-user you know what I’m going to choose. One of the easier ways that I find is to use remote.exe which is part of the debugging package. I’m just going to…
Consequences of running 3GB and PAE together
Well in short, your system could be unusable. Raymond Chen mentions it here how 3GB and PAE conflict with each other somewhat. I’m not going to dive into the subject too much as it was covered extensively by Raymond (link at bottom of post), but I wanted to show you what it looks like when…
The case of sidebar.exe not starting. Oh Snap!
Ran into a case today where each time we tried to start sidebar.exe it would fail silently. No crash to investigate, no error, so where to next? First I set an IFEO for sidebar.exe to launch windbg.exe when started, by doing this it stops at the initial breakpoint. Secondly I enabled loader snaps to show…
16 things it takes most people 50 years to learn.
Things It Takes Most Of Us 50 years to learn: 1. The badness of a movie is directly proportional to the number of helicopters in it. 2. You will never find anybody who can give you a clear and compelling reason why we observe daylight-saving time. 3. You should never say anything to a woman…
Vista Wallpapers…
http://www.hamaddarwish.com/content/index.html If you like the cool filters used in some of the vista backgrounds there are others available for high-res download. Excerpt: Below, is a photo collection of the images taken during Microsoft’s Windows Vista photo-shoot. Two of which are currently shipped in the Vista installation disk, while the rest did not make the cut…
Using Wevtutil on Longhorn server core servers to scan the event logs…
In some cases you might find that you need to scan the event logs locally on a server core machine because you cant access the server remotely for whatever reason. Wevtutil.exe is built into the OS to allow you to do just that. You can use it on regular SKUS as well like Vista and full…
These are a few of my favorite things… (Part 2)
sl.exe Download Now It’s just like portqry but with some things that make it beneficial for scripts… Much faster, multiple ports input and output via file. My syntax would be something like this for checking the ports for multiple DCs… sl.exe -f ips.txt -jops -t 88,389,3268,445 Procmon Download Now It’s like filemon, procmon, and regmon…
Mark Russinovich: Technet Webcast on Windows Hang and Crash Dump Analysis (Level 400)
For those of you out there who want to do crash and hang dump analysis this is a good technet webcast to watch, to get an idea of what you need to do to invesitgate dumps. http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=en-US&EventID=1032298076&CountryCode=US Event Overview Simulcast from Microsoft Tech·Ed 2006 in Boston, MA.Learn to analyze Microsoft Windows crash dumps, diagnose the…