www.jayntguru.com

July 20, 2010

.net health monitoring

Filed under: computer geek stuff, iis, scom — Tags: , , , , — jayntguru @ 2:32 pm

This is a little blurb I use almost everywhere for almost everything that will log all sorts of useful info about a .net app in the application log. It will grab unhandled exceptions as well as application lifetime events (app pool or domain restarts, etc.) This is a really good one to use when your devs won’t add this to the code themselves! It will work (or has for me) straight up in any .net code. All you do is place this in the web.config.

<healthMonitoring enabled="true">

      <eventMappings>

        <clear />

        <!– Log ALL error events –>

        <add name="All Errors" type="System.Web.Management.WebBaseErrorEvent" startEventCode="0" endEventCode="2147483647" />

        <!– Log application startup/shutdown events –>

        <add name="Application Lifetime Events" type="System.Web.Management.WebApplicationLifetimeEvent" startEventCode="0" endEventCode="2147483647"/>

      </eventMappings>

      <rules>

        <clear />

        <add name="Application Events" eventName="Application Lifetime Events" provider="EventLogProvider" profile="Default" minInstances="1" maxLimit="Infinite" minInterval="00:01:00" custom="" />

        <add name="All Errors Default" eventName="All Errors" provider="EventLogProvider" profile="Default" minInstances="1" maxLimit="Infinite" minInterval="00:00:00" />

      </rules>

    </healthMonitoring>

July 1, 2010

SCOM 2007 R2 – workgroup/DMZ server notes

Filed under: annoyances, computer geek stuff, iis, scom — Tags: — jayntguru @ 2:55 pm

This is harder than it should be. Here are my notes on doing this.

1. On cert server go here: http://blah/certsrv/

2. request cert. choose type other and paste in the below OID

3. OID = 1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2

4. Make sure to check key exportable. Make sure to use FQDN of server for name and common name.

5. Open up server mgt for certificate manager and approve.

6. Go back to website, install the cert.

7. Mmc, certificates for personal. Export the cert. make private key exportable.

8. Copy cert to client server.

9. On server do mmc for client, import cert, mark as exportable.

10. Run momcertimport on client, choose cert.

11. Restart system center manager service on client.

12. Wait a min and go to mom console, administration, pending management. Approve it.

13. Done!

May 26, 2010

Adsiedit.msc – where is it?

Filed under: computer geek stuff, iis, scom, scripting — Tags: — jayntguru @ 10:40 am

I was trying to use this and did not realize it was not installed. In order to get it you need to install the support tools. They are on the windows server 2003 cd, or can be downloaded here.

April 14, 2010

IIS6 potential gotcha

Filed under: computer geek stuff, iis — Tags: — jayntguru @ 4:35 pm

If you install .net 2.0 before you install IIS6 then you will not be able to see .net 2 in the allowed extensions list because it  needs to register with IIS. Here’s a screenshot where it is missing:

image

 

To resolve this, go to the following directory:

c:\windows\Microsoft.Net\Framework\v2.0.50727

Then run this command:

aspnet_regiis.exe –i

Now you can refresh the MMC and enable .net 2.0!

March 30, 2010

windows dns server and EDns – update (added namebench info/link)

Filed under: computer geek stuff, iis, scom — Tags: — jayntguru @ 10:09 am

I have had an issue with DNS server in Windows 2003 server previously that’s covered pretty well in this article by my buddy Marcus. The short version is that EDNS is enabled by default on 2003 server, and this doesn’t play well with the rest of the internet, so it’s best to turn it off if you are using windows 2003 for external (internet) DNS.

Right now I’m working on a Windows 2008 R2 server and was having similar problems that made me check for EDNS many moons ago on 2003 server. This link came up in a search and it says that they made EDNS off in 2008 RTM, but it’s back on again in R2. He includes a link to Microsoft’s KB article about EDNS. 

Luckily this is pretty easy to turn off. All you do is run this command:

dnscmd /config /enableednsprobes 0

I wanted to update this post with a link to a cool tool I have been using. It’s called name bench and it’s a DNS benchmarking tool. Works good, does exactly what you want, and the price is right.

March 10, 2010

a very cool audit utility

Filed under: computer geek stuff, iis — jayntguru @ 2:43 pm

I have been using a very cool utility for a while now that I just realized I failed to plug, it’s called Open Audit. What it does is basically is run a wmi scan on your network (it will do nmap too) and submit that data back to a mysql database through a web service. Then there’s a fancy UI that you can do searches, queries, etc.. You can get cool stuff like hardware type, see how many sticks of ram, or an IP address, or a driver, or a hotfix.

The application is written in PHP and mysql and I run the application on a windows host (it can run on just about anything) and use XAMPP, which is a pretty cool. It’s a single download that contains apache, php and mysql, all preconfigured and ready to rock and roll. All you need is some minor configuration.

While it’s pretty cool as it comes, the real power is that you can modify it all you want. So what you can do is take one of the default “views” such as list_viewdef_all_servers.php. If you open it, there’s a sql query inside that looks like this:

SELECT * FROM `system` WHERE (system_os_name LIKE ‘%Server%’)

Then you can copy/rename the page and modify that query however you like. Here’s a modification that I made so I could find servers on our internal (but shouldn’t be) net.

SELECT * FROM `system` WHERE (system_os_name LIKE ‘%Server%’) AND net_ip_address LIKE ‘192.100%’

After doing this for every custom query that I wanted, I realized that all of this data is in a mysql database. This allows you to run queries straight up, and since you used XAMPP, well you can then log in there, choose your database, find the query window, and paste your sql query right there and get the results on the spot. It’s pretty cool.

This now leads me to a gotcha I encountered today while doing my own query this way. What I had was a query that looked like this:

SELECT * FROM `system` WHERE (system_os_name LIKE ‘%Server%’) AND net_ip_address LIKE ‘192.100%’

And I was trying to find a subnet that was 10.1.13, so I made the query like this:

SELECT * FROM `system` WHERE (system_os_name LIKE ‘%Server%’) AND net_ip_address LIKE ‘10.1.13.%’

This kept returning zero results, which I knew was not the case. After looking at the data, I saw that the IP addresses were stored like this:

010.001.013.xxx

As a result I had to change my query to look like this instead:

SELECT * FROM `system` WHERE (system_os_name LIKE ‘%Server%’) AND net_ip_address LIKE ‘010.001.013.%’

wsus and cloning vm’s

Filed under: computer geek stuff, iis, scripting — jayntguru @ 11:50 am

I am currently working on WSUS (windows software update services) here at work, for the most part I’m following this excellent article at Ars. After screwing around with this for much longer than I should have, I was having issues with about half the servers not showing up in the WSUS console. Many things could have been the culprit and I checked them all.. group policy, dns, firewall rules, etc. What was the most frustrating was that I could see the clients touch the WSUS server by looking in the IIS logs, and there were no errors whatsoever, but half the servers wouldn’t show up.

Eventually I realized that it was exactly half of the servers and a light bulb went off. In our environment we have a bunch of web and app servers that are all virtual, and when we build them, we get the first node working right, and then clone and rename the vm to be the redundant node in the farm.This lead me to do some searching and I found this link. Admittedly, this is an old problem, but the first time I have run across it.

The following is a repost of the pertinent bits that have caused my trouble and are the resolution for it.

5. Imaged clients with a duplicate client ID will only appear once in the WSUS Admin Console. Each AU client must have a unique id which is created for each individual install. When imaging systems it is recommended always to use SysPrep. The WSUS admin console will only display one client for each unique ID. If you have multiple clients created from one image which are sharing the same ID, only one will appear in the WSUS admin console. All clients will check in and download updates, but only one will appear and display status in the WSUS admin console. In cases where clients are not checking in, and they were created from images without running SysPrep, the following steps will reset the existing duplicative client IDs.

a. Run regedit and go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate

b. Delete the PingID, SUSClientID and the AccountDomainSID values

c. Stop and start the Wuauserv Service

d. From the command prompt run: wuauclt /resetauthorization /detectnow

or-

From the command line, once you are sure the AU client is properly configured and not disabled, you could run a batch file (which might look something like this sample) and get the same results:

rem Fixes problem with client machines not showing up on the server due to imaging method

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v AccountDomainSid /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v PingID /f

reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate /v SusClientId /f

cls

@echo Triggering detection after resetting WSUS client identity

net stop wuauserv

net start wuauserv

wuauclt /resetauthorization /detectnow

January 12, 2010

follow me on Twitter

Filed under: computer geek stuff, iis, scom, w7 — jayntguru @ 10:24 am

I have finally given in and put my stuff on Twitter. The stuff there will mostly be more tech in nature.

January 5, 2010

IIS – which app pool is which?

Filed under: computer geek stuff, iis — jayntguru @ 3:56 pm

With IIS creating w3wp.exe’s for all of your apps (for which you have created a non default app pool) it is nice, but it’s impossible to tell exactly which is which. Microsoft includes a handy tool to do this with it’s in: %systemroot%\system32\iisapp.vbs (You may need to run it with cscript.exe if that’s not your default for .vbs).

Sample output:

C:\WINDOWS\system32>iisapp
W3WP.exe PID: 2028   AppPoolId: DefaultAppPool
W3WP.exe PID: 20224   AppPoolId: Autotransactiondocs
W3WP.exe PID: 17480   AppPoolId: IRAppPool

C:\WINDOWS\system32>

Oh, this is for Windows Server 2003 (and r2) only.. does not work with 2008 variants.

.net coding advice = do not enable debug in production!

Filed under: computer geek stuff, iis — jayntguru @ 12:12 pm

This seems like a simple thing, really, but every single place I have worked that developed .net code has had this problem, and for some reason, devs don’t seem to get it. (It has been an uphill battle everywhere I have found it with resistance from devs. Why??)

Usually the symptoms start out with scaling issues in production, you’ll see things like threads running out, connections not being closed, and general poor application performance. You can track these down and eventually you will find that in the web.config the setting “debug=enabled” is in there. It is this way because it is the default when you create a .net application. YOU DO NOT LEAVE IT LIKE THIS IN PRODUCTION. When you do, bad things happen, such as timeouts all being set to infinite. Here’s an article with a complete list and some more info.

Depending on whether or not your organization pushes the .configs with the applications (this is a religious discussion in itself.. I recommend not pushing the configs with every build for reasons like this), then when you do your next code push, the process repeats because of this value being set improperly again.  The way to fix this for good is that in the production environment, you make a change to the machine.config to enable “retail” mode, which disallows debug from being enabled, regardless of what is in the application’s web.config.

<configuration>

<system.web>

<deployment retail=”true”/>

</system.web>

</configuration>

In my opinion, setting this in the machine.config should be part of the default build/installation/configuration of any production webserver.

Older Posts »

Powered by WordPress