31 August 2006

vbscript: dumping printer published in AD

If like us, you have a cluster as printer server, you have noticed that you can't dump printer info from wmi. This is referenced at Microsoft.

Else, you can dump them if they are published in Active Directory.

The following script works great on a W2K3 AD (with a W2K3 cluster):

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select printerName, serverName from " _
& " 'LDAP://DC=mydomain,DC=com' where objectClass='printQueue'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
Wscript.Echo "Printer Name: " & objRecordSet.Fields("printerName").Value
Wscript.Echo "Server Name: " & objRecordSet.Fields("serverName").Value

Sending mail through vbscript natively

For those who want to send mail direclty from a vbscript, but without any third damn thing, here is a great function:


Sub SendMail
Set objEmail = CreateObject("CDO.Message")
objEmail.From = me@me.com
objEmail.To = "you@you.com"
objEmail.Subject = "this is my subject"
objEmail.Textbody = "this is my body"
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "mail.mydomain.com"
objEmail.Configuration.Fields.Item _
("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
Set objEmail = Nothing
End Sub

tested on XP, 2000, 2003, without Outlook installed, and without any  access to internet

30 August 2006

Force WSUS client update

here is what you would put in a script to force immediate WSUS checkup by client:
net stop wuauserv

REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v LastWaitTimeout /f

REG DELETE "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v DetectionStartTime /f

Reg Delete "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v NextDetectionTime /f

net start wuauserv
A more lightweight command:
wuauclt /detectnow

29 August 2006

TSE License headache ? take a pill!

If TSE License is pain for you, read this!
The grace mode is 90 Days. So you may not notice that you are in the grace mode...until the next 91 Days!.
TS Server may auto locate the license server, but you can set it manually; see KB 239107.
The big road:

Add the following value:
Name: DefaultLicenseServer
Data type: REG_SZ
Data value: ServerName

To make a workstation working again immediately, you can reset it's token. Upon the next connection, the station will generate a new token that will be in grace mode for 90 days.
The key to delete:

If you are on a per user mode, TSE doesn't count users. So it's just a declarative status.

VBScript : add folder to outlook

I just answered to a request on a mailing list. It looks simple to add a folder to the inbox, but I needed some time before getting it right..

On Error Resume Next

set olApp = CreateObject("Outlook.Application")
set inbox = olApp.GetNamespace("MAPI").getDefaultFolder(6)
set temp5 = inbox.folders.add("Added by vbscript",6)

6 is for the inbox

chkdsk VS O&O Defrag : who is right ?

I am a bit perplexed today..

When doing a chkdsk in read-only on our cluster filer, no error.

Now If i do a "check of error" through O&O, it complain that the FileSystem is damaged...

I contacted O&O support,it's not possible to get more details about which error it find. It just complain.

I Contacted PSS to ask about hidden read-only option, but they don't seems to have.

O&O Support says they do a deeper check.

Well, i fired up O&O without error checking, that should not be serious error since chkdsk find nothing.

I wouldn't notice much normally, except we just had a big issue with security descriptor last week, which we noticed thanks to O&O error checking !

Life is too bad!

27 August 2006

my first news with Windows Live

If you can read tis, it should work!

CHKDSK / SD : Resolved

hello all,

We worked this saturday to resolve our security descriptor issue.
What we did:
-Backup via backup software
-Snapshot on the san (two better than one!)
-We tagged the cluster partition to dirty with fsutil
-Moved the group to the other cluster node
-Since the disk is dirty, the other node fired up chkdsk in correct mode
-Then we started the MS CorrectSD tool... Well, they do not support it...And it didn't work for us. The tool reported many errors (Skipping SD, fails to change SD).
We stoppped it before the end, since the filed known to be corrected were weird. We could open them (i mean we had access), but the security tab was completely empty (even no system).

We decided to use the FilesMapping text files created by correctSD to restore impacted folders. 80% of the problems where in a single root folder (the roaming profile one).

Guess what ? restoring with the backup software didn't correct the security tab..We decided to remove all impacted folder and then restore. That Worked !

To conclude, interesting things:
-While chkdsk reported Security descriptors errors, it didn't change anything (read only). Our backup software could correctly save the data with the associated good Security descriptors.
Only After the chkdsk in correct mode, all SD were broken.
-We fired up a chkdsk in read only after all, the bug is gone.

Maybe we didn't use correctly the correctSD tool. At least, this tool is great, it read a chkdsk dump file which contains only FilesID (numbers), and then it give you the mapping between the numbers and the file name and path. So you know which files are in troubles.

My new laptop is here !

turn the order on "urgent mode" is really efficient at Dell. At the beginning I should got it by the 19 of September.
Thanks to the urgent flag, i got it 5 days after the order :)

Guess what ? the XPS M1210 is really great! I have never seen wmare running this fast on a laptop ! going from standby to resume is instant !

This laptop seems to have the Intel VT capacity. My vmware doesn't seem put the
monitor_control.vt32 = "TRUE" .
I will try to set it manually..

and now the downsides:
-The webcam doesn't record video in resolution higher than 640x480 (photos works in 1,3M)
-I hear a noisy sound while on the AC. I will open a call to dell about it.

23 August 2006

Windows defrag on Exchange dedicated Volume : PSS answer

Copied/paste from


In some instances, I've seen a partition in which Windows reported the partition as severely fragmented. The partition only contained the Exchange database and no other files. So the question is, do we and can we perform a Windows file level defrag?


This answer is directly from Microsoft PSS.

"Based on your inquiry, I understand that you need to know if it is recommended to do a disk level defrag on an Exchange server. If I have misunderstood your concerns, please let me know.

According to your question, I'd like to point out that you can perform a disk level defrag on an Exchange server. However, if the disk holds only Exchange Server databases, it is not necessary to do disk-defragment because Exchange can do it internally. You may want to defrag the disk in order to improve the performance, but you may not see the result that you expected. Exchange uses and releases pages inside the database directly regardless the disk fragmentation. Exchange defragment is a file level defrag. Exchange online defragment will rearrange the data but not release the fragmentation space. Exchange offline defragment will rearrange the data and then release the free space. Therefore, the Exchange offline defragment is recommended. Anyway, you can do a disk level defrag after Exchange defragment if you want to do."
Best Regards,

Support Professional
Microsoft Professional Technical Support

Conclusion ?
Useless to defrag on the File System point of View.

My new laptop is on it's way

I just bought an XP M1210 from Dell :)

Since today, it's in the UPS hand !!!

On the menu:
2Ghz dual core
2G of ram
120G of disk (5400tr/mn)
GeForce 7400 turbo cache
Long life battery (9")

I am sure I will love this meal ;)

CHKDSK bug confirmed

The bug about the Security Descriptor is confirmed by PSS. Upon the bug is in the place, the following actions must be performed:

1/Stop the bleeding: new version of ntfs.sys
2/Launch MS internal Tool: CorrectSD. It will dump all impacted files and their security descriptor.
3/backup file system
4/Fire up a chkdsk /F. All impacted files will have their Security Descriptor reset to default.
5/Launch the CorrectSD Tool in modify. It will put back the good Security Descriptor.

The Bug should appear with 4 Millions files on the FS or MFT bigger than 4GB.
We have the bug with 1,5 Millions's files. This may come from a high activity on the FS (defrag during working hours, as we did with O&O).

We have planned these actions on saturday, i will keep you in touch.

ps: CorrectSD is an internal tool from MS. Ask me by mail if you would like it.

18 August 2006

CHKDSK : BUG ? KB913034

Our O&O defrag reported chkdsk error this morning on our cluster's data volume.

I run a chkdsk in read only to find out these errors.
Here is an extract of the output:
Replacing invalid security id with default security id for file 1396371.
Replacing invalid security id with default security id for file 1396372.
Replacing invalid security id with default security id for file 1429033.
Replacing invalid security id with default security id for file 1598662.
Fixing mirror copy of the security descriptors data stream.
Security descriptor verification completed.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.


I decided to open a pss call. It's not yet resolved, but we are on this track:
The Chkdsk.exe utility incorrectly identifies and resets security descriptors in Windows Server 2003

It is possible that chkdsk is reporting false errors. I just send the msrpt cab to pss (see the previous post).
I keep you in touch

full details:


You may receive a "The application or DLL C:\Windows\System32\win32k.sys is not a valid Windows image" error in MPSReport on a computer that is running Windows Server 2003 or Windows 2000

The application or DLL C:\Windows\System32\win32k.sys is not a valid Windows image. Please check this against your installation diskette.

That's not your server end of life (using msrpt often means already in troubles), it's a bug from the MSRPT himself !!

For the full details, go to :

17 August 2006

MS06-040 : Update !!!!!!!!!!!!!!!!

Botnet are on their way, it's time to update NOW !!!!!!!
Close your connections andTake your server to the fallout shelter.
Firewalls! In row ! Arm ! Fire !

Updated version of MS Connector & calendar for Lotus Notes

MS released new version of the Connector & calendar for Lotus.

No trouble so far on our production system.




08 August 2006

exmerge + domain migration = bad trip

for those that are on the way to migrate exchange mailboxes from one domain to another:
exmerge won't migrate the permissions on the calendar & co. Even if you keep the SID.
That's Bad!
Let that bad friend(exmerge) for a new one : setperm !
That great tool will allow you to set permission on calendar, contact, inbox...
The readme say things, but it worked for me with this config:
-Windows XP last update
-Office 2003 last update with CDO

Just register the dll, and use an accound that have full access to all mailboxes (not domain admins!!!).
If you have an error about a bad picture, that's because your account isn't admin of the workstation.

The only bad side is the outlook security alert (Twice per box) asking you to allow setperm to play with him :)

You may think you are out of hell...just ask your users about their filtering rules...

download setperm here: http://www.amset.info/downloads/Setperm.zip

04 August 2006

Exchange & video driver & KB 815372

read on http://support.microsoft.com/kb/815372/en-us

MS recommend to remove any video driver other than the default video driver.
They also recommend to add /BASEVIDEO to the boot.ini.

You may take 1000 System TPE !!

02 August 2006

unknown tool from MS : lookout !

no i didn't type wrong, it's not outlook !

This plugin allow instant search in the outlook client in all folders, attachement included !

the old version is here:

the last version is here:

I personnaly use the old one on Outlook 2003

post domain rename SMS / IIS / WSUS down

after renaming our AD Domain, the reinstallation of SMS didn't succeed.
WSUS wasn't working anymore.

My research lead me to the following KB(913441): http://support.microsoft.com/default.aspx?scid=kb;en-us;913441

The source of our problem came from IIS (which explain why WSUS stopped working on the server too).

I contacted MS to get the fix, it worked great on our server.
Contact me if you need the patch

Alias dns on netbios name to access share

if you need to access both \\server and \\server3 which point to the same server, you won't be able. You will get an error message, saying there is a duplicate name on the network.

This is documented on a MS KB 231208: http://support.microsoft.com/kb/281308/en-us

You will need to set the DisableStrictNameChecking.

FYI, i tested it on a Windows 2003 cluster (file server) with success

Windows mobile activesync hour format bug

On Qtek M3000, on the french locale:

When you want to set the peak hours, you may be blocked on a 12 hours based schedule but without the AM/PM choice. Every other hour format is on a 24H based!
Yes, it block on the AM part.

On the regional setting, choose AM and PM on the hour tab.
AM and PM will display nowhere, except on the peak hours setting !

Update about the MS Connector & Mailbox Migration

if you face Lotus crashing while migrating mailbox, you should have a look at :

He found the solution : put the connector on one server, and do the migration on another !!!