December 12, 2010

There are currently no logon servers available to service the logon request - The bane of rouge firewall rules



I always dreaded seeing this msg because in my experience, there can be different reasons that cause this msg and the solution might not be so outright. Usually this also means you will need to use the server's local administrator account to login for troubleshooting.

My main experience is if I can still ping the DNS server and gateway from the affected server, an unjoin followed by rejoin of the server to the domain (the computer account might need to be deleted) will resolve the issue.

December 6, 2010

Why are my folder shares not working on MS clustered servers?

Folder/File shares in MS clustered servers should not be done the same way as normal file shares.

Case in point: Few months back, I setup a pair of servers for MS cluster. Application team sent in some requests for folder sharing, which I did using the normal explorer method. On a few occasions, the application team had feedback that the shares were missing. When I went in to check, the folders were missing the "hand" icon to indicate they were shared. Everytime I reshared again, the application team will report the same issue a few days later.

It was puzzling to say the least. So I did some investigation and found that everytime the cluster active node fails over to the second node, the shares will be gone. So further research gave the answer - that file shares in clusters should be treated as a type of resource and should be done through "File Share" resource in Cluster Administrator.

Mystery solved and after implementing the file shares in Cluster Administrator, the issue never came back anymore.

Symptoms
  • Folder/File shares in clustered servers disappear, especially after a cluster failover between nodes
  • Issue persists even after folders are reshared

December 5, 2010

I need a solution for indirectly publishing an application on Citrix Presentation Server (using shortcuts!)

*Update* 30/07/2017 : This article was originally done on Citrix Presentation Server, the referenced Citrix article has been updated to XenApp 5.0, I believe it should still work for later versions of Citrix as theory should still be the same. Give a shoutout in the comments if you have tried this recently on newer XenApp versions and still works!

This was an interesting case. An application team approached me to publish their application client using our Citrix Presentation Server. In most cases, we will collect some basic information on the application client like
  1. the estimated max no. of concurrent application users
  2. active usage period
  3. client process load
  4. usage within/outside office environment (for separate Citrix farms)
However, this application's client had a special requirement - it needs to locally access the application's backend data warehouse, there was no way to redirect the access if the data warehouse was housed on a separate server.

December 2, 2010

My physical server does not respond to remote crash dump!

We use mainly HP servers as our Wintel and ESX hardware. We sometimes have to do crash dump if a server stops responding so that Microsoft can do an analysis of the memory dump. Normally if the server is located on the same site as where I am situated, I will do the usual CTRL + SCROLL LOCK + SCROLL LOCK combination on the keyboard.

But what happens if the server is on another remote site? Being the lazy system admin, I looked for a way to do remote crash dump without having to travel down to the other site. Fortunately for me, when there is a will, there is a way. This method uses the HP server's own iLO GUI for remote generating the crash dump, using the Non-Maskable Interrupt (NMI) switch.

But first, the complete memory dump option must be enabled on the server, and the paging file must be at least the size of the physical memory ram + 1mb. MS also recommends to be at least 1.5 times the physical memory.

The steps listed will require reboot. Hence they should be done before the system has any issue, or to be set later and wait for the issue to occur again.

December 1, 2010

How do I find an account with the SID?

Recently after our DR exercise, there was an issue. The swing to DR was successful and tested, but after the swing back to Production, one of the folders on a mounted disk had a missing local account permission and one extra permission which is pure SID. I had to identify whether this SID was the missing permission.

After some quick research, I found a good article from the Scripting Guy that teaches how to identify an account with its SID, and vice versa.

Turns out the SID was the local account of the DR server. I suspect the account must have synced back as part of data return from DR to Production. However, as to why the original Production local account was missing, I could only hazard a guess that someone must have removed it during the DR exercise while adding the DR local account, because it would have appeared as a SID too in the DR server.