[SOLVED] Warning -- The IO operation at logical block address for Disk was retried.

April 16th, 2016 by Andrea Matesi 104 Views

 

Someday my Event Viewer started throwing me warnings as follows:

image

The IO operation at logical block address 3b9e1628 for Disk 1 was retried.

The above error seems due to a timeout while reading (or writing) data to “Disk 1”.

Since then, my Event Viewer –> Windows Logs –> System, got flooded!

Broken disk?! Nope…

 

How to match Disk No. to “System” Event Viewer.

BTW, which hdd is “Disk 1”?

After a fast search, technet pointed me to the following post:

http://social.technet.microsoft.com/Forums/en-US/winserveressentials/thread/87f7768d-97e7-475a-81d5-5b6b8f6c913d

The technet poster says that you can match “Disk 1” by browsing to the following key (on “regedit”):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\disk\Enum

In my case I found a list of REG_SZ as follows:

image

As I said, the Warning seems due to a timeout.

I discovered 2 possible solutions to fix the issue.

 

1.“bcdedit /set disabledynamicktick yes”-Solution.

First, I tried what documented at the following address:

From:”http://roger.dilsner.com/windows-8-error-the-io-operation-at-logical-block-address-for-disk-was-retried/”:

  1. Running the command prompt as admin
  2. bcdedit /set disabledynamictick yes
  3. Reboot the computer.
  • In my case, setting “bcdedit /set disabledynamicktick yes” solved my issue.

 

2.“HKLM\System\CurrentControlSet\Services\Disk\
TimeOutValue”-Solution.

If bcdedit didn’t solve your error, then you may wish to increase the “TimeOutValue” from the registry, as documented at the following address:”http://support.microsoft.com/kb/2806730”:

To set the disk.sys TimeOutValue value, follow these steps:

  1. Start Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press Enter.
  2. Locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Disk
  3. Locate TimeOutValue.
  4. On the Edit menu, click Modify.
  5. In the Value data box, type the desired number of seconds.
  6. Exit Registry Editor.

The Microsoft Support article suggests to set the TimeOutValue:”no greater than 20 to 30 seconds”.

You are welcome to share what worked for you!

Posted in Microsoft, System Administration | No Comments »

11 exim cpanel golden checks for quick mail troubleshooting.

March 19th, 2016 by Andrea Matesi 100 Views

 

The following is just some random advice derived from my experience on dealing with email-related issues.

More specifically, here I’ll be referring to exim (a very popular mail daemon), Cpanel/WHM & CentOS.

  1. Check if the user & password combination is correct.
  2. Check if the SMTP Authentication is enabled.
  3. Check if the User’s mailbox is full.
  4. Perform an nslookup of the domain thru a public DNS Server.
  5. Perform an nslookup of the MX RRs thru a public DNS Server.
  6. Verify that the SPF RR is applied to the domain.
  7. Telnet (or putty with the telnet option enabled) to the destination server address to see if it answers.
  8. Check if the domain name is present inside /etc/localdomains.
  9. Check the logs with exigrep /var/log/exim_mainlog.
  10. Check with vi /etc/userdomains
    Look for some blank spaces or broken lines near the domain that is having incorrect authentication data issue error 535
  11. Check whether the folder “etc” within /home/”cpanel-username”/etc/ is owned by cpanel-username:mail
    If it is not then change it with:
    chown username:mail /home/username/etc/ -R

Hope you might find those useful & feel free to share your own special/unique checks on the comments section.

 

Posted in LINUX, System Administration, Tips and Tricks. | No Comments »

Remove & Reset Folder Redirection from a Profile.

February 20th, 2016 by Andrea Matesi 234 Views

 

In case you’ve been Folder Redirecting any User’s Home Folders and along the way you’ve decided it’s not you cake, to restore your User’s profile to its original shape, there are some things you can do.

Since Folder Redirection is a complex (and sometimes convoluted) topic, I don’t mean to be 100% exhaustive (but I’ll try).

 

How to Reset Folder Redirection.

To disable Folder Redirection for (any) User Profile,

  • Make sure you first save an additional copy of the profiles’ files into a Fat32 External USB Hdd.

Then, assess the nature of the redirected folders:

  • Which Folders have been redirected?
  • Where have they been redirected to?

Once you have an idea of which folders were redirected, on the DC (or on your RSAT Console):

  1. Run gpmc.msc & Locate/Edit the FR GPO.
  2. Make sure your GPO has “Revert files to the original location”-option flagged.
  3. Revert the Group Policy setting for 1 User.
  4. gpupdate /force
  5. Restart the affected workstation.

Provided your GPO has “Revert files to the original location” set to Enabled, the above steps will restore your User’s Redirected Folders to their original location.

Do not rush and disable FR for ALL/everyone.

Start small, remove FR from only one User and adjust the procedure for your unique scenario.

If it works then no need to manually restore the profiles from the Fat32 External USB Hdd.

Go on, disable FR for all your Users and you should be done!

 

What if…

If “Revert files to the original location” is set to Disabled (as per SBS-default -- including Windows Server Essentials 2012), then undoing FR won’t revert your User’s Folders.

Said in other words, your User’s Folders won’t be “moved” off the File Server and back into their original location(!).

This is why I’ve urged you to create a copy of your User Profile to a FAT32 Filesystem (so the User’s folders permissions get “sanitised“).

 

Manual Restoration :)

Now, IF FR has been applied to the usual (I’d say safe) candidates (let’s assume “Documents”, “Pictures” & “Downloads”), then the manual restoration process should be easier and shouldn’t involve regedit.

Proceed as follows:

  • Disable FR for that specific profile (as described above).
  • gpupdate
  • Reboot the computer.
  • (On the workstation) verify the location of Documents, Pictures & Downloads.

To verify the location of Documents, Pictures & Downloads, on a User Workstation:

  • Win + E & Go to “C:\Users\%username%”
  1. Right Click on each of the redirected folders (ie. Documents, Pictures, Downloads, etc.).
  2. Click on Properties.
  3. Click on the “Location”-Tab to verify the folder location.

Repet Steps 1..3 for each redirected folder to verify the Folders location.

  • IF the Location is not correct (ie. it points to a file server…), Then Click on the “Restore Default“-Button.

That will restore your Redirected Folders to their default locations (ie. “C:\Users\%username%\Documents”, “C:\Users\%username%\Downloads”, etc.).

 

My User Profile is a total mess!

If your Favorites and Libraries are broken/missing too, you may restore them as follows:

  • (On Windows Explorer)
  • Right Click on “Libraries” & Click on “Restore default libraries”.
  • Right Click on “Favorites” & Click on “Restore favorite links”.

 

Still reading?

Now your last step should involve a restore of your offline backup copy.

At the beginning I suggested you to copy the User’s Folders into a Fat32 Filesystem.

  • It is now time to restore those files to the Local User’s Home.

 

AppData Roaming AppData Roaming AppData Roaming.

In case Appdata has also been redirected you’re fckued :P, you will have to perform additional steps:

While performing a backup copy, make sure you also copied over the \Appdata\Roaming folder (ie. “C:\Users\%username%\AppData”), please refer to the beginning of the post -- “How to reset Folder Redirection“.

Assuming you successfully restored \Appdata\Roaming.

  • Run “regedit”
  • Search for all the locations referring to the remote File UNC (ie. \\dc02\home).
  • Manually (and carefully) adjust all the locations accordingly (ie. change each “\\dc02\home“-entry To “C:\Users\%username%\AppData\Roaming”).

For reference, you’ll find within the following regkeys the User’s Paths.

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]

Please remember that From Windows XP to Vista+, the default location of some folders have changed (for the better):

Folder Windows XP Path Windows Vista/7/8/8.1 Path
AppData %USERPROFILE%\Application Data %USERPROFILE%\AppData\Roaming
Cookies %USERPROFILE%\Cookies %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
History %USERPROFILE%\History %USERPROFILE%\AppData\Local\Microsoft\Windows\History
Local Settings %USERPROFILE%\Local Settings %USERPROFILE%\AppData\Local
Documents %USERPROFILE%\My Documents %USERPROFILE%\Documents
NetHoos %USERPROFILE%\NetHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
PrintHood %USERPROFILE%\PrintHood %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Recent %USERPROFILE%\Recent %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
SendTo %USERPROFILE%\SendTo %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu (FWIW…) %USERPROFILE%\Start Menu %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
Templates %USERPROFILE%\Templates %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
Temporary Internet Files %USERPROFILE%\Temporary Internet Files %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files

Happy reg-editing and don’t break stuff.

Remember -- for every step you take, make sure you can always undo.

As always, expert input welcome.

SRC:

Shell Folders VS User Shell Folders: http://blogs.msdn.com/b/oldnewthing/archive/2003/11/03/55532.aspx

http://ss64.com/nt/syntax-folders.html

Posted in Microsoft, System Administration | No Comments »

[Solved] Macbook Pro erratic behaviour with bottom cover IN.

January 9th, 2016 by Andrea Matesi 156 Views

 

I successfully replaced a liquid-spilled Macbook Pro Logic Board, specifically an A1278, which is the Mid-2010 model.

After replacing the Logic Board (and re-connecting all the connectors), I turned the laptop ON and it behaved perfectly.

  • The problems appeared once I screwed the bottom cover to the case!

After I turned the Macbook with the bottom cover ON, I experienced the following problems:

  • The fan was blowing at full speed.
  • The Cursor moved slowly (ie. scattered).
  • While Shutting the System down, it turned back ON automatically!
  • It was bloody slow!

The previous issues disappeared as soon as I removed the back cover, so I thought it should’ve been something related to it.

I searched on Google and after some time I found this magnificent Apple Support post by “averagedude” (or should I say awesomedude): https://discussions.apple.com/message/12340188#12340188

So, armed with some good old black electrician duct tape, I covered all the unprotected MB connectors.

On my specific case, I reckon the problem was related to the power connector: because of the liquid spill, the power connector “sponge” absorbed all the liquid and it reduced in size (and so it didn’t protect the power connector anymore).

By screwing the bottom cover to the case, somehow, the metal from the back cover touched the power connector (this should also explain the erratic shutdown…).

Can I say problem solved?!

Next please!

Posted in dirty hacks | No Comments »

5,000 free Star Citizen credits.

December 20th, 2015 by Andrea Matesi 284 Views

 

 

Become a Star Citizen by using my referral link and get 5,000 free in-game Credits.

  • https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4

 

To get 5,000 free UEC in-game credits, please refer me by joining Star Citizen with the following link:

  • https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4

 

What will you get?

  • 5,000 UEC in-game credits.
  • The Best Damn PC Game/Space Sim ever.
  • Premium “CRYSIS”-engine-based FPS experience.

 

What will Andrea get?

  • In-game perks (ie. no in-game credits) -- see here for full list of perks: https://robertsspaceindustries.com/referral-program

 

Hope you won’t miss this opportunity -- https://robertsspaceindustries.com/enlist?referral=STAR-26K6-PTP4

See you “in the ‘verse“!

Posted in Games | No Comments »

How to setup Per-Computer “Local Admins” on a Domain.

December 19th, 2015 by Andrea Matesi 338 Views

Veggies.

This post is a humble summary of Alan Burchill’s brilliant post published at the following address in 2010:

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/

Alan is the überhero (& self-declared genius…), so please thank him for his precious time and effort.

Alan’s methods reconnects to one of my previous articles were I talked about granting Local Admins credentials to Domain Users.

Here: http://www.pwrusr.com/?p=1534 AND here: http://www.pwrusr.com/?p=1681

Despite the method I discussed above are still valid as of today, IMHO, Secure Local Administrators a-la Alan-way is still the Best method.

Withoud further ado, I’ll just summarise what he’s explained on his post(s).

I’ll also assume you’ve designed a “proper” (best practice) Active Directory structure, namely by creating some OUs to organise “Groups of Computers” (ie.: “Laptops”-OU, “Servers”-OU, etc.).

 

Red Meat.

The whole point of Alan’s article allows you to granularly grant “Local Administrator”-Permissions to select Users, by mapping one to one relationships.

In other words, inside an Active Directory Domain, one designated User should be also “Local Administrator” of his [designated…] Computer -- this way all y’all pwrusrs out there can enjoy a certain degree of privileged of freedom :).

Not only that, you can also designate more than 1 User as Local Administrator of the same Computer.

 

How to setup Per-Computer “Local Admins” on a Domain.

  • The very first step involves creating some Groups inside any of your designated OUs (say “Laptop01_Administrators”, “Laptop02_Administrators”, etc.).

Inside each of those Groups, you will place the Users capable of Locally Administering their Computer.

The idea here is:

  1. To use as less GPOs as possible.
  2. To avoid the “Restricted Groups” feature offered by Group Policy.
  • Run gpmc.msc, create a new Group Policy Object and link it to your DOMAIN (refer to p.2).
  • “Edit…” your new Group Policy as follows…

image

1. Browse the “Computer” –> “Preferences” –> “Control Panel Settings” –> “Local Users and Groups” tree.

 

image

2. On “Local Users and Groups”, Right Click on the white area and select “New” –> “Local Group”.

By so doing, you will update the “Administrators” Local Group Members (which by default is built in into each computer -- including Domain-Joined ones).

 

image

3. On the “Group Name”-dropdown, Select “Administrators (built-in)”.

 

Now “Add…” the built in Administrator Account to the Local Group:

image

Flag the “Delete all member users” & “Delete all member groups” checkmarks (ie. tick them), then click on the “Add…”-Button, copy/paste “BUILTIN\Administrator” (without quotes) and Press the “OK”-Button twice to confirm your selections and Close the “New Local Group Properties”-dialog.

 

Fish.

Next you will specify who will be the Local Administrator for any of your Computers.

Please refer to Alan’s post for a detailed explanation about the settings I’m about to use:

http://www.grouppolicy.biz/2010/01/how-to-use-group-policy-preferences-to-secure-local-administrator-groups/2/

 

Repeat Steps 1..3 and Add a New Local Group as follows:

image

Again, Select “Administrators (built-in)” from the “Group Name” dropdown.

 

This time DO NOT Check the “Delete all member users” & “Delete all member groups” Checkboxes (ie. leave them unchecked).

image

Click on the “Add”-Button and this time specify the Groups to which you wish to grant “Local Administrators” permissions.

 

Now, provided your Computer Groups were named as I suggested earlier (at the beginning of this post), you will Add something similar to the following:

image

“%DomainName%\%ComputerName%_LocalAdmins” (without quotes).

Please note: the previous entry encompasses ALL your Computers Groups (unless you wish to manually specify them, that is).

  • %DomainName% represents your Domain Name.
  • %ComputerName%_LocalAdmins includes all your Computer Groups.

Now you may wish to repeat the previous steps by including the Domain Admins.

While your next step could be to grant your desired Users membership to the “%ComputerName%_LocalAdmins”-Groups (ie. “Laptop01_Administrators”, “Laptop02_Administrators”, etc.).

[BONUS} wash, rinse & repeat for Remote Desktop Users ;-)

[BONUS No.2] Say you wanna be pesky about whom to grant Local Admin Permissions.

In this case, you might choose to designate an additional AD User (“JohnAdmin”), which would have the same rights as the Standard AD User (say “John”), but -- in addition, he’d also get membership to the “PC01_LocalAdmins”-Group.

This way, whenever John is prompted by UAC (say b/c he’s trying to setup 7zip or run stuff “As Administrator”), he may just simply type “JohnAdmin” as User (w/related password), without opening a new Support request!

Kudos to Alan Burchill and feel free to comment below.

Posted in Microsoft, System Administration | No Comments »

3 commands to INSTALL Unsigned Drivers (by disabling driver signing w/bcdedit).

December 16th, 2015 by Andrea Matesi 2962 Views

 

RUN “CMD” As Administrator.

First things first -- run a command prompt As Administrator!

[Win 7] Win + R -> cmd -> CTRL + SHIFT + ENTER

[Win 8/8.1/10] Win -> cmd -> CTRL + SHIFT + ENTER.

[GUI]:

01.run-cmd-as-admin

02.run-cmd-as-admin

 

To DISABLE “Driver Signing” (so you CAN install UNSIGNED Drivers):

1) Disable “Integrity Checks“.

2) Enable “Test Mode“.

3) Restart your System.

Copy-Paste code to install unsigned drivers:

bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING ON
shutdown /r /t 0

# above commands will:

  1. “DISABLE Integrity checks” so unknown drivers could be installed.
  2. Allow “Test” signatures.
  3. Restart your computer.

 

 

To ENABLE “Driver Signing” (so you CAN’T install UNSIGNED Drivers):

1) Enable “Integrity Checks“.

2) Disable “Test Mode“.

3) Restart your System.

Copy-Paste below code:

bcdedit -set loadoptions ENABLE_INTEGRITY_CHECKS
bcdedit -set TESTSIGNING OFF
shutdown /r /t 0

# above commands will:

  1. “Enable Integrity checks” so unknown drivers won’t be installed.
  2. Disable/Disallow “Test” signatures.
  3. Restart your computer.

Posted in Tips and Tricks. | No Comments »

Early look at containers in Windows Server, Hyper-V and Azure – with Mark Russinovich

November 23rd, 2015 by Andrea Matesi 258 Views

 

 

Early look at containers in Windows Server, Hyper-V and Azure – with Mark Russinovich.

Interesting -- have a look!

Posted in NEWS | No Comments »

my favourite “mysqldump” options.

November 15th, 2015 by Andrea Matesi 240 Views

 

MySQL Tools & Co. are very nice and smart toys, ‘though sometimes DB Admins like to overcomplicate things that should be easy and simple.

Over time and experience, I developed a specific taste for the following mysqldump options:

mysqldump -u root -p -- -add-drop-databases -- -add-drop-table -- -databases DB_NAME > filename.sql

Beware of the dreaded “- -“.

This command simply dumps ALL the DB data into a single file, but the best part is the “--databases” option, that enables (even if dumping a single DB), the insertion of the “CREATE DATABASE DB_NAME” statements (very useful indeed!).

A pwrusr’s most common operation: I want to dump a “whole db” (why?) -> I want to import it as a whole into another place, and that’s it!

 

[BONUS] copy database from one server to another:

mysqldump –user=root –password=P@ssw0rd -- -add-drop-databases -- -add-drop-table -- -databases DB_NAME | mysql -h my-remote-host-3 –user=root –password=remote-host-3-mysql-password DB_NAME

Automate backups to a specific user for cron-enabled dumps.

1) Create the bck-usr on mysql.

2) Grant some permissions to the user needed to perform the automated backups.

GRANT SELECT,LOCK TABLES ON mydb.* TO bck-usr@pwrusr.com

flush privileges;

3) Put your script into crontab!

Posted in DBs, DEV | No Comments »

Thinking of SHA512 for your PKI? Think again.

November 9th, 2015 by Andrea Matesi 440 Views

 

 

  • If you are in the process of deploying a new CA, and you are thinking of issuing Certs that use SHA512 Hashes, think again!

(From https://support.microsoft.com/en-us/kb/2973337):”If you currently use SHA512 certificates, and do not have this update installed, you may have problems in one or more of the following scenarios by using TLS 1.2:

  • Internet Protocol security (IPsec) stand-alone
  • IPSec with DirectAccess
  • Microsoft Lync Server 2013
  • Remote Desktop Services (RDP)
  • SSL websites
  • SSL based VPN
  • Web applications”

(From https://support.microsoft.com/en-us/kb/2973337).

The affected products/features list is “quality vs quantity” (re-read it!) and lots of super-important components will break (including Windows Updates under certain conditions!).

Don’t misunderstand me -- Computers’ security is important, ‘though, at times, it is imperative that things “just work”.

 

Lessons learned.

If you seek wider compatibility over stronger security (while provisioning a new CA), then you should consider SHA (or SHA256 given SHA will be decommissioned starting from 2017) and RSA 2048 (or 4094) bits.

If you still seek greater security, then I recommend you to consider SHA256 (or SHA384 if you must), perhaps with Elliptic Curves instead of RSA (‘though that will open another possible “can of shiny new eels”!).

Posted in Microsoft, System Administration | No Comments »

« Previous Entries