Active Directory FSMO Errors

Today while trying to demote a domain controller I received an error:

The directory services is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles.

Running dcdiag /v yielded an error like the following:

Ownership of the following FSMO role is set to a server which is deleted or does not exist. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=Infrastructure,DC=DomainDnsZones,DC=mydomain,DC=local FSMO Server DN: CN=NTDS SettingsADEL:464a6261-2c82-4ac1-b2b2-144d2e5e1b74,CN=SOMEOLDSERVERADEL:27fa192a-1f79-4a62-9557-d14ce99406d9,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=local User Action: 1. Determine which server should hold the role in question. 2. Configuration view may be out of date. If the server in question has been promoted recently, verify that the Configuration partition has replicated from the new server recently. If the server in question has been demoted recently and the role transferred, verify that this server has replicated the partition (containing the latest role ownership) lately. 3. Determine whether the role is set properly on the FSMO role holder server. If the role is not set, utilize NTDSUTIL.EXE to transfer or seize the role. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. 4. Verify that replication of the FSMO partition between the FSMO role holder server and this server is occurring successfully. 

The SOMEOLDSERVER reference in the above was indeed an old server that died long ago. Since I thought I followed all the proper instructions for removing a dead domain controller I was surprised to see this was lurking in the metadata after all these years. Much research identified excellent posts and discussions including http://goo.gl/yXSbe3 and http://goo.gl/WEgj8o, the latter of which pointed me to a VB script in http://support.microsoft.com/kb/949257/en-us that when run against DC=DomainDnsZones,DC=mydomain,DC=local (from the output above) corrected the error and subsequently allowed the DCPROMO to run successfully. I hope this post helps save someone the couple of hours of struggling I went through.

Windows Installation from USB Key

I was installing Windows 7 to a fresh hard disk from a bootable USB. When selecting the disk/partition onto which it should be installed I was met with an error about not being able to find a system partition. I followed several guides to no avail but eventually found the following instructions which worked perfectly:

  • Boot Windows installation from USB drive
  • Press Shift+F10
  • In console type diskpart.exe and press enter. In this program execute the following commands:
    • select disk=0
    • create partition primary
    • select partition=1
    • active
    • format fs=ntfs quick
    • assign drive=c
    • exit
  • Navigate to USB flash drive, in my case type: e: (could also be d: e.g. if you don’t have an optical drive)
  • xcopy e: c: /e /h /k
  • cd boot
  • bootsect /nt60 c:

Remove USB drive from computer and restart.
Install Windows as usual.

To remove the unnecessary menu item from the boot screen:

  • Run cmd.exe as Administrator
  • See boot menu list bcdedit
  • Find Windows Setup and copy identifier
  • Run bcdedit /delete {identifier}

Thanks to http://goo.gl/BXw5qR for their great guide!

VMware ESXi Corrupted iSCSI Datastore

Terrible scare yesterday. I rebooted my ESXi server, which hosts several critical systems, and ESXi didn’t recognize the iSCSI datastore. It could see the iSCSI LUN, but attempts to add it as a new datastore warned that all data would be destroyed. Backups were available but I’d rather have (a) found out what the problem was/why it occurred and (b) fixed the problem. So started my 12-hour learning process.

This all came about because I rebooted the host in an attempt to get new vNICs working under a VLAN. Yes, holidays are a great time to play and learn, it would seem. As a consultant, I should spend even more time doing this sort of thing.

So why couldn’t VMware mount the datastore? Did something happen to it? I tried all manner of fixes, including ultimately reconfiguring my host from scratch to wipe out any traces of the old datastore in the hope that some config was corrupted, but no go. The last resort, it would seem, would be to repartition the iSCSI LUN, which to me seemed a last-gasp effort. Since I was at that stage, I followed the following instructions:

esxcfg-scsidevs -c (take note of the disk device)
fdisk -l /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787

Hmmm, this didn’t show “fb VMFS” like it should, but rather “SFS”. A quick search told me that this indicated a Windows dynamic disk. Uh oh… Rewinding a bit, a couple of weeks ago a Hyper-V Windows Server of mine had lost its iSCSI connection. The disk was there but it couldn’t access it. I saw that it was marked as, you guessed it, Dynamic! Does that mean everything is toast? I can only guess that ESXi saw the disk as VMFS since it was first created, and continued to access it as such even once Windows had marked it as dynamic. Since the Windows server didn’t really use it, odds are that the two didn’t interfere with each other except for the partition table.

Only one way to find out. I continued with the terrifying process of repartitioning the datastore:

fdisk /dev/disks/t10.F405E46494C4540096D427739387D25525F4A5D245638787
d (deletes the partition: gulp!)
n (create new partition)
p (make primary)
enter (accept default)
enter (accept default again)
t (change partition type)
fb (VMFS)
X (expert mode)
b (change beginning of partition)
1 (first partition)
128 (select secdtor)
W (write changes and exit: double gulp!)
vmkfstools -V (discover the VMFS)

At this point, in vShpere I did a Rescan on the Storage Adapters, and after clicking on Storage, to my amazement, my iSCSI datastore was there! I added my VMs to the inventory and started them up, and all was fine. Very cool.

To finish things off, I disconnected the LUN from that rogue Windows server and removed the LUN from OpenFiler so this can’t happen again. While it’s fine for different ESXi hsots to share a LUN, it’s clearly a bad idea for Windows and ESXi to try and play together…

Asus G73JH-B1: Powerhouse Laptop

Lately I have been eyeing a new laptop. My newest laptop is an Acer netbook which was bought for travelling convenience, and it serves that purpose well, having performed admirably first in Mexico, and most recently in Minneapolis. My older laptops are more powerful but still lacking. I have a Macbook Pro from late 2008 which performs well enough with a dual-core processor and 4GB RAM, but comes nowhere close to my development desktop which boasts an Intel Core i7 processor and 12GB RAM, not to mention reasonably hot graphics and two large monitors. Then there is the older HP Pavillion with a Core Duo processor and then-whopping 2GB RAM. Veritable dinosaurs compared to what’s available today.

My thoughts turned to a new laptop when I read a review of the HP Envy series. It ranked higher than current high-end Macbook Pros, and claimed very high build quality, awesome specs, and light weight. And with available Core i7 processors and four SODIMM slots for a potential 16GB RAM, this was a virtualization enthusiast’s dream machine. Until I tried to find a 17″ version with 1920×1080 screen, that is. This configuration doesn’t seem to exist in Canada, maxxing out at 1600×900 resolution. Worse, reviews were generally poor, with myriad unresolved issues. Hard to believe considering this is HP’s high-end laptop series.

I looked at many other types of laptops, including Alienware (nice, but $2500?!), Toshiba Qosmio (10 lbs?!), and Dell Studio XPS (also costly, and maxxing out at 8GB RAM). I somehow stumbled upon Asus’ G73 series which seemed a perfect fit. It has the screen resolution I wanted, 4 SODIMM slots, Core i7 processor, dual 7200 RPM drives, was reasonably priced and at 7lbs was of acceptable mass, plus it looked great, with a Stealth Bomber appearance: matte grey finish, angular edges, quite nice actually. I immediately dismissed it due to poor reviews which caused keyboard lockups, video crashing, and other system instability, but as my search hit dead ends with other vendors, I kept coming back to the Asus.

Then during another bout of laptop-obsession, I stumbled upon a thread that described a new BIOS version for the G73 series, that being v209. People seemed to hail this as a breakthrough that made their systems live up to their potential at long last. Indeed, even people who had RMA’d their units were left wishing that they hadn’t. After some reading, my mind was made up.

Best Buy had the G73JH-A1 (Intel Core i7 720 with BluRay reader) for $1500, but alas it was some special BB-only derivative that had “HD+” (900) instead of “Full HD” (1080) like I wanted. The best local price was Memory Express for $1700. I did some price-comparison because they claim to match any online or local reseller’s prices, and in doing so I stumbled across the higher-end model, that being the G73JH-B1, which is like the -A1 except it has a faster Core i7 740 processor. Now there’s probably not a huge difference between the two, but I found a -B1 online for essentially the same price as the -A1, and after Memory Express agreed to match that price and confirmed that they had a -B1 in stock, I went down today and bought one.

Words can’t describe how nice this machine is. The backlit keyboard is beautiful and functional, the display is gorgeous, and its speed is just as quick as my high-powered desktop. The fans run virtually silent and the unit is cool to the touch. While it’s not nearly as thin and compact as the Envy that I was first drawn to, I think it will be a lot more of a fit for me as I look to take my work on the road (or to a different part of my house!) And though I have only had it operational for a few hours, the machine seems stable enough, probably due to its v211 BIOS (the latest and greatest.)

While the machine is replete with crapware, I think I will resist the urge to immediately reinstall fresh. There are some very nice utilities installed, not the least of which is facial recognition automatic authentication. I will give this Windows 7 Home Premium 64-bit a fair shake before deciding what to do.

At some point I will also install the two 4GB SODIMMs which will increase my memory from 8GB to 12GB, bringing it on par with my desktop. Except this one I can take anywhere.

Camping 2.0

Traditionally, we liked to go camping with Barb’s daughter Lisa and family. They would go to Birds Hill Park every chance they get (read: whenever Mike grows weary of saying “no”) and pitch their tents. Barb and I and sometimes our kids would go for dinner and campfire, then drive home to our warm beds for a comfy sleep while they braved the elements, at the mercy of rain (leaky tents), heat from the early morning sun, and noise from the early risers. It worked out pretty well but I always felt we were missing out on some of the fun, but Barb is just not a camping person.

Lisa has long dreamt of buying a camper, but two things were in her way: money and money. Specifically, money to buy a camper and money to buy a vehicle to haul a camper. This year we went with them to look at campers. We half-considered buying a small popup camper so they could move to the next stage. Over the course of the next several weeks, we looked at everything from little popups for $5,000 to $35,000 tent trailers. We looked at new and used ones, and back and forth we went. We just couldn’t see ourselves in a little popup, yet we were wary of dropping $30,000+ when we weren’t sure if we were really the camping type. At some point in the not-too-distant future though I could see us travelling in a fifth wheel. But we aren’t there yet.

Then one day we found TWO nearly-identical campers that seemed like a good fit. They are the Cadillac of popups, high-walled Starcraft 3610 with add-a-rooms. These offer dual king-sized beds, a roll-out sofabed, and a slide-out side with bench seating that converts to a large bed. It sleeps 8 easily. One had air conditioning, a power lift system, and wood-grained interior and had only been used 7 times, while the other had white interior with a bike rack and had suffered a punctured roof when a tree fell on it. Pretty easy choice, but the former cost a couple thousand new. We ended up getting it for $11,000 (it was bought a year previous for $20,000!) so it was a great deal given its low use, features, and condition. Plus the vendor delivered it to us. I had recently bought a 2000 Dodge Ram 1500 for $5,000 which was also in very good shape, and I installed a brake controller, so we were all set.

The first few trips were so-so. Because the campground’s electrical sites were long since booked, all that was left were the poor sites. The first two weekends we got low spots and the ground was always wet. It was pretty gross, especially with four dogs, but we learned each time how to set up and tear down more efficiently and bought tarps, carpets, patio lanterns, coolers, bug zappers, and other such things to help improve the experience. The next couple sites were better, and now it looks like we have nothing but primo spots for the rest of the year.

But the point of this post isn’t about how we got a camper. It’s about what I have set up in that camper this weekend.

This weekend we really have no business camping. I am feeling rather crappy with a sore throat that kept me away from work the last two days, plus it’s pouring rain as I type this. Also I have tons of work to do for the upcoming election, so I copied my election-work development virtual machine to a laptop and installed VMware. There, now I can work in the camper, mostly because my current work doesn’t require Internet connectivity. But even if it did, last weekend I got Internet tethering working through my iPhone onto a laptop, and it worked pretty well indeed. So this morning when I went home to get some more stuff, I brought along my MacBook and a netbook in addition to the dev laptop. I had previously used the Mac to test tethering, and the netbook should have worked too (but for Windows 7 Started edition, but that’s another story…) Yada yada right now we have seven devices in the camper with Internet access via my iPhone: my iPhone, my MacBook, my netbook, my dev laptop, my iPad, Barb’s phone, and Mike’s laptop. Camping has truly never been so hi-tech!

Time to get back to work. The rain has really picked up since I started writing this.

Being Windows Live

Just watched Being John Malkovich the other day, one of my personal faves. Definitely one of the stranger flicks out there. Another big fave is Shadow of the Vampire, also starring JM.

But we digress. I have seen much about Windows Live but read an article today about how its Windows Live Writer is a great blog editor, so I decided to give it a go. So far it seems good. I think I’ll try Windows Live Mail and see how well it works with my Google Apps account.

Yes, there are definitely a lot of italics in this post!

My Microsoft Action Pack Subscription was activated late last week. I created a VMware VM containing Windows Server 2008 R2 64-bit and Office SharePoint Server 2007 for a project I am working on. I’ve been out of the Windows world for a while now, and while using FOSS tools like Ubuntu, Apache, Ruby on Rails, etc is a lot of fun and often a technical challenge, I forgot how nice it is to double-click an installer and be walked through a series of options. For the most part, it just works, easy peasy.