Miscellaneous
Miscellaneous other things.
Seconfig XP Other software Miscellaneous
Stats
  • Page visited 713400 times
Site search
Page translation
Visitor locations
Other counters
  Search Results  
Dāvis's tech blog
Strange memory/registry problems on Terminal Server at 2007.08.25. 20:30
Recently I was asked to help troubleshoot a terminal server that sometimes couldn't load registry hives of users logging on. The server was running Windows 2000 Server and there were lots of users connecting to it.
When hive for Administrator account wasn't loaded these three errors were logged to event log:
RegLoadKey failed. Return value Insufficient system resources exist to complete the requested service. for C:\Documents and Settings\Administrator\ntuser.dat.
Windows cannot load your profile. Please increase the registry size and restart the computer.
Windows cannot load the user's profile but has logged you on with the default profile for the system.
DETAIL - Insufficient system resources exist to complete the requested service.
Also some virtual memory related errors were logged. Partially working solution (increasing registry size limit using System Properties control panel applet and increasing PagedPoolSize registry value) was found in some forum before I started my research.
At first I looked at pool usage (Kernel Memory in Performance tab of Task Manager) and value for paged pool was pretty big (over 150 MB). Next I enabled pool tagging and used Poolmon.exe to see what consumes most of paged pool. Name of the tag that used about 128 MB of paged pool was CM (referred as Configuration Manager (registry) in pooltag.txt), so it probably was actually related to registry. Examining size of main registry hive files (located at %SystemRoot%\system32\config) revealed that hive named default (this hive stores HKEY_USERS\.DEFAULT registry key) was about 100 MB in size, so I tried to use NTREGOPT to compact that hive.
Hive was compacted to about 85 MB that is far beyond its size on average systems. While examining contents of that hive (exported as usual .reg file) I noticed that most of .reg file is consumed by HKEY_USERS\.DEFAULT\Printers\DevModes2 key. This key was trashed by lots of printers connected via terminal services clients. I added a Scheduled Task that invokes regedit /s cleanprinters.reg every night (when no users should be connected) and created cleanprinters.reg with the following contents:
REGEDIT4

[-HKEY_USERS\.DEFAULT\Printers\DevModes2]
[HKEY_USERS\.DEFAULT\Printers\DevModes2]
After running cleanup task the first time and once more compacting registry with NTREGOPT hive named default and used paged pool sizes decreased almost to normal.

P.S. After all troubleshooting I found that this problem is also described in MS KB906952, but anyway I like my own solution.
P.S.2 There were also trashed some other (printer dependant) registry keys (under HKEY_USERS\.DEFAULT\Software and per-user HKEY_USERS\SID-of-user\Software) increasing registry size for about 14 MB for default user and 7 MB for each regular user.
4 comments

Manual Folder Redirection at 2007.05.21. 17:47
Some days ago I faced folder redirection problems for some users who's My Documents folders were redirected to share where they had Change (not Full Control) access (additionally restrictive NTFS permissions were used). These users were also configured to use roaming profiles.
The problem was that My Documents folder wasn't redirected for some (not all) users, instead it pointed to local copy of My Documents folder from roaming profile (in other words My Documents path for those users was "%userprofile%\My Documents" instead of "\\file-server\users\%username%\My Documents").
Also some .tmp files were created in "\\file-server\users\%username%\My Documents" and an error similar to this was logged in event log:
Failed to perform redirection of folder My Documents. The files for the redirected folder could not be moved to the new location. The folder is configured to be redirected to <\\file-server\users\%username%\My Documents>. Files were being moved from <C:\Documents and Settings\Davis\My Documents> to <\\file-server\users\Davis\My Documents>. The following error occurred while copying <C:\Documents and Settings\Davis\My Documents\My Music> to <\\file-server\users\Davis\My Documents\My Music>:
The security descriptor structure is invalid.
Although this was not tested, I suppose that folder redirection needs Full Control access to redirection destination to copy files. I didn't want to give users ability to change access permissions on their folders, so I didn't consider Full Control access as a good solution. Also just setting registry paths via logon script didn't seem to be a good idea.
After some search on internet I didn't found any suitable solution (this is the main reason why I have published this).
The main idea is that folder redirection will work fine if there will be no folders/files to move. So I simply wrote a script that moved all My Documents folders from roaming profiles to folder redirection targets (actually that script was a bit different but this doesn't matter).
Basically the solution is to manually (with help of a script) move folders that should be redirected to their redirection targets. When there will be no folders to move, folder redirection will simply change registry paths instead of complaining about permissions.
Moving folders is very simple with roaming profiles and I think it can be easily implemented in logon scripts for automated processing of local profiles as well.
0 comments

Auditing object access to trace malware at 2007.04.17. 07:20
Windows has built-in object access auditing that can be used to record changes on NTFS volumes.
Setting auditing of successful file creations in folders most commonly affected by malware, can
facilitate removal of such software.

I think good settings would be auditing of successful file creations in %SystemRoot%, %SystemRoot%\system32 including subfolders and %ProgramFiles% including subfolders.
Auditing can be configured in folders Properties - Advanced Security Settings - Auditing tab.
Additionally Audit object access must be enabled in Security Policy of computer.
With such settings all new file creations in abovementioned folders will be logged to Security event log. Also size and retention of security event log should be adjusted to prevent repletion.
1 comment

Icon editor at 2007.02.21. 23:08
As a software developer I have always wanted a good and free icon editing software.
Recently I have found one - IcoFX. It has all major features I need for icon creation and it is freeware.
http://icofx.xhost.ro/ - IcoFX website
1 comment

UTF-8 search with MySQL and PHP at 2007.01.29. 00:24
A few minutes ago I helped a friend of mine to troubleshoot Unicode search in his web page. He was using a TEXT type field with utf8 encoding and search wasn't working properly. Also encoding of web page was UTF-8.
After a little research connection encoding turned out to be latin1. So a simple mysql_query("SET NAMES utf8"); before actual database queries solved his problem.
0 comments

« More recentMore older »

Share |
© 2006-2012