Adventures in System Administration

Author: centauricw

Domain Administrator Cannot Open Ethernet Adapter Settings

Creating a new Active Directory forest and domain on Windows Server 2019 recently, I found the domain administrator could not open Network Connections. This happened when right-clicking on the Network icon on the Task Bar to open Network & Internet Settings, selecting Ethernet, and clicking on “Change adapter options”.

This only occurs when trying to open Network Connections through Windows Settings. There are no problems opening Network Connections through Control Panel or directly by running ncpa.cpl. And it only affects the domain administrator. Other users do not experience this problem. But the domain administrator has this problem on any computer in the domain.

MariaDB root Authentication

MariaDB 10.4 implemented a lot of changes to how security is done. Much of this is invisible to most users with the exception of root. The root user is now able to use socket authentication through the unix_socket plugin. It means that if you are logged in to a Linux system as root, you can log on to the MariaDB server without using a password. Note in the example below, the -p option (for “password”) is not used yet the log on is successful.

[root@linuxputer ~]# mysql -u root
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 408
Server version: 10.11.9-MariaDB-log MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

And it’s not just that you don’t need to enter a password. Even if a password is provided, it is completely ignored. In this example, a password – which is invalid – is provided, yet the log on is successful.

Windows Server 2022 SMTP Relay List Bug

It appears a bug was added the IIS SMTP Server in Windows Server 2022. After installing the SMTP Server feature, you are not able to open the properties window in Internet Information Services (IIS) 6.0 Manager with MMC (Microsoft Management Console) displaying an error.

This is because the setting for RelayIpList in MetaBase.xml is incorrect . Since the SMTP Server hasn’t been significantly changed since Windows Server 2003 – it runs in IIS 6.0 Compatibility Mode after all – how this bug got introduced is a mystery. And Microsoft has taken no steps to fix it. Fortunately, this problem is easily corrected.

DCOM Permission Errors

I occasionally encounter errors when trying to install a software package on Windows with the less than helpful message that the Windows Installer Service could not be accessed.

A typical search will return lots of results about reinstalling the MSI Installer service, changing registry entries, and otherwise tinkering with low-level Windows components, but the problem is actually much simpler. The user trying to run the MSI Installer has been denied rights to run it.

The MSI Installer – the Windows Installer service – is a COM (Component Object Model) component. Windows uses a large number of COM comments for the operating system. Like files, users are granted permissions to access and run COM comments. This normally is not an issue. At least it wasn’t until Windows 10/Windows Server 2016. But a bug appears to have crept into Windows that will randomly revoke a user’s permission to run one or more COM objects, the MSI Installer being one of them. Antivirus programs seems to aggravate this, but I’ve encountered the problem on systems with only Windows (or Microsoft) Defender Antivirus.

Large Send Offload and Network Performance

An issue that I’ve encountered fairly often are complaints of slow network performance, especially when transferring large files. Although there are many issues that can affect network throughput, the most common issue is related to Large Send Offload.

Large Send Offload (also known as Large Segmentation Offload, and LSO for short) is a feature that allows the operating system TCP\IP network stack to build a large TCP message of up to 64KB in length before sending to the Ethernet adapter. Then the hardware on the Ethernet adapter — what I’ll call the LSO engine — segments it into smaller data packets (known as “frames” in Ethernet terminology) that can be sent over the wire. This is up to 1500 bytes for standard Ethernet frames and up to 9000 bytes for jumbo Ethernet frames. (The actual sizes are bit larger to accommodate the overhead – header and frame check sequence – in the packet). This is designed to free up the CPU on the server from having to handle segmenting large TCP messages into smaller packets required by the frame size. Sounds like a good deal. What could possibly go wrong?

Windows Server 2012 Update Failure – 0x80072EFE

I recently built a Windows Server 2012 virtual machine to do some compatibility testing for a PowerShell script I was working on. I wanted PowerShell 3.0 to be the minimum version required for the script so it could be used with older versions of Windows. Since PowerShell is included as an operating system component, I needed an older version of Windows to use PowerShell 3.0.  Windows Server 2012 fit the bill.

After getting Windows Server 2012 installed, trying to check for updates returned error 0x80072EFE. Microsoft had updated distribution of updates, and the Windows Update Client installed with Windows Server 2012 is out of date. You must download and install the KB2937636 update. After a reboot, the Windows Update Client will install an additional update and then it will be able to search for and install updates.

Loading SQL Server PowerShell Module: SqlServer or SQLPS

I recently created a PowerShell script to restore SQL Server databases. A customer migration required that I restore 2800 plus databases. As the data directory was in a different location on the new server, this meant using the MOVE clause in the RESTORE DATABASE command to place the data files in the correct directory. This was far too many databases to do this manually. But using PowerShell also meant using a SQL Server module.

Two modules are available for SQL Server: SQLPS and SqlServer. SQLPS is the original module. Although no longer updated, it is still included with SQL Server which Microsoft says is for backwards compatibility. It is also the module that SQL Server Agent automatically loads when a job type (or subsystem) is PowerShell. SqlServer is the new and supported module and is installed from the PowerShell gallery. This is the module Microsoft recommends you use for all new development.

IIS SMTP Server SmtpOutboundCommandSupportOptions Bug

It’s not uncommon for Windows web servers to use the IIS SMTP Server as a mail relay. It’s a smart host in that it can do the MX record lookups to find the mail server handling the recipients’ mailboxes. But there is a problem. The big mail services such as Google and Microsoft are very picky about which mail servers they will communicate with as they try to mitigate the never-ending stream of spam. To this end, they will generally only accept mail from servers that speak ESMTP (Extended Simple Mail Transport Protocol) as currently defined in RFC 5321. Use of ESMTP is considered optional, with a fallback to the older SMTP commands if one mail server doesn’t support ESMTP. But because spammers are now the primary users of older SMTP, the big mail services simply drop the connection if the sending mail server doesn’t use ESMTP.

What’s In A Name

The name for this blog comes from a several sources. Centauri is from our closest galactic neighbor Alpha Centauri and also the Centauri Republic from Babylon 5. I always found Ambassador Londo Mollari to be a fascinating if tragic character. The Files part is from The Rockford Files, a 1970s detective series staring James Garner. This is was a favorite from my youth and I still watch reruns whenever available.

Copyright © 2024 Charles Rutledge

Powered by WordPress & Theme by Anders Norén