Tuesday, March 25, 2014

Outlook 2010 Cannot Send this item

Occasionally I have a very select set of users that would call in unable to send emails.  When they click send they get "Cannot send this item".  Simply copy pasting the contents into a new email would fix.

The common response on the internet is "switch to rich text", which I view as a workaround and at that one I don't like.

Thomas Vuylsteke posted this and has a great solution...  Look at your network and ensure that you're not having network issues.

http://setspn.blogspot.com/2011/10/outlook-cannot-send-this-item.html

In my case it appears to have been due to Linksys devices at a few select desktops.

Sharepoint 2013 slow - Distributed Cache issue

After a fresh install of Sharepoint 2013 I found that navigation was very slow.  It would take 10 - 30 seconds between pages depending on scenario and page.

Looking online I found that some had found that stopping the distributed cache would fix, but after starting again it would slow down.

I finally found this link which helped: http://microsofttouch.fr/default/b/vincent/archive/2012/12/22/service-de-cache-distribu-233-de-sharepoint-2013-spdistributedcacheservice-comment-ne-pas-se-manger.aspx

Translated version:
http://translate.google.com/translate?hl=en&sl=fr&u=http://microsofttouch.fr/default/b/vincent/archive/2012/12/22/service-de-cache-distribu-233-de-sharepoint-2013-spdistributedcacheservice-comment-ne-pas-se-manger.aspx&prev=/search%3Fq%3Dhttp://microsofttouch.fr/default/b/vincent/archive/2012/12/22/service-de-cache-distribu-233-de-sharepoint-2013-spdistributedcacheservice-comment-ne-pas-se-manger.aspx%26biw%3D1280%26bih%3D894

Opened the Sharepoint 2013 Management Shell (run as administrator).
Stop-SPDistributedCacheServiceInstance -Graceful
Remove-SPDistributedCacheServiceInstance
Add-SPDistributedCacheServiceInstance

Then start the distributed cache server.  Now it runs lightening fast.

Wednesday, March 12, 2014

Nagvis - The must value "host_name" is not set

When working in Nagvis you get an error

The must value "host_name" is not set in an object of type "service" in map "mapname" 
(note: can be service, host, etc)

This is caused when you accidentally modify an object and it removes required fields in the config file.

To fix, go to your maps config file.  In opsview it's located at /usr/local/nagios/nagvis/etc/map

nano mapname.cfg
remove the offending entry.  In my case you can see that it defines a service with no contents.



Tuesday, March 11, 2014

WSUS 100% CPU by sqlservr.exe

Recently my WSUS 3.2 server pegged the CPU out at 100% by the SQL server. 

With a small amount of research I found the following:
http://technet.microsoft.com/en-us/library/dd939795(v=ws.10)



In my case i was running Server 2008 R2 so download and install the prereqs.
Server 2008 R2 = http://www.microsoft.com/en-us/download/details.aspx?id=16978
Don't click the download link as that just gives you a worthless txt file.  Instead scrol down to "install instructions" and expand.  Here you'll see a full list of download sites.  Grab the following:
  • Microsoft SQL Server 2008 R2 Native Client x64 Package
  • Microsoft SQL Server 2008 R2 Command Line Utilities x64 Package
Then create the scripts as needed (note: you need to include the full path to the sqlcmd.exe)
"C:\Program Files\Microsoft SQL Server\100\Tools\Binn\sqlcmd" -S np:\\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query -i C:\Scripts\WsusDBMaintenance.sql
Ensure you "run as adminitrator" or you'll get an access denied error.

Issue resolved.

Remote WMI monitoring Windows Service permissions with non-admin account

I've been trying to get remote WMI to check if a service is running or not and I want to use a non-admin account to do it. 

I found a lot online about setting up permissions for Remote WMI and it "mostly" gets you everything, but in the end I found that a lot of services still didn't show properly.  http://community.zenoss.org/thread/12048

Using this Excellent post https://msmvps.com/blogs/erikr/archive/2007/09/26/set-permissions-on-a-specific-service-windows.aspx we can begin to understand what the different options mean and run the sc config with the proper permissions (rather than running the Zenoss or MS cmd blindly).

  1. Open cmd prompt on the server in question
  2. type sc sdshow scmanager
  3. Take note of the existing permissions.  Notice that they are different for each OS version.
    1. Windows 2012 = D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
    2. Windows 2008 R2 = D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
We also know that AU (Authenticated users) has limited permissions compared to pre Windows 2003 SP1.  Zenoss and MS articles give AU access to all (with a big caveat of it's not really all services which I talk about in a minute).  So, rather than doing this we can add our own account / group in instead of just blasting AU if desired.
  1. use pstools to get the SID of the account you want to use
    1. psgetsid username
      1. This gives you the SID for your username
    2. sc sdshow scmanager
      1. gives you the existing permissions
    3. Merge the permissions together for your new command (example on 2012 Server).  Note that you ALWAYS want to APPEND what already exists.
      1. sc sdset scmanager D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)(A;;CCLCRPRC;;;YOURSIDHERE)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)
      2. Note that this is appended prior to the S: section!
    4. Now if we test using that user account we see that we get back results, but wait surely I have more than 14 services set to auto... Yes, yes I do.

I don't know why, but this doesn't show all the services by far!
But, I found that adding permissions to the services in particular that you do want to monitor will fix.

For instance, query dfsr and you get the following (Found 0 Services)


So, lets get the permissions for the specific services and modify. 
  1. sc sdshow DFSR
    1. D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
  2. Merge in your permissions
    1. sc sdset dfsr D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCR
      RC;;;IU)(A;;CCLCSWLOCRRC;;;SU)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;CCLCRPRC;;;YOURSIDHERE)S:(AU;FA;CCDCL
      CSWRPWPDTLOCRSDRCWDWO;;;WD)
  3. Test :)
 
 
Either I'm missing something dumb or this is rediculous imo.  I would have never thought that on my journey to setup a non-admin account for remote monitoring that I would be messing with permissions like this.