Windows Tips & Tricks UPDATE--December 22, 2003

Windows Tips &amp Tricks UPDATE, December 22, 2003, —brought to you by the Windows &amp .NET Magazine Network and the Windows 2000 FAQ site
http://www.windows2000faq.com


This Issue Sponsored By

Windows & .NET Magazine VIP Web Site/Super CD
http://www.winnetmag.com/rd.cfm?code=edep273lup


1. Commentary

2. FAQs

  • Q. Why do I receive 601 errors related to the SMS_SQL_MONITOR process in Microsoft Systems Management Server (SMS) 2.0?
  • Q. How can I use Group Policy to disable the Windows Server 2003 Shutdown Event Tracker?
  • Q. What's the difference between an Active Directory (AD) authoritative and nonauthoritative restoration?
  • Q. How can I perform an authoritative restoration of Active Directory (AD) in Windows Server 2003?

3. Announcements

  • Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"
  • Take Our Print Publications Survey!

4. Event

  • New--Microsoft Security Strategies Roadshow!

5. Contact Us

  • See this section for a list of ways to contact us.

Sponsor: Windows & .NET Magazine VIP Web Site/Super CD

The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
If you want to be sure you're getting everything the Windows & .NET Magazine Network has to offer, then you need a subscription to the VIP Web site/Super CD. You'll get online access to all of our publications, a print subscription to Windows & .NET Magazine, and a subscription to our VIP Web site, a banner-free resource loaded with articles you can't find anywhere else. Click here to find out how you can get it all at 25% off!
http://www.winnetmag.com/rd.cfm?code=edep273lup


1. Commentary
by John Savill, FAQ Editor, [email protected]

This week, I tell you why you might receive 601 errors when using Microsoft Systems Management Server (SMS) 2.0 and how to use Group Policy to disable the Windows Server 2003 Shutdown Event Tracker. I also explain the difference between an Active Directory (AD) authoritative and nonauthoritative restoration and how to perform an authoritative restoration of AD in Windows 2003.



2. FAQs

Q. Why do I receive 601 errors related to the SMS_SQL_MONITOR process in Microsoft Systems Management Server (SMS) 2.0?

A. SMS uses several component processes. One such process, SMS_SQL_MONITOR, monitors the SMS 2.0 site database on a Microsoft SQL Server computer for changes and notifies affected components when a change occurs. When a change to the database occurs, SMS_SQL_MONITOR writes a file to the related SMS Inbox or notifies the component by named pipe. SMS_SQL_MONITOR also performs periodic database maintenance. After you install and configure SMS in some installations, the SMS_SQL_MONITOR process can end up in an error state that can result in the system displaying many 601 error messages, as this figure shows.

To work around this error state, you should manually run the SQL command described in the error message by performing the following steps:

  1. Start the SQL Query Analyzer (go to Start, Programs, Microsoft SQL Server, and click Query Analyzer).
  2. Select the database server that SMS is using, enter any needed logon credentials, then click OK.
  3. In the query window, type
    exec sp_addextendedproc 'xp_SMS_notification','smsxp.dll'
    to resolve the SMS_SQL_MONITOR error.

After you resolve the error, you'll want to ensure that the account that SMS uses for database connectivity has execute (exec) permissions for the extended procedure that you just created by performing the following steps:

  1. Start the SQL Server Enterprise Manager (go to Start, Programs, Microsoft SQL Server, and click Enterprise Manager).
  2. Select the Extended Stored Procedures for the master database (from within Enterprise Manager, go to Microsoft SQL Server, SQL Server Group; select the name of the database server; select Databases, "master", Extended Stored Procedures).
  3. Scroll down to xp_SMS_notification, then right-click its entry and select Properties from the context menu.
  4. Click Permissions, ensure that the account that SMS uses for database connectivity has the exec permission, then click OK.

Q. How can I use Group Policy to disable the Windows Server 2003 Shutdown Event Tracker?

A. Like Windows 2000, Windows 2003 has an event tracker that prompts you to enter a reason for shutting down a server. To disable this feature, perform the following steps:

  1. Open the Microsoft Management Console (MMC) Group Policy Editor (GPE) snap-in or use Windows 2003 Group Policy Management Console (GPMC) to load the Group Policy Object (GPO) that you want to modify (e.g., the Default Domain Controllers policy).
  2. Navigate to Computer Configuration, Administrative Templates, System.
  3. Double-click Display Shutdown Event Tracker.
  4. Select Disabled, then click OK.
  5. Use the Gpupdate command to force the policy to refresh.

After the policy refreshes, the server will no longer prompt you for event tracker details at shutdown.

Q. What's the difference between an Active Directory (AD) authoritative and nonauthoritative restoration?

A. Although you might have several domain controllers (DCs) providing fault tolerance for your domain, you still need to perform regular backups. Windows backs up AD as part of the system state and restores the directory by booting a DC into the Directory Services (DSs) restore mode.

The default DSs restore mode is a nonauthoritative restoration. In this mode, Windows restores a DC's directory from the backup. Then, the DC receives from its replication partners new information that's been processed since the backup. For example, let's say we restore a DC by using a 2-day-old backup. After the DC starts, its replication partners send it all updates that have occurred in the past 2 days. This type of restore is typically used if a DC fails for hardware or software reasons.

An authoritative restoration restores the DC's directory to the state it was in when the backup was made, then overwrites all other DCs to match the restored DC, thereby removing any changes made since the backup. You don't have to perform an authoritative restoration of the entire directory--you can choose to make only certain objects authoritative. When you restore only parts of the directory, Windows updates the rest of the restored database by using information from the other DCs to bring the directory up-to-date, then replicates the objects that you mark as authoritative to the other DCs. This type of restore is most useful if you deleted, for example, an organizational unit (OU). In this case, you could restore an AD backup to a DC, mark the OU as authoritative, then start the DCs as usual. Because you marked the OU as authoritative, Windows will ignore the fact that the OU was previously deleted, replicate the OU to the other DCs, and apply all other changes made since the backup to the restored DC from its replication partners.

Q. How can I perform an authoritative restoration of Active Directory (AD) in Windows Server 2003?

A. To perform an authoritative restoration, you must first recover AD from a backup by performing the following steps:

  1. Restart the domain controller (DC) of interest.
  2. When you see the menu to select the OS, press F8.
  3. From the Windows Advanced Options menu, select Directory Services Restore Mode, then press Enter.
  4. Select the Windows 2003 OS, then press Enter.
  5. Use the restore mode password and log on as the administrator.
  6. Click OK to the confirmation that Windows is running in Safe mode.
  7. Start the Windows Backup application (go to Start, Programs, Accessories, System Tools, and click Backup).
  8. Select the Restore option, then select the media in which the backup is stored and ensure that the System State is selected.
  9. Click OK to close any warning dialog boxes.
  10. After the AD recovery is finished, click Close in the displayed dialog box and click Yes to restart the computer.

When the machine restarts, you need to specify which parts of the restoration will be authoritative by performing the following steps:

  1. When you see the menu to select the OS, press F8.
  2. From the Windows Advanced Options Menu, select Directory Services Restore Mode, then press Enter.
  3. Select the Windows 2003 OS, then press Enter.
  4. Use the restore mode password to log on as the administrator.
  5. Click OK to the confirmation that Windows is running in Safe mode.
  6. Open a command prompt--go to Start, Run, and type
    cmd
  7. Start the Ntdsutil utility.
  8. To access the authoritative restore mode, type
    ntdsutil: authoritative restore
  9. If you want to mark the entire database as authoritative, type
    authoritative restore: restore database
    If you want to mark only a certain object as authoritative (e.g., an organizational unit--OU), type
    authoritative restore: restore subtree <distinguished 
    name--DN--of subtree, e.g. OU=sales,DC=savilltech,DC=com>
  10. To exit Ntdsutil, type
    quit
  11. Restart the DC as usual.

If you perform an authoritative restoration of a backup that's more than 14 days old, some trust relationships might be broken because the passwords that the trust used would have been changed twice (the directory stores both the current and previous password, which change every 7 days). So, for example, when restoring Windows NT LAN Manager (NTLM) trusts, you would have to break the trust, then recreate it.

3. Announcements
(from Windows &amp .NET Magazine and its partners)

  • Announcing a New eBook: "Content Security in the Enterprise--Spam and Beyond"

  • This eBook explores how to reduce and eliminate the risks from Internet applications such as email, Web browsing, and Instant Messaging by limiting inappropriate use, eliminating spam, protecting corporate information assets, and ensuring that these vital resources are secure and available for authorized business purposes. Download this eBook now free!
    http://www.windowsitlibrary.com/ebooks/spam/index.cfm

  • Take Our Print Publications Survey!

  • To help us improve the hardware and software product coverage in the Windows & .NET Magazine print publications, we need your opinion about what products matter most to you and your organization. The survey takes only a few minutes to finish, so share your thoughts with us at
    http://websurveyor.net/wsb.dll/12237/editorsproduct.htm

    4. Event
    (brought to you by Windows &amp .NET Magazine)

  • New--Microsoft Security Strategies Roadshow!

  • We've teamed with Microsoft, Avanade, and Network Associates to bring you a full day of training to help you get your organization secure and keep it secure. You'll learn how to implement a patch-management strategy; lockdown servers, workstations, and network infrastructure; and implement security policy management. Register now for this free, 20-city tour.
    http://www.winnetmag.com/roadshows/computersecurity2004

    Sponsored Links

  • NetSupport

  • Free Trial - Fast and Easy Network Management. - NetSupport DNA
    http://ad.doubleclick.net/clk;6823752;8214395;q?http://www.netsupport-inc.com/dna/netsupport_dna_overview.htm

    5. Contact Us
    Here's how to reach us with your comments and questions:

    This weekly email newsletter is brought to you by Windows &amp .NET Magazine, the leading publication for Windows professionals who want to learn more and perform better. Subscribe today.
    http://www.winnetmag.com/sub.cfm?code=wswi201x1z

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    TAGS: Windows 8
    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish