Mike Says Meh The blog of Sys Admin Mike Kauspedas

22Apr/141

Simple Powershell script to create local user and generate password

This is a very simple script to add a local administrator. You always want a backup Admin to get into a computer, because the "Administrator" should be disabled after all. This is a simple script I use to create one that also generates a password I can store somewhere, like keepass. Here is what it does.

  1. Generates a 32 character complex password.
  2. Creates a local user.
  3. Adds the user to local Administrators group.
  4. Sets the password to never expire.
  5. Spits out the password to the console window so you can copy/pasta to keepass.

Add-Type -Assembly System.Web
$pass=[Web.Security.Membership]::GeneratePassword(32,0)
NET USER username "$pass" /ADD /y
NET LOCALGROUP "Administrators" "username" /add
WMIC USERACCOUNT WHERE "Name='username'" SET PasswordExpires=FALSE
Write-Host "$pass" -foregroundcolor red -backgroundcolor yellow

Make sure to replace all the "username" (highlighted in red) with the username you wish to create. I use this at work to create a standard backup admin user for servers. It's always the same username with a different password for each server.

username script

 

**UPDATE

I realized this doesn't work with the execution policy set to restricted. So I made a bat file that runs it from your desktop after setting the execution policy to unrestricted. What I do is copy the two files to the desktop of the server (you can do this in RDP for any server 2008 or greater). Then right click on the bat file and "run as administrator".  Here is the script for the bat.

Update deuce. Per reditor's suggestion I took the command to change the execution policy and instead bypass it.

@echo off
powershell -ExecutionPolicy Bypass -file %USERPROFILE%\Desktop\name-of-your-ps1-file.ps1
pause

Filed under: Tech 1 Comment
9Apr/140

How to force a shrink of the MSSQL TempDB

In a bind for disk space on a MSSQL server that you cannot restart? Here's a way to force a shrink of the TempDB if that's your issue. Be aware this can negatively impact performance since you will be clearing the execution cache for the server. The cache that SQL uses to store execution plans after they are compiled. Meaning they have to be recompiled. But working for a small host with shared database servers that CANNOT go down during the day I've been in this bind. This is the script I found to fix the issue.

DBCC FREEPROCCACHE
GO
use tempdb
GO
-- Shrink tempDB data file
DBCC SHRINKFILE ('tempdev' , 1 )
go
-- Shrink tempdb log file
dbcc shrinkfile ('templog' ,1 )

This won't always work the first time, so just keep executing it until the TempDB goes down. I usually have to run this up to 10 times before the TempDB gets down to less than a 100MB. By default the TempDB should be around 7MB when it starts. Also. restarting the SQL server should empty the database and re-intialize it so to speak. Each time you start SQL server the TempDB should be about 7MB. Of course you should probably figure out what is filling your TempDB, but when you have 700 databases on one MSSQL server and you don't control any of them or know the developers, that's easier said than done.

Filed under: Tech No Comments
8Apr/140

How to increase the number of concurrent RDP connections in Microsoft’s remote desktop connection manager

An issue that has been plaguing me for years has been the number of RDP sessions I can connect to at once in Microsoft's remote desktop connection manager. RDman is an older piece of software that is simple and easy to use. It's also something we use at work every day. The problem is that MS hasn't updated it in a while and it's x86 (32bit). Each session takes up a decent amount of memory and once you get to the 1GB mark, you start getting errors like this.

Error possibly involving 'security settings':
Error HRESULT E_FAIL has been returned from a call to a COM component.

rdman error

Or

Error possibly involving 'server name':
Attempted to read or write protected memory. This is often an indication that other memory is corrupt.

rdman error2

Those errors usually go away if you sign out of a couple sessions, then you can sign in to more. But there is always a limit, anywhere from 6-10 connections at one time. Except that you cannot sign into the server that gave you the error when trying to connect.

One very simple solution is to just open multiple instances of RDman, but you're still limited to only 6-10 RDP sessions at one time. So how do we connect to more?

The problem is actually pretty simple to solve, if you have Visual Studio.

1. First, open the Command Prompt for VS2012. Or whichever version of Visual Studio you have installed. I happen to have 2012 since we have a dev on staff and we always have the latest license. Yay. Here is a link to how to get to the command shell for various operating systems.

2. CD into the directory where RDMan is installed. Most likely that is:

C:\Program Files (x86)\Remote Desktop Connection Manager
Your command should look like:
C:\Windows\system32>cd C:\Program Files (x86)\Remote Desktop Connection Manager

3. Now type the following command into the prompt:

editbin /LARGEADDRESSAWARE RDCMan.exe

4. You should get something like below.

C:\Program Files (x86)\Remote Desktop Connection Manager>editbin /LARGEADDRESSAW
ARE RDCMan.exe
Microsoft (R) COFF/PE Editor Version 11.00.61030.0
Copyright (C) Microsoft Corporation. All rights reserved.

editbin

5. That's it, now you should be able connect to a lot more sessions. Unfortunately this isn't unlimited so you still can't connect to 50 at a time. My max seems to be about 16 sessions at one time. But that at least allows me to open a couple instances so I can get to various environments. Where I work we have some complex Clouds that have 20 or more servers and on patch night I often need to connect to a lot of them at the same time. Especially for management purposes so I can gracefully fail over services, etc.

If you want to skip all this, or don't have Visual Studio, you can download the RDMan I already edited. It should work. Click the link. Remote Desktop Connection Manager

Another alternative is a different remote desktop connection manager. One I have played around a little with is Terminals. It's free and open source. I'm not sure if it has the same limit, I haven't added enough connections to test it out. Find it here. Make sure when adding connections for 2008/2012 you check the box under RDP --> Extended Settings --> Enable NLA Authentication. (If you are using Network Level Auth, which you should.)

terminals-nla

Filed under: Tech No Comments
6Apr/140

How to restart Dell iDrac

Recently ran into an issue with a Poweredge r620 and iDrac. The server was up but giving a memory error and I couldn't get into iDrac. This is the error I saw when trying to login.

RAC0218: The maximum number of user sessions is reached

Very frustrating when I knew there was no one else logged in. A brief search online revealed that we can reset iDrac through SSH, but that didn't help since even SSH gave the same error when trying to login. The server is in a data center and I avoid the data center like the plague. I know there are some sys admins that just love the DC, the rows and rows of servers, the unbearable noise, the too hot and too cold isles. Maybe I'm old, or I've been doing this too long ...

If the OS is working you can use a tool in Dell OpenManage to reset iDrac remotely.

1. Make sure you have Dell OpenManage installed on the server. Download here.

2. Next open a command prompt as Administrator and CD to "C:\Program Files\Dell\SysMgt\idrac".

cd to idrac

3. Now run the command "racadm racreset soft" (without the "" of course). racadm is the iDrac CLI admin, racreset is the subcommand, and soft is the parameter. This particular subcommand has 3 different methods to restart Hard, Soft, Graceful, and you can also delay the restart. I recommend that you start with a soft reset so you don't lose your settings. I imagine a hard reset would remove your login info, TCP/IP settings, etc. To be honest I haven't tested it to find out since the servers I have are in production. You can find more info here.

  • A hard reset resets the entire RAC and is as close to a power-on reset as can be achieved using software. The RAC log, database, and selected daemons are shutdown gracefully prior to the reset. A hard reset should be considered as a final effort. PCI configuration is lost.
  • A soft reset is a microprocessor and microprocessor subsystem reset that resets the processor core to restart the software. PCI configurations are preserved. The RAC log, database, and selected daemons are shutdown gracefully prior to the reset.
  • A graceful reset is the same as a soft reset.
  • The user is allowed to select how many seconds of delay occur before the reset sequence is started. A valid delay entry is between 1-60 seconds. The default is 3 seconds.

4. After running the command you should see the message below.

RAC reset operation initiated successfully. It may take a few
minutes for the RAC to come online again.

5. Give it a few minutes and then try and login to iDrac through the web interface or SSH. I was able to after running this reset.

6. If you still cannot login you can try a hard reset. Run the command "racadm racreset hard".

7. If that doesn't work, there is one last option but you'll need to physically access the server. Shut the server down then pull the power from it. Make sure there is no AC power to the server. Then hold the power button on the server for 30 seconds. This should completely reset the iDrac. You may need to reconfigure your login information and TCP/IP settings.

6Mar/140

It all began with a Diamond Stealth III video card

The very first time I got serious about computers was when I decided to buy a video card to upgrade, so I could play Delta Force. I don't remember exactly what I had at the time, in fact I don't even think it was my PC. I'm pretty sure it was my parents PC, and it was an ugly little HP or Compaq that had IGD and only a PCI slot. So my first video card wasn't even AGP :( Not that it mattered since I had no idea there was a difference at the time. I just walked into CompUSA and bought something off the shelf. And that something was a Diamond Multimedia Stealth III S540 PCI 32M. The PCI was for the PCI slot, and the 32M was 32MB of RAM. Which was actually twice what other video cards had at the time like the Nvidia TNT and Voodoo cards. And I could play Delta Force, and Delta Force 2, and it was great.

And I still have that video card. And it still works. And I will love it forever and keep it forever because it is the birth place of what I do now.

Along with those pics I found some related links. Of course no one reviewed the crappy little PCI one, and the card wasn't that great.

5Mar/140

Microsoft Data Protection Manager taking full backups of MSSQL and interrupting timeline

Recently at work I ran into an odd issue with a customer and MSSQL backups. The customer had setup some maintenance plans to backup their databases according to a schedule, fulls one day a week followed by differential backups and then rolling over. Pretty common. But when the poop hit the fan and the customer needed to do a restore they found their diffs wouldn't work. When the customer restored the full and then tried to restore the diffs they received an error:

This differential backup cannot be restored because the database has not been restored to the correct earlier state.

The reason this error is given is because the differential backup is not part of the time line, meaning another full backup was taken in between the time the last full and differential you are trying to restore (the logs were truncated). Ok, so let's find out when that backup was taken. Below is a script to lookup the backup history for a specific database. Just replace DBNAME with the name of your database.

USE DBNAME
GO
-- Get Backup History for required database
SELECT TOP 100
s.database_name,
m.physical_device_name,
CAST(CAST(s.backup_size / 1000000 AS INT) AS VARCHAR(14)) + ' ' + 'MB' AS bkSize,
CAST(DATEDIFF(second, s.backup_start_date,
s.backup_finish_date) AS VARCHAR(4)) + ' ' + 'Seconds' TimeTaken,
s.backup_start_date,
CAST(s.first_lsn AS VARCHAR(50)) AS first_lsn,
CAST(s.last_lsn AS VARCHAR(50)) AS last_lsn,
CASE s.[type]
WHEN 'D' THEN 'Full'
WHEN 'I' THEN 'Differential'
WHEN 'L' THEN 'Transaction Log'
END AS BackupType,
s.server_name,
s.recovery_model
FROM msdb.dbo.backupset s
INNER JOIN msdb.dbo.backupmediafamily m ON s.media_set_id = m.media_set_id
WHERE s.database_name = DB_NAME() -- Remove this line for all the database
ORDER BY backup_start_date DESC, backup_finish_date
GO

DPM screwing backups

The mystery unfolds. I found a full backup was taken by some mysterious device. I knew we had a DPM server running virtual machine snapshots, but it isn't agent based. The DPM server is simply taking a snapshot of the virtual machine, not the SQL server itself. So it wouldn't take a full backup right? Well I thought I was right since the time stamp of the full backup and the time the job ran in DPM were hours apart, even accounting for time zone differences. On top of that the full backups over the past month were all at different times.

But the device being used was a virtual device (ID 7) and it's name was a guid. I couldn't find anything else that was taking these backups on a regular schedule so it had to be DPM. Which is when I found this. The KB is a different version of DPM and the server OS, but issue #3 is what I was facing.

Issue 3
Consider the following scenario:
A virtual machine (VM) is being backed up on a server that is running Hyper-V.
At the same time, an application backup operation is being performed in the same VM.
In this scenario, some data is truncated from the application backup in the VM. Therefore, this behavior causes data loss.

The resolution is also in that KB aside from applying the hotfix (I did NOT apply the hotfix).

You can apply the following registry entry in a virtual machine to fix issue 3 for that virtual machine:
Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Virtualization\VssRequestor
Name: BackupType
Type: REG_DWORD
Value: 0 or 1
If this registry entry is created and its value is set to 1, application backup will not be affected by the virtual machine backup operation on the server that is running Hyper-V. If this registry entry does not exist, or if its value is 0, issue 3 occurs.

Voila, after creating that registry dword the backups DPM took no longer truncated the logs in the SQL server. So going forward, if you are using data protection manager to backup Hyper-V virtual machines you need to make sure you create that registry dword. If you do not the internal VSS on the virtual machine will run a full backup of the MSSQL database in response to DPM taking a snapshot. This will in turn break any backups you have configured in the server.

Filed under: Tech No Comments
28Feb/140

Bat script to backup MySQL on a Windows Server

Use the script below to backup your MySQL server running on a Windows server. Just create the bat file then create a scheduled task to run it. This file will append the date to the file name and keeps files up to 7 days. Adjust as needed.

*Backs up the files to C:\MySQLBackup. Make sure to create that directory.
*Make sure to change the username and password.
*Edit the lines below for your version of MySQL.
*PUSHD "C:\ProgramData\MySQL\MySQL Server 5.6\data"
*"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqldump.exe"


:: Check to see if files older than 7 day exist
FORFILES /P "C:\MySQLBackup" /M * /D -7 /C "CMD /C DEL @path"

:: MySQl DB user
SET dbuser=root

:: MySQl DB users password
SET dbpass=************

:: Switch to the MySQL data directory and collect the folder names
PUSHD "C:\ProgramData\MySQL\MySQL Server 5.6\data"

:: Loop through the folders and use the fnames for the sql filenames, collects all databases automatically this way

ECHO "Pass each name to mysqldump.exe and output an individual .sql file for each"

FOR /D %%F IN (*) DO (
"C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqldump.exe" -u %dbuser% -p%dbpass% -P 3306 %%F > "C:\MySQLBackup\%%F_%date:~-4,4%%date:~-7,2%%date:~-10,2%.sql"
)-

Filed under: Uncategorized No Comments
25Feb/140

DOCSIS 2 vs DOCSIS 3 speed test results

A while back I upgraded my modem from a DOCSIS 2 to a DOCSIS 3. I purchase my own cable modem to save some money over leasing it from Comcast. It pays for itself within a year. I was using a DCOSIS 2.0 modem and pretty content with the results but then a brand new DOCSIS 3.0 modem went on sale for less than $100 so I upgraded. The difference is noticeable and as you can see from the results below the speed is definitely improved. I have the Xfinity Blast package which is something like 50Mbs down and 10Mbs up.

Also, another great way of testing is torrents since they can chew up bandwidth very quickly. As you can see my download speeds on the CentOS torrent are great.

DOCSIS 2.0 Results 31.0Mbs Down | 3.2Mbs Up

DOCSIS 3.0 Results 57Mbs Down | 10.5Mbs Up

DOCSIS 3.0 Torrent Speed Results
torrent speed

Filed under: Tech No Comments
23Feb/140

Intel Core i5 4670k + MSI Z87-G45 4.4GHz Overclock

I've been going back and forth overclocking my haswell 4670k. MSI has a built in overclocking button called overclock genie, which would take the CPU to 4GHz but I don't trust auto overclocking and I did have some crashes happen with apps and games. So after reading some more guides and seeing what others are getting with the same setup I took another stab. The results of my efforts is an extra 1GHz from 3.4GHz to 4.4GHz. Here are my settings. These can be found in the BIOS under the OC menu.

CPU ratio Mode - Fixed (makes all the cores the same speed)
CPU Ratio - 44 (44x100=4400MHz)
Ring Bus Ratio - 35 (3500MHz)
VCCIN - 1.9v (CPU input voltage)
CPU Core Voltage - 1.14v
CPU ring Voltage - Auto
All voltage modes are set to adaptive

Remember that all CPU's are different, my settings won't necessarily give you the same results even with the same hardware. I run this with a Cooler Master Hyper 212 Evo 2. Here are my temps.

Idle temp - 27-30C (82-86F)
IntelBurnTest (IBT) - 77-81C (170-177F)
Prime95 Small - 74-80C (165-176F)
Aida64 Stress Test - 64-69C (147-156F)
BattleField 4 64v64 multiplayer one round - 53-58C (127-136F)

As you can see the temperatures vary greatly depending on what you use to test. When I first ran IBT I was concerned with the high temps but after running a round of BF4 and seeing the CPU never climbed that high I felt comfortable.

More resources and guides below.
Nice in-depth guide http://www.overclock.net/t/1411077/haswell-overclocking-thread-with-statistics
General overclocking help via reddit http://www.reddit.com/r/overclocking
Very quick video guide but pretty much same settings, motherboard, and proc as I have. http://www.youtube.com/watch?v=Z4yucCk_Zrc

**Update. I think it's important to note that I have my voltages set to adaptive which means they can go up and down. I did this because I still want the power saving features of the CPU and a lower voltage and idle temperature when the PC isn't being used. But this also means my voltage climbs up under load. The highest I have seen it from testing is 1.24v and that is only under IBT and Prime95. 1.16v is where it runs under BF4 and the x264 stress test.

Filed under: Games, Tech No Comments
4Feb/142

Battlefield 4 Mantle vs DirectX Real World Benchmark Results

The reason I bought my 7970 GHz was in anticipation of Mantle, and it was on sale. But Mantle is here and BF4 has Mantle and I believe I am the perfect case study because I have the average gamer PC stock without overclocking. Because I can't afford to replace burnt out video cards and CPU's.

CPU: Core i5 4670K @ 3.8GHz (stock with turbo)
Mobo: MSI Z87-G45
GPU: Gigabyte 7970 GHz 1100MHz GPU | 1500MHz RAM (stock)
RAM: 32GB kingston meh 1600MHz
SSD: Kingston HyperX something or other
Monitor: Dell Ultra meh 24" 1920x1200

So you can see I have the average "I want to play games on ultra settings @ 1080p" PC. It cost me just under $1200 to build without the monitor. I have BF4 with the recent Mantle update and the 14.1 beta drivers installed. This is not a scientific test. In fact I was going for a more real world scenario and for my own enjoyment.

BF4 includes a new frame time logger built into the game. You simply hit ~ for the console and then type in "PerfOverlay.FrameFileLogEnable 1" and then "PerfOverlay.FrameFileLogEnable 0" to stop it after a given period of time. I simply played a round of 64/64 to get a true test since most of the time I play on the larger maps with more players. Again, not scientific. Also, if you want to see your frames drawn on screen (without fraps) you can type in "PerfOverlay.DrawFPS 1" into the console (~) screen as well.

You can also use the Battlefield 4 settings editor to do some of this. http://battlefield.realmware.co.uk/bf4-settings-editor/

And there is more info here from the BF4 blog. http://support.amd.com/en-us/kb-articles/Pages/latest-catalyst-windows-beta.aspx

When you enable the frame time logger it will create a CSV file in your /documents/Battelfield 4 folder. This CSV will have all the frames and times. Simply use Excel to avg out the GPU frame time column and then divide 1000 by your average frame time. For example 1000/12.4 = 80.6 which would be your average frames per second.

And my results...

DX11 Auto 96fps
Mantle Auto 107fps
DX11 Ultra 65fps
Mantle Ultra 80fps

And a pretty graph ...

BF4 pretty graph

As you can see my largest gain was with Ultra. Even before Mantle my PC could easily provide smooth game play, but with Mantle it's even smoother. Keep in mind this is all beta but so far the numbers are promising.

Filed under: Games 2 Comments