A quick way of finding out where your FSMO roles reside

 

A nice and simple blog post today, based on finding out where your FSMO roles lie, using just the command prompt. This is useful in a couple of different situations, namely:

 

  • You don’t want to spend a long time using MMCs / Active Directory Users and Computers to figure out where each of the FSMO roles are.
  • You don’t have easy access to MMCs – for example you are using Windows Server 2008 Core

 

This command works on both Windows Server 2003 as well as Server 2008 / R2.

Simply type the following in your command prompt window on one of your domain controllers:
netdom query fsmo

 

Your output should be something like the following, listing the servers which hold each FSMO role.

Modify your NIC MTU size setting in Windows Registry

A quick and easy blog post today on how to modify your NIC MTU (Maximum Transmission Unit) size setting in the Windows Registry.

By default your MTU won’t be defined in registry. Microsoft state that (Link):

The MTU is usually determined by negotiating with the lower-level driver. However, this value may be overridden.

To change your MTU setting in Windows Server 2003 or 2008 use the following steps:

  • Open regedit as an administrator account on the server in question.
  • Navigate to HKLM\System\CurrentControlSet\services\Tcpip\Parameters\Interfaces\[Choose the interface in question] (Do this by checking the correct IP address is in the settings under this key for the adapter you are configuring)
  • Once you are in the correct key for your interface, right-click and select new DWORD value (32 bit).
  • Call it MTU
  • Give this a decimal value equal to the setting you would like your MTU to be (measured in bytes).

For more information about Maximum Transmission Unit sizes, have a look at the official Wikipedia article.

Here is a screenshot of an MTU setting I made on this server using 1400 bytes as an example. This would obviously be tuned to whatever amount you are wanting to use for your NIC and specific application settings.

Allow ICMP / ping response on a Windows Server 2008 or 2008 R2 machine

A very quick blog post today, seeing as though I have run this command on about 4 or 5 new servers I have deployed today. To allow a server to respond to incoming ICMP traffic (ping) you can issue the following command in the command prompt. Do this as an administrator of course!
netsh firewall set icmpsetting 8

Your machine should now respond to pings. You can also do this via the Windows firewall GUI but I find the command to be the quickest and easiest way of achieving this.

How to officially deactivate a Windows 2008 R2 RDS licensing server and remove RDS CALs

This post will explain how to remove Remote Desktop Services Client Access Licenses.

I just got off the phone with Microsoft after wanting to remove some RDS CALs (Formerly known as TS CALs) from a Windows 2008 R2 Terminal Server (Now called Remote Desktop Server). After initially  looking this up, a Technet article mentioned needing to use the Remote Desktop Services Windows Management Instrumentation (WMI) provider. However clicking the link popped up a page stating that the document they refer you to was not available yet. (Not very helpful Technet). The other option in the Technet article mentioned deactivating the licensing server as another option. However when I tried this, followed by a reactivation of the licensing server, the old RDS CALs were still there.

So to get this done here is the process we followed:

1. Open the RD Licensing Manager.

2. Select the Server name, right-click it and then choose Properties. Switch connection method to Telephone and choose your Country. Note – if you want you could also use Internet as connection manager. I did Telephone as I had a guy from the Clearing House / Licensing department on the line already. Click OK to confirm.

3a. Right-click the server name again, go to Advanced, then choose “Deactivate Server”. Run through the wizard. With telephone selected I had to read out a deactivation number. The consultant then read out a confirming code that I entered into the wizard. After this I finished the Wizard which deactivated the Licensing.

b. Next, re-activate the License server – right-click the server name, select Activate, read out the codes in the wizard and enter the key they give back to you. (Or just use the Internet activate method). I needed to close the RD Licensing console at this stage.

4. So next up I launched the Services console (Start -> Run, type services.msc and click OK). Go down to Remote Desktop Licensing, right-click it and choose “Stop” to stop the service.

5. Navigate to C:\Windows\System32\lserver and look for the “TLSLic.edb” file. Delete this file. (I would make a backup just in case you wanted it back for some reason).

6. Start the Remote Desktop Licensing service again. (Right-click service and choose “Start”).

7. The Service should start correctly.

8. Launch the RD Licensing console again (you should have closed it at the end of step 3). Your previous licenses should be gone now.

9. Right-click the server and choose “Install Licenses”. Go through the wizard to get the correct RDS CALs installed. You won’t be violating any Microsoft licensing agreements because you deleted your previous RDS CALs. Once everything is working again, delete your backup of your old RDS CALs (the .EDB file that you backed up).

That is it. You should now have removed your old RDS CALs and installed new RDS CALs. Note that no users will be able to login to this RDSH server whilst there are no CALs in place, so do this as planned down time.

DNS for tld’s not working on SBS 2008 when using root hints

After one day, you may find your Windows 2008 DNS Server is unable to resolve names in some top level domains (TLD’s) like .co.uk, .cn, and .br when it is configured to use root hints. This may also be seen with other top level domains too. According to Microsoft, a network monitor trace should show that the DNS Server does not send any DNS traffic out to the internet. The Windows 2008 DNS server returns SERVFAIL to the client or when using nslookup. I have not used Network Monitor to verify this myself, but I am sure if you loaded it up and used this MS KB to set up a trace that you would be able to verify this symptom.
Workarounds include restarting the DNS server, clearing the DNS cache, setting maxcachettl to 2 days or greater, and using DNS Forwarders instead of root hints.

 

This currently occurs with default SBS 2008 installs that have been configured to use root hints for DNS lookup. I have recently noticed this behaviour myself with two different SBS 2008 installs.

 

If you want to use root hints, you can set the maxcachettl registry value on the Windows 2008 DNS Server as follows:
1. Start Registry Editor (Regedit.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters
3. On the Edit menu, click New, click DWORD (32-bit) Value and then add the following value:
Value: MaxCacheTtl
Data Type: DWORD
Data value: 0x2A300 (172800 in decimal = 2 days)
4. Click OK.
5. Quit Registry Editor.
6. Restart the DNS server.

 

Another way to get around this issue is to use the following method (I personally prefer this way):

1. Open up DNS under Administrative tools from the SBS server’s start menu.
2. Right click on the server name and select Properties.

 

dns-console1

 

3. Go to the Forwarders tab and click on the “edit” button.
4. Enter the primary DNS address of your ISP (In this case mine was BT so I used 194.72.0.98) and click Ok.
5. The forwarders section will now attempt to automatically resolve the FQDN for that IP. (Note you can also probably enter your router’s IP address in the forwarders section which should then get your SBS to look to the router for DNS information).

 

dns-console-properties

 

6. Click Ok to close the properties window and then close your DNS console.

 

DNS lookups for the TLDs should now be working again. If not, stop and restart DNS or give the server a reboot.