Software Restriction Policy: Can't Install HP Data Protector 7.03_108 on Windows 2003

During agent upgrade installation setup cancels with message(same writes su msi log on temp catalog):

[ 99] ERROR: Error 1260.Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.

[110] {16777216} Error 1260.Windows cannot open this program because it has been prevented by a software restriction policy. For more information, open Event Viewer or contact your system administrator.

Solution

Save following code example to *.reg file and apply register changes:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
"SecureRepairPolicy"=dword:00000002

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer\SecureRepairWhitelist]
"{02F80D5F-D2A7-499D-8961-77583CEF495B}"=""
"{21F107FF-FD00-477D-B49D-5C3854A39FFE}"=""
"{3B31F119-6344-4FA3-894F-8CE196858401}"=""
"{52C9F3C8-8C89-4288-95CB-86C6CB1E5BBC}"=""
"{CAEDB28E-A1E5-4E7F-88D3-D6CA4FC891C2}"=""
"{DE5100C5-E5C6-40B7-9294-FAD5F81E987F}"=""


Product codes in braces{} are for HP Data Protector 7.03 build 108 and if you have different version or another software, just obtain different product codes from isntalation *.msi files(or msi file loh in temporary user catalog like C:\DOCUME~1\your_username\LOCALS~1\Temp\ ) and put on the registry list.
Solution made using official MS KB.

/Geecoholic

EventLog: How to solve WmiApRpl and BITS errors in Event ID 1008

On Windows Server 2012 with installed SharePoint 2013 and IIS roles have repetitious in Application event log errors. Errors not critical and can be ignored but pollute events and deside cleanup.

Here typical example of Event ID 1008 generated every 15 minutes::

Log Name:      Application
Source:        Microsoft-Windows-Perflib
Date:          2016.04.23 13:15:53
Event ID:      1008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      COMPUTERNAME.DOMAIN
Description:
The Open Procedure for service "WmiApRpl" in DLL "C:\Windows\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log Name:      Application
Source:        Microsoft-Windows-Perflib
Date:          2016.04.23 13:15:53
Event ID:      1008
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      COMPUTERNAME.DOMAIN
Description:
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Solution

Launch Regedit.exe and give READ permissions to the user WSS_WPG on following registry keys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl

The is no need restart any service or server, errors just disappear.
After server restart errors come back once during startup and do not occurs later.

/Geecoholic

PowerShell: How to clear all Event Logs

Run PowerShell as an administrator and use example:

wevtutil el | Foreach-Object {wevtutil cl "$_"}

Warining! Command will clear ALL events on ALL event logs!



/Geecoholic

Tool: How to get IBM MPIO disk UID from cmd

Some times we can have many different disks from different vendors connected to several servers, and to avoid such complexity we need general identity to identify disk on all OS, applications equally.

How to obtain IBM MPIO disk UID from Windows Server where is attached IBM SAN disk?
Run the sample by opening a Command Prompt window in catalog IBM MPIO <C:\Program Files\IBM\SDDDSM> (make sure already IBM Subsystem Device Driver Device Specific Module (SDDDSM) is installed ) and typing the following command at the command prompt:

datapath query device

In cmd output find  32 digits long number after word SERIAL and that number is your UID.


/Geecoholic

Windows 2008 R2: Multiple IP's on single netwotk interface and how to change outgoing IP

I have Windows 2008 R2 server with single network interface and ip 10.10.10.17. On server runing multiple services like sql, sftp, http, https, file server. Today i added additional ip adress 10.10.10.10 and assigned only to web services, but after some time noticed that 10.10.10.10 ip are used in other services as outgoing ip. Ipconfig /all command show 10.10.10.10 ip  "above" 10.10.10.17:

Ethernet adapter INTRANET:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #2
   Physical Address. . . . . . . . . : 00-0C-EE-EE-EE-EE
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.10.10.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   IPv4 Address. . . . . . . . . . . : 10.10.10.17(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   Default Gateway . . . . . . . . . : 10.10.10.1
   DNS Servers . . . . . . . . . . . : 10.10.10.11 10.10.10.12
   NetBIOS over Tcpip. . . . . . . . : Enabled



Looks like Windows Server 2008 R2 use for outgoing traffic closest to GW ip.
Problem solved  using cmd commands:

netsh interface ipv4 delete address "INTRANET" 10.10.10.10
netsh interface ipv4 add address "INTRANET" 10.10.10.10 255.255.255.224 skipassource=true


Ipconfig /all after fix:

   IPv4 Address. . . . . . . . . . . : 10.10.10.17(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224
   IPv4 Address. . . . . . . . . . . : 10.10.10.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.224


/Geecoholic

Windows 2012 R2 restarts after lsass.exe crash

Description

We have Windows 2012 R2 server with Active Directory role, which  1-2 times in the day starts automatically restart after recorded events 1000 and 1015 to event log:

Log Name:      Application
Source:        Application Error
Date:          3/9/2016 4:37:41 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      COMPUTERNAME.DOMAIN
Description:
Faulting application name: lsass.exe, version: 6.3.9600.17415, time stamp: 0x545042fe
Faulting module name: ntdsai.dll, version: 6.3.9600.18009, time stamp: 0x55c8e51c
Exception code: 0xc0000005
Fault offset: 0x0000000000219d67
Faulting process id: 0x%9
Faulting application start time: 0x%10
Faulting application path: %11
Faulting module path: %12
Report Id: %13
Faulting package full name: %14
Faulting package-relative application ID: %15


Log Name:      Application
Source:        Microsoft-Windows-Wininit
Date:          3/9/2016 4:37:49 PM
Event ID:      1015
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      COMPUTERNAME.DOMAIN
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.



Solution

Server have all up to date fixes until 2/23/2016 and official MS KB2914387 dont' help, because  DLL file Ntdsai.dll noticed in hotfix is older and server already have more fresh version of that DLL.

We found source of restarts - OOMADs.msi(Active Directory Management Pack Helper Object) was recently installed to provide Active Directory monitoring for SCOM agent. After OOMADs.msi uninstall problem gone.

/Geecoholic

Cmd: I'm local administrator?

How to check if current logged in user has local administrator rights.

Run the sample by opening a Command Prompt window and typing the following command at the command prompt:

whoami /groups | find /i "BUILTIN\Administrators"


If any string is returned, yes you are Administrator!

/Geecoholic