Notes

Copying files with messed up permissions

I love robocopy! I got a lot of "permission denied" errors when trying to copy some files with messed up permissions on another volume. Using robocopy's /b parameter, I was able to copy the files regardless of the permissions. Very nice!

Published on 2023-01-23, 16:10 +0000

Inside Windows 3

Found a nice article about the architecture of Windows 3.x:

Inside Windows 3

Published on 2023-01-16, 20:43 +0000

Ping losses in CheckMK

I had to replace a non-working Icinga, so I decided to give CheckMK a try. Although the configuration workflow is a little bit different to other solutions, it is a nice monitoring tool.

When monitoring some hosts behind a firewall, I got a lot of error messages for the PING service:

CRITICAL - 10.0.0.1: rta nan, lost 100%

The strange thing was that host was marked as UP, only the service showed that behaviour.

Because some of the hosts were connected using IPsec, I tried to change the timeout values, but it had no effect.

In the end, the solution was simple: CheckMK generated lots of ICMP packets and so they were blocked by the firewall (a Sophos UTM). I created a bypass rule for the CheckMK host in both directions and the problems were gone :)

Published on 2023-01-14, 16:28 +0000

Cleaning up a WSUS database

We thought it was a good idea to include drivers in our WSUS. Well, it wasn't… WSUS downloaded tens of thousands of drivers which caused the database to grow larger than 10 GB (we're using MSSQL Express instead of WID). This made our primary WSUS and a downstream server stop working. The cleanup wizard wasn't working anymore, because MSSQL Express didn't allow to do anything with the database. Shrinking the database using SQL Management Studio didn't work either.

I know it is pretty easy to setup just a new WSUS, but I didn't want to lose all the settings and the approved updates. So I tried to find a way to cleanup the database. The downstream was not that problem, because it was a replica.

First thing was stop WSUS and IIS and to copy the database to another server where a licensed MSSQL was running. I attached it and gave the computer account (like mycompany.local\my-wsus$) the db_owner and the webService roles. Then I edited the following registry value to point to the other MSSQL server:

HKLM\SOFTWARE\Microsoft\UpdateServices\Server\Setup\SqlServerNameStart

After restarting the WSUS and IIS services, I was able to start the WSUS MMC and to see all the settings. So I had a working WSUS again and now could try to remove the drivers. Of course I turned off the setting that made WSUS download drivers ;)

Just to decline the drivers didn't work. The metadata was still in the database. Luckily, I found a german article providing some PowerShell snippets that actually delete the metadata from the database.

First I initialized the connection to the WSUS server:

[String]$WsusServer = "my-wsus"
[Boolean]$UseSSL    = $False
[Int32]$PortNumber  = 8530
[void][System.Reflection.Assembly]::LoadWithPartialName("Microsoft.UpdateServices.Administration")
$wsus = [Microsoft.UpdateServices.Administration.AdminProxy]::GetUpdateServer($WsusServer,$UseSSL,$PortNumber)

Now I could delete the drivers from the database (note that even on a german operating system, I had to use the english term "Drivers"):

$wsus.GetUpdates() | 
Where {$_.UpdateClassificationTitle -eq "Drivers"} | 
ForEach-Object {$wsus.DeleteUpdate($_.Id.UpdateID);Write-Host $_.Title "is removed."}

This removed all the metadata of the drivers from the database. This removed nearly 3 GB of data from the database and I was able to shrink it.

I gained another GB by removing the language packs I accidentally downloaded some months ago:

$wsus.GetUpdates() | 
Where {$_.Title.contains("Language Pack")} |
ForEach-Object {$wsus.DeleteUpdate($_.Id.UpdateID);Write-Host $_.Title "is removed."}

I repeated the step above with the terms Language Interface Pack and Language Features.

After that, the database was down to 7 GB and I was able to attach it to MSSQL Express.

As a last step, I reset the replica by first removing the database and the repository and then running wsusutil:

wsusutil postinstall SQL_INSTANCE_NAME=my-replica\sqlexpress CONTENT_DIR=D:\WSUS

I did it :) Both the primary WSUS and the replica were working again!

Published on 2022-12-23, 15:56 +0000

Wrong advice: Reseeding is not defragmenting

I once visited a trainig course for Microsoft Exchange where the teacher said that you can defrag an Exchange database by simpling removing a DAG copy and then reseed it. This sounded much better than offline defrag, where you have to take the database offline.

It sounds logical, but it doesn't work. I tried it using a database that has no mailboxes anymore (I previously used that database for a forest migration), Get-MailboxDatabase showed that there was a lot of free space (AvailableNewMailboxSpace). I reseeded the database using Update-MailboxDatabaseCopy. But the reseeded copy had the same size as the original.

Nice idea, but it doesn't work.

Published on 2022-12-13, 20:39 +0000