Prev: How to prevent GPF dialogs for admins
Next: cannot issue a client license???
From: Dances with Servers on 21 Nov 2009 04:36
Hello!

We have a new TS2008 server that is hideously broken.

Yesterday morning the users reported that it stated running slowly, then
everyone's excel sessions crashed out. All users had to be forcibly
logged off / disconnected via admin on server.

The server was rebooted, and all hell broke loose.

Initially, even administratpr was unable to connect. I was able to log
in via a lights-out console to investigate. I found that administrator
didn't have any administrative access. Adding that user to the
administrators group allowed me to connect via TS again. Once in, there
were many issues, e.g. network properties would not display &c. I had to
add the various system and service accounts to the administrators group
and that resolved a lot of issues.

However, some issues still remain. The box is (and I know this is a Very
Wrong Thing, but I just do what I'm told) a DC and exchange server as
well as a TS box. Exchange IS will no longer load, throwing the
following errors:

Log Name: Application
Source: MSExchangeIS
Date: 21/11/2009 7:29:23 PM
Event ID: 1180
Task Category: Content Engine
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.contoso.local
Description:
Error 0x80040605 initializing the Microsoft Exchange Server Internet
Conversion Library.

Log Name: Application
Source: MSExchangeIS
Date: 21/11/2009 7:29:23 PM
Event ID: 5000
Task Category: General
Level: Error
Keywords: Classic
User: N/A
Computer: SERVER01.contoso.local
Description:
Unable to initialize the Microsoft Exchange Information Store service.
- Error 0x80040605.

The worst of it, though, is no longer being able to log into terminal
services. The administrator user doesn't appear to have any major
problems, but any other user can connect, watch it go through the
startup, and then it sits there with the default blue screen but no
desktop once the "preparing your desktop" message clears. Userinit runs
and then terminates, only processes running in that session after that
are dwm and rdpclip - no explorer.

I asked if they'd done anything and the only change they have made to
the srver is reconfiguring office to include document imaging. I have
tried checking permissions (they all seem fine, but I could be wrong),
re-creating profiles, adding users to the administrator group, and
crying softly into a glass of scotch.

If anybody has any ideas that might help, I would be eternally grateful.

All the best,
Matthew.
From: Dances with Servers on 21 Nov 2009 10:42
Hank Arnold wrote:
> Dances with Servers wrote:
>> Hello!
>>
>> We have a new TS2008 server that is hideously broken.
>> [...]
>> crying softly into a glass of scotch.
>>
>> If anybody has any ideas that might help, I would be eternally grateful.
>>
>> All the best,
>> Matthew.
>
> http://eventid.net/display.asp?eventid=1180&eventno=3961&source=MSExchangeIS&phase=1
>
>
> http://eventid.net/display.asp?eventid=5000&eventno=499&source=MSExchangeIS&phase=1

Thankyou for the links; I should have stated I'm beating my head against
a 2008/2007 set up.

For those playing along at home: after going through secpol and ensuring
all rights were assigned to correct accounts, opening up permissions
on the users and profile shares (probably a lttle too open; going to
have to lock them down again) and various other desperate actions I
found that for reasons unknown the reverse DNS zone was gone. No idea
how it got to be gone, but the important thing is that re-creating it
has allowed users to log into their terminal sessions again.

All I have to do now is figure out why the information store isn't
loading (or the SA, or the exchange hosting service) and I can go to bed...
From: Lanwench [MVP - Exchange] on 21 Nov 2009 13:01
Dances with Servers <danceswithservers(a)nospam.nospam> wrote:
> Hank Arnold wrote:
>> Dances with Servers wrote:
>>> Hello!
>>>
>>> We have a new TS2008 server that is hideously broken.
>>> [...]
>>> crying softly into a glass of scotch.
>>>
>>> If anybody has any ideas that might help, I would be eternally
>>> grateful. All the best,
>>> Matthew.
>>
>> http://eventid.net/display.asp?eventid=1180&eventno=3961&source=MSExchangeIS&phase=1
>>
>>
>> http://eventid.net/display.asp?eventid=5000&eventno=499&source=MSExchangeIS&phase=1
>
> Thankyou for the links; I should have stated I'm beating my head
> against a 2008/2007 set up.
>
> For those playing along at home: after going through secpol and
> ensuring all rights were assigned to correct accounts, opening up
> permissions on the users and profile shares (probably a lttle too open;
> going to
> have to lock them down again) and various other desperate actions I
> found that for reasons unknown the reverse DNS zone was gone. No idea
> how it got to be gone, but the important thing is that re-creating it
> has allowed users to log into their terminal sessions again.
>
> All I have to do now is figure out why the information store isn't
> loading (or the SA, or the exchange hosting service) and I can go to
> bed...

I would have a serious talk with your bosses. Running TS on anything other
than a dedicated member server is running with scissors - and allowing users
to log into your Exchange box or DC is flat out stupid. Apart from the
security risks, you've probably installed desktop apps on your DC/Exchange
box, rendering it less stable, and you can't do any of the necessary user
environment lockdowns on this server because of what it runs.Yes, I know you
know this, but apparently your bosses don't. I hope you have your objections
in writing. ;)

If your budget can't permit for a dedicated box (or you don't have the
resources to run TS in a virtual server on existing hardware) get an SSL VPN
appliance and let users RDP to their own desktops from outside. That works
perfectly well. Then they can save their pennies and get a shiny new TS box.



From: Dances with Servers on 21 Nov 2009 19:38
Lanwench [MVP - Exchange] wrote:
> Dances with Servers <danceswithservers(a)nospam.nospam> wrote:
>> Hank Arnold wrote:
>>> Dances with Servers wrote:
>>>> Hello!
>>>>
>>>> We have a new TS2008 server that is hideously broken.
>>>> [...]
>>>> crying softly into a glass of scotch.
>>>>

>
> I would have a serious talk with your bosses. Running TS on anything other
> than a dedicated member server is running with scissors - and allowing users
> to log into your Exchange box or DC is flat out stupid.

Tell me about it :\ The problem with a lot of smaller sites is that they
basically want SBS + TS, all on one box to save money on hardware. Often
it works OKish, but as soon as anything goes wrong it tends to bite them
pretty quickly. If they'd separated the roles, then at least having
one system go down wouldn't have brought their whole operation to a halt :\
From: David Shen [MSFT] on 22 Nov 2009 21:27
Hello customer,

The managed support service of the newsgroup
microsoft.public.windows.terminal_services is now available instead on
Terminal Service forum:
http://social.technet.microsoft.com/Forums/en-US/winserverTS/threads .
Would you please repost the question in the forum with the Windows Live ID
used to access your Subscription benefits? Our engineers will assist you in
the new platform.

The web link http://technet.microsoft.com/en-us/subscriptions/ms788697.aspx
introduces more information about the migration. In the future, please post
your Print-related questions directly to the forums. If you have any
questions or concerns, please feel free to contact us: tngfb(a)microsoft.com

David Shen
Microsoft Online Technical Support

 |  Next  |  Last
Pages: 1 2
Prev: How to prevent GPF dialogs for admins
Next: cannot issue a client license???