AN Authentication Error has occured (0X507)

This error occured when you try to connect from your XP (SP 2 or 3) or Vista desktop to Windows 2008 TS. This is NLA error. WIndows 2008 use NLA for security reason. 

To solve this error you need to make registory changes. 

1. Click on Start and Click on RUN (if it is Vista type regedit in search)
2. Type Regedit and click OK
3. It will open registory editor
4. Click on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
5. In right hand panel right click on Security Packages and clcik Modify.
6. In box leave all value and add tspkg at end As new value. and click OK.Refer Image
7. Now click onHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
8. In right hand side panel right click on Security Provider and click Modify
9. In data add word credssp.dll as new value. Do not change any other value
8. Click OK and exit from registery Editor
9. Restart your compute

If you are responsible for maintaining Windows Terminal Server in your environment then i strongly recommend to use "Windows Server 2008 Terminal Services Resource Kit" . This book is really very helpful.
  

SEP 12.1 & Dos commands

We should be familiar with dos commands to start & stop services related to SEP.

Symantec Endpoint Protection Service is dependent on Symantec Web service so when we try to stop web service only it will stop SEPM service also.

Net stop semwebsrv

Type ‘Y’to stop the service, you can see it's stopping SEPM service first then Apache service.

To start both the services again type

Net start semsrv

IF you wish to stop only Symantec Endpoint Protection Manager Service only

Net stop semsrv

To start Symantec Endpoint Protection Manager service again

Net start semsrv

o stop Symantec Endpoint Embedded database service.

net stop sqlanys_sem5

To start it again

net start sqlanys_sem5

How to restart Shared insight cache service through command line if it’s installed.

Sc start “Shared insight cache”

Sc stops “Shared insight cache”

Sc query “Shared insight cache”



In many cases we may required to stop SEP client service to replace sylink.xml or for any other troubleshooting.

To stop SEP client service

smc -stop

After typing this command there won't be any command prompt window, SEP yellow shied icon  should disappear after typing this command.

To start SEP client service

smc -start



To disable SEP client firewall service

smc -disable –ntp

To enable client firewall service

smc -enable -ntp

If the SEP client UI is password protected:

smc -disable -ntp -p

I hope it's been informative.

Using a Command Line to Uninstall Software on Remote PCs

WMIC (Windows Management Instrumentation Command-Line) is a potent tool that often doesn't see much use due to the lack of (easily accessible) documentation available. More information can be found on WMIC here: http://technet.microsoft.com/en-us/library/bb742610.aspx. Some great switches and alternate options can be found here: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/wmic_overview.mspx. We’ll be using WMIC with domain admin credentials to crawl through a list of nodes (PCs/Laptops) and uninstall an example program without interrupting the user.

01. Load up a command shell with appropriate access permissions

Though a WMIC instruction can be given appropriate credentials prior to operation, it is typically best-practice to avoid clear-text typing the password (who is that looking over your shoulder;)). We’ll execute the runas command like the following:

Runas /user:DomainAdminAccount@DOMAIN cmd

… which will prompt us for the credentials of our DomainAdminAccount. If authenticated, we’ll be handed a command shell running as the Admin

 02.     
Verify Program Installation (an optional informative step)

With our WMIC prompt, we can ask many questions of a node (or nodes) and receive some nicely formatted replies. Though formatting the replies is beyond the scope of this "How To", much more information can be found on the internet.

So let's find out if a particular node even has our target software (Spiceworks does attempt to list this information in its software scan)

>/node:COMPUTERNAME product get name,version,vendor

This command asks WMI to reply with a list including the Name, Version, and Vendor of all compliant software installations.

If you would like to filter for a specific product, you may do so. Here's an example scanning a networked machine for all installed applications from the vendor "Apple, Inc"

>/node:ANOTHEREXAMPLE product where vendor="Apple Inc." get name,vendor

(*Note from Anders4221:
A small hint if you have special characters like '-' or '/' in the computer name you need to use ' ' characters in order to get information from client)

(**Note from Joe3034:
Here is how you use wildcards in your search:

Surround the like phrase in double quotes and your search criteria in single quotes, and use % as the wildcard symbol.

e.g.:
/node:ComputerXYZ product where "vendor like 'adobe%'" get name,version,identifyingNumber )

03. Call for the Uninstallation

So we can make a call to the WMI interface to uninstall a particular product... let's pick on the MobileMe Control Panel from our previous example. The command:

>/node:EXAMPLE product where name="MobileMe Control Panel" call uninstall

... will prompt you for confirmation in the following (long) format:

Execute (\\EXAMPLE\ROOT\CIMV2:Win32_Product.IdentifyingNumber="{6DA9102E-199F-43A0-A36B-6EF48081A658}",Name="MobileMe Control Panel",Version="2.1.0.24")->Uninstall() (Y/N/?)?

.. to which you must reply 'y' if you wish to uninstall. WMI compliant software will run the default uninstalation procedures without the user needing to do anything (they receive no prompts etc).

**Note that you may also use the
/nointeractive flag like /node:EXAMPLE product where name="MobileMe Control Panel" call uninstall /nointeractive to prevent the confirmation request!
-thx Bart2691

04. Call Uninstall for a List of Machines (an optional informative step)

Let's assume you just got word that Adobe Reader has a serious flaw in it's old version. In a panic, you asked all your users to blindly install the new version of Adobe reader straight from Adobe's site. Thankfully, they all managed to do so... however you've received 3 tickets so far about an Acrobat.com icon on the desktop.

You have a flat text file of all your computer's names stored in c:\computers.txt. You pop open a WMIC shell with appropriate permissions and enter the following command:

>/failfast:on /node:@"c:\computers.txt" product where name="Acrobat.com" call uninstall /nointeractive

Which iterates through your list, skipping nodes that are invalid (eg:machine is turned off) and those that don't meet the criteria. You'll need to confirm 'y' that you want to uninstall on every node unless you use the nointeractive flag.

* Updated Note from Bart2691
... an easy way to automate answering 'Yes'. Examples for doing it by PC or a text file is to use the /nointeractive flag. Additionally, if you don't wish to hang on failed nodes, use the /failfast:on flag to quickly skip a node that isn't responding.

** note from true911 (unconfirmed)
The correct flag is failfast:on, not fastfail:on

wmic /failfast:on /node:@"FILENAME.txt" product where "name like 'microsoft office professional edition 2003'" call uninstall /nointeractive

This for Spiceworks for this links.

Remove Leftover Office Registry Keys

Sometimes after uninstalling older versions of Microsoft Office some registry keys are left behind. This causes Spiceworks to think that those older versions of Office are still installed, even though the actual program files are all removed. You can follow the steps here to clean up those old registry keys so Spiceworks can get a proper inventory of the software on the machine.

NOTE: Please make a backup of Registry before making any changes to it. You can severely damage a machine if an incorrect edit is made.
1.Open up RegEdit

Open up RegEdit by going to Start>Run and typing "regedit" and pressing Enter or OK. You can also enter the "regedit" command into a Command Prompt to open up the editor.
   
2.Locate the Office Registry Key

Microsoft stores all of the installation information for Office Products in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\. Underneath this key you will see various version numbers, each corresponding to different versions of Office. They are as follows:


-9.0 is Office 2000
-10.0 is Office XP
-11.0 is Office 2003
-12.0 is Office 2007
-14.0 is Office 2010
   
Note : On a 64bit machine it is under HKLM\\SOFTWARE\\Wow6432Node\\Microsoft\\Office.

3.Locate the Corresponding Registration Key

Underneath each of the version number keys you should see a "Registration" key. Depending on how many Office products you have installed (Visio, Project, etc. all will be stored underneath one of those version keys) on the machine there will be multiple hashed keys present underneath the Registration key. Each of these hashed keys should have a value underneath it called "ProductName". You can use this value to correctly determine which hashed key is related to the product you want to remove.

   
4.Delete the Hashed Key

Once you have located the correct hashed registry key, delete it. As mentioned above, though, make sure you have a good backup before doing this!
   
A9909880dbc69ec638645f89f4cec6ae617b50c5bcea4b4214d520def25bbef6_hashed_key_big
Conclusion

Once you have performed the steps above run a scan on the device by either running a full network scan or a rescan underneath the Tools section of the device. Once the scan is complete you should see that the long deleted Office products are now gone from your Spiceworks Inventory. If the scan is still showing that the software is present, you might need to disable Incremental Scanning in Settings>Network Scan.

I hope this helps!

This topic are taken from Spiceworks.

Solved: “Cannot read from the source file or disk”

     One of our file shares ended up with several undelete-able files. Attempting to delete them results in “Error Deleting File or Folder – Cannot delete file: Cannot read from the source file or disk“.

Note: Windows 7′s version of this message is something like:

    Could not find this item: This is no longer located in C:\Blah. Verify the item’s location and try again.

Even going to the file’s properties to check permissions presented a very blank properties dialog. And a CHKDSK didn’t sort thing out either.

It turns out the problem was: the filename ended with a dot, e.g. it was something like “C:\Temp\Stuff\Sales Agreement.“. As far as Windows is concerned this is an invalid file name: so although it gets reported in a directory listing, the standard Windows APIs for manipulating files subsequently deny its existence.

So how did this file get created in the first place? The answer: a Mac. The file was on a file share which had been accessed by a Mac user. Macs tend to write all sorts of metadata to extra “._DSStore” files and suchlike and had left this file behind.

So if Windows doesn’t appear to allow these file names, how did they get to be created? Well, it turns out that NTFS allows all sort of file name/path weirdness that Windows, or specifically the Win32 API, doesn’t allow. For example, NTFS actually allows file paths up to 32K but Windows restricts file paths to no more than 260 characters (MAX_PATH). I suppose this is all for DOS/Windows 9x backwards compatibility. As these files were being accessed over a file share I guess the usual Win32 checks are bypassed.

But thankfully you can get Win32 to ignore these checks by prefixing your file paths with \\?\, (ie. C:\Temp\SomeFile.txt becomes \\?\C:\Temp\SomeFile.txt) which I discovered after reading this blog post about long paths in .NET.

So at a command prompt (Start > All Programs > Accessories > Command Prompt) I was able to delete the file using:

del "\\?\C:\Temp\Stuff\Sales Agreement."

    Note: On Windows 7 it seems you can just use wildcards without the \\?\ trick to delete the offending files: e.g.
    del c:\temp\somefil*

If it’s a folder/directory you’re trying to delete use the rd or rmdir command, e.g.:

rd /s "\\?\C:\Documents and Settings\User\Desktop\Annoying Folder."

Tip: as you’re typing the file/directory name use the TAB key to auto-complete the name (press TAB repeatedly to cycle through possible names).


Of course the corollary of all of this is that you could really annoy somebody by doing this:



echo Hi > "\\?\%USERPROFILE%\Desktop\Annoying file you can't delete."

Essential Command-Line Tools for Managing Active Directory

Windows Server 2008 R2 includes several tools that let you manage Active Directory from the command line. Here’s a look at the key tools and what they do.

Adprep Prepares a Windows forest or domain for installation of Windows domain controllers (DCs). To prepare a forest or a domain, use adprep /forestprep and adprep /domainprep, respectively. (Note that for Windows Server 2003 SP1 or later, a domain’s Group Policy isn’t automatically updated. To prepare Group Policy for the domain, you must use the command adprep /domainprep /gpprep. This modifies the access control entries (ACEs) for all Group Policy object (GPO) folders in the SYSVOL directory to grant read access to all enterprise domain controllers. This level of access is required to support RSoP for site-based policy. Because this security change causes the NT File Replication Service (NTFRS) to resend all GPOs to all domain controllers, you should use adprep /domainprep /gpprep only after careful planning.)

Dsadd Adds computers, contacts, groups, organizational units, and users to Active Directory. Type dsadd objectname /? at a command prompt to display help information about using the command, such as dsadd computer /?.

Dsget Displays properties of computers, contacts, groups, organizational units, users, sites, subnets, and servers registered in Active Directory. Type dsget objectname /? at a command prompt to display help information about using the command, such as dsget subnet /?.

Dsmod Modifies properties of computers, contacts, groups, organizational units, users, and servers that exist in Active Directory. Type dsmod objectname /? at a command prompt to display help information about using the command, such as dsmod server /?.

Dsmove Moves a single object to a new location within a single domain or renames the object without moving it. Type dsmove /? at a command prompt to display help information about using the command.

Dsquery Uses search criteria to find computers, contacts, groups, organizational units, users, sites, subnets, and servers in Active Directory. Type dsquery /? at a command prompt to display help information about using the command.

Dsrm Removes objects from Active Directory. Type dsrm /? at a command prompt to display help information about using the command.

Ntdsutil Allows the user to view site, domain, and server information; manage operations masters; and perform database maintenance of Active Directory. Type ntdsutil /? at a command prompt to display help information about using the command.

SQLa0000.tmp file rapidly increases

We have noticed recently that there is a temp file in C:\windows\temp called sqla0000.tmp (c:\windows\temp\sqla0000.tmp) that continuously grows over time until it completely fills the hard drive.  It seems that the file grows gradually and then on one day it balloons to fill the entire hard drive.

 This file is associated with Symantec Endpoint Manager as you need to stop the SEPM service to delete it.

I noticed that if I restart my Symantec Embedded Database service, the file shrinks tremendously. However, I have had to do this 2 times in the past 3 months.

qla000.tmp file is consuming hard drive space

http://www.symantec.com/business/support/index?page=content&id=TECH188303

Automatically Clean Up Temporary ASP.NET Files

The Problem

One of the test environments I help maintain is subject to dynamic and regular changes in .NET applications. The development team are constantly releasing new builds that are slightly different.
You may not be aware that .NET applications go through a compilation process when they first start up. I’ve also been told on application pool recycle however I haven’t confirmed this. However, after the application has been removed or updated, the compilation temporary files remain. On a test environment similar to my above scenario, a total of 50GB of disk space can be easily wasted, doing nothing. So if you’re in a similar scenario, you may need to routinely clean up these files.
I know of four locations where these files can build up:

• C:\Windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files
• C:\Windows\Microsoft.NET\Framework64\v1.1.4322\Temporary ASP.NET Files
• C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
• C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
• C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
• C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

If you application pools run in 64bit mode, you’ll find the “Framework64″ locations more applicable. If your application pools use 32bit mode, you’ll need to consider the “Framework” locations.

A Few Notes

A reminder that files in these locations are normal. Don’t go over the top trying to clean them up.
It should be noted that while the files are in use by the web server, you will not be able to delete them – this is fine; the goal is to clean up unused files.
You should also be aware the next time the application fires up, on app pool start, the application will re-compile again. This may lead to a longer than average initial page load. If this is of concern, consider only removing files that are older than 30 days.
Of course, this script is provided as is. You should test it thoroughly in a test environment before use in production (though I certainly do).

How to logoff remote desktop sessions via command line tools?

        In Windows servers, only two remote desktop sessions allowed with administrative access. There are situations, you can’t connect to the server via remote desktop because of two sessions already active.  You may have seen this dialog box. ("Remote Desktop Disconnected", "This computer can’t connect to the remote computer")

 
     Usually Windows Administrators, open "Terminal Services Manager" (in Administrative tools), connect to the problematic server and log off the unwanted sessions.  There are easy ways if you love command line based tools.

Query the Remote Server for Current Terminal Sessions

To query and list the sessions on the remote session, you could use QUser.exe or QWinst

QUser

QUser command comes with all the latest Windows clients and servers. This will list the sessions of the remote server (or local machine).

NOTE: if you are using Windows XP, you need to add this location into your System path: C:WindowsSystem32DLLCache. To do this, in command prompt, type the following.

SET PATH = %PATH%;C:WindowsSystem32DLLCache;

QUser help shows,

C:>QUser /?
Display information about users logged on to the system.

QUERY USER [username | sessionname | sessionid] [/SERVER:servername]

  username            Identifies the username.
  sessionname         Identifies the session named sessionname.
  sessionid           Identifies the session with ID sessionid.
  /SERVER:servername  The server to be queried (default is current). 

 QWinsta

QWinsta is little different and better. It has more features and options. It comes with all flavors of Windows.  QWinsta command line help displays as,

    C:>qwinsta /?
    Display information about Terminal Sessions.

    QUERY SESSION [sessionname | username | sessionid]
                  [/SERVER:servername] [/MODE] [/FLOW] [/CONNECT] [/COUNTER]

      sessionname         Identifies the session named sessionname.
      username            Identifies the session with user username.
      sessionid           Identifies the session with ID sessionid.
      /SERVER:servername  The server to be queried (default is current).
      /MODE               Display current line settings.
      /FLOW               Display current flow control settings.
      /CONNECT            Display current connect settings.
      /COUNTER            Display current Terminal Services counters information.
Logoff the Remote Sessions

To Log off the terminal session of the remote server, you can use any one of two command line tools. One of LOGOFF and another one is RWINSTA. Before you log off the remote session, you should know the "Session ID" which you get it from "QUSER" OR "QWINSTA" commands as above stated.

 Logoff

Logoff command kicks off (logging off) the specified remote session. Log off help shows,

    C:>logoff /?
    Terminates a session.

    LOGOFF [sessionname | sessionid] [/SERVER:servername] [/V]

      sessionname         The name of the session.
      sessionid           The ID of the session.
      /SERVER:servername  Specifies the Terminal server containing the user
                          session to log off (default is current).
      /V                  Displays information about the actions performed.

 RWinsta

RWinsta has same parameters and does same thing as log off command. It simply means Reset WINdows STAtion. The help goes as,

    C:>RWinsta /?
    Reset the session subsytem hardware and software to known initial values.

    RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]

      sessionname         Identifies the session with name sessionname.
      sessionid           Identifies the session with ID sessionid.
      /SERVER:servername  The server containing the session (default is current).
      /V                  Display additional information.

View Dell Service Tags

It's not always convenient to run to the server room to try to find the Dell Service Tag on your machine, especially if you're tied to your phone on a tech support call. Here is how you can remotely find that tag.


1. C:\>wmic bios get serialnumber

Enter this into the command prompt and it will give you the Service Tag of your Dell System.
   
2. C:\>wmic /user:[username] /node:[computername] bios get serialnumber

The above command will return the Service tag for a remote computer if you don't have access to a remote desktop connection.
   
3. For Linux

dmidecode -s system-serial-number

This command will do the same thing if your box is running a Linux distrobution.